Again AVG warning but the program ran. Here is the log:
ComboFix 11-04-08.01 - Utilizador 09-04-2011 22:09:48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1022.637 [GMT 4,5:30]
Executando de: c:\documents and settings\Utilizador\Ambiente de trabalho\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Utilizador\Ambiente de trabalho\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-09 to 2011-04-09 ))))))))))))))))))))))))))))
.
.
2011-04-08 18:55 . 2011-04-08 18:55 -------- d-----w- C:\_OTL
2011-04-07 14:13 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-07 14:13 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-07 14:13 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-07 14:13 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-07 14:13 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-07 14:13 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-07 14:13 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-07 14:13 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-07 14:13 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-07 14:13 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-07 14:12 . 2011-04-07 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-07 13:55 . 2011-04-07 19:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-07 13:55 . 2011-04-07 13:55 -------- d-----w- c:\programas\Hitman Pro 3.5
2011-04-07 13:54 . 2011-04-07 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-07 12:57 . 2011-04-07 12:57 -------- d-----w- c:\programas\ESET
2011-04-07 12:25 . 2011-04-07 12:25 -------- d-----w- c:\programas\AVAST Software
2011-04-07 09:41 . 2010-12-20 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 09:41 . 2011-04-07 09:41 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2011-04-07 09:38 . 2010-12-20 13:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 09:20 . 2011-04-07 09:20 -------- d-----w- c:\documents and settings\Utilizador\Application Data\Malwarebytes
2011-04-07 08:37 . 2011-04-07 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-07 07:43 . 2011-04-07 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-04-07 07:43 . 2011-04-07 07:43 -------- d-----w- c:\programas\Alwil Software
2011-04-06 18:37 . 2011-04-07 08:22 -------- d-----w- c:\documents and settings\Administrador
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
[-] 2009-02-27 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-02-27 . 7847E2A6B90729DE0ADC71033F2BE590 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\programas\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\programas\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Utilizador\Menu Iniciar\Programas\Arranque\
Inicia‡Æo R*pida do Microsoft Office OneNote 2007.lnk - c:\programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Öndice do OneNote.onetoc2 [2010-8-31 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^PC Health.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\PC Health.lnk
backup=c:\windows\pss\PC Health.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 11:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Programas\\iTunes\\iTunes.exe"=
"c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07-04-2011 18:43 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07-04-2011 18:43 301528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [21-05-2009 12:31 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07-04-2011 18:43 19544]
S2 Tmesrv;Tmesrv3;c:\programas\TOSHIBA\TME3\TMESRV31.EXE [21-05-2009 12:31 118784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-05-2009 11:35 1684736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 00:02 128512 ----a-w- c:\windows\system32\advpack.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{1BB5BD40-03C6-418F-95E6-5D2A018F5870}.job
- c:\windows\system32\msfeedssync.exe [2009-02-27 00:01]
.
.
------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Tempo para conclusão: 2011-04-09 22:20:01
ComboFix-quarantined-files.txt 2011-04-09 17:49
.
Pré-execução: 50.029.883.392 bytes livres
Pós execução: 50.027.892.736 bytes livres
.
- - End Of File - - 2589CC4DBDE7D342B04B92B8F0EBABB1
ComboFix 11-04-08.01 - Utilizador 09-04-2011 22:09:48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1022.637 [GMT 4,5:30]
Executando de: c:\documents and settings\Utilizador\Ambiente de trabalho\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Utilizador\Ambiente de trabalho\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-09 to 2011-04-09 ))))))))))))))))))))))))))))
.
.
2011-04-08 18:55 . 2011-04-08 18:55 -------- d-----w- C:\_OTL
2011-04-07 14:13 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-07 14:13 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-07 14:13 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-07 14:13 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-07 14:13 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-07 14:13 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-07 14:13 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-07 14:13 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-07 14:13 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-07 14:13 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-07 14:12 . 2011-04-07 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-07 13:55 . 2011-04-07 19:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-07 13:55 . 2011-04-07 13:55 -------- d-----w- c:\programas\Hitman Pro 3.5
2011-04-07 13:54 . 2011-04-07 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-07 12:57 . 2011-04-07 12:57 -------- d-----w- c:\programas\ESET
2011-04-07 12:25 . 2011-04-07 12:25 -------- d-----w- c:\programas\AVAST Software
2011-04-07 09:41 . 2010-12-20 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 09:41 . 2011-04-07 09:41 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2011-04-07 09:38 . 2010-12-20 13:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 09:20 . 2011-04-07 09:20 -------- d-----w- c:\documents and settings\Utilizador\Application Data\Malwarebytes
2011-04-07 08:37 . 2011-04-07 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-07 07:43 . 2011-04-07 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-04-07 07:43 . 2011-04-07 07:43 -------- d-----w- c:\programas\Alwil Software
2011-04-06 18:37 . 2011-04-07 08:22 -------- d-----w- c:\documents and settings\Administrador
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
[-] 2009-02-27 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-02-27 . 7847E2A6B90729DE0ADC71033F2BE590 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\programas\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\programas\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Utilizador\Menu Iniciar\Programas\Arranque\
Inicia‡Æo R*pida do Microsoft Office OneNote 2007.lnk - c:\programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Öndice do OneNote.onetoc2 [2010-8-31 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^PC Health.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\PC Health.lnk
backup=c:\windows\pss\PC Health.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 11:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Programas\\iTunes\\iTunes.exe"=
"c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07-04-2011 18:43 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07-04-2011 18:43 301528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [21-05-2009 12:31 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07-04-2011 18:43 19544]
S2 Tmesrv;Tmesrv3;c:\programas\TOSHIBA\TME3\TMESRV31.EXE [21-05-2009 12:31 118784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-05-2009 11:35 1684736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 00:02 128512 ----a-w- c:\windows\system32\advpack.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{1BB5BD40-03C6-418F-95E6-5D2A018F5870}.job
- c:\windows\system32\msfeedssync.exe [2009-02-27 00:01]
.
.
------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Tempo para conclusão: 2011-04-09 22:20:01
ComboFix-quarantined-files.txt 2011-04-09 17:49
.
Pré-execução: 50.029.883.392 bytes livres
Pós execução: 50.027.892.736 bytes livres
.
- - End Of File - - 2589CC4DBDE7D342B04B92B8F0EBABB1