Today i started having a problem in my computer. I tried to scan the system with Spybot, but the exe file coudn´t be found, the same problem i had later on with avg. I tried uninstalling and reinstalling, but i kept having the same problem. I also tried loading windows with safe mode, but again i had problems. I checked my system with panda online antivirus and the registry with hijackthis. I'm posting the log for both softwares.

I really hope you can help me with this problem!!!!

Thanks!


Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15:22:30, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\arquivos de programas\asus\Probe\AsusProb.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe
C:\Arquivos de programas\ATnotes\ATnotes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Arquivos de programas\uTorrent\utorrent.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\User\Meus documentos\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\WINDOWS\system32\slserv.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
C:\Arquivos de programas\Winamp\winamp.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [ASUS Probe] c:\arquivos de programas\asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [3telefonica.BlockedAlerts] "C:\Documents and Settings\User\Meus documentos\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" -URL=file://C:/Documents and Settings/User/Meus documentos/Assistente Tecnico Speedy/vendors/telefonica/content/template/driven_dev/BroadBandAsst/SB_Template/modificarRul.html
O4 - HKCU\..\Run: [ATnotes.exe] C:\Arquivos de programas\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TerraVOIP] C:\Arquivos de programas\Terra VOIP\TerraVOIP.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Arquivos de programas\uTorrent\utorrent.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Documents and Settings\User\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?dc575f8054f843329b37590e53f3c865
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?dc575f8054f843329b37590e53f3c865
O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1F831FAD-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Arquivos de programas\AutoCAD 2002 Brs\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Arquivos de programas\AutoCAD 2002 Brs\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE56372D-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Arquivos de programas\AutoCAD 2002 Brs\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Arquivos de programas\AutoCAD 2002 Brs\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{07F9F600-2F33-477A-92A3-CD36A2913B67}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{07F9F600-2F33-477A-92A3-CD36A2913B67}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{07F9F600-2F33-477A-92A3-CD36A2913B67}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Panda Antivirus



Incident Location

Virus:W32/Bagle.LA.worm Operating system
Hacktool:rootkit/mhook hkey_local_machine\system\currentcontrolset\services\m_hook
Virus:w32/bagle.hx.worm Operating system
Dialer:dialer.gzt hkey_current_user\software\hbt
Potentially unwanted tool:application/funweb hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/mywebsearch hkey_classes_root\clsid\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Adware:adware/fastvideoplayer Windows Registry
Spyware:Cookie/YieldManager C:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@ad.yieldmanager[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@ig.com[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@terra.com[2].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@uol.com[2].txt
Virus:Trj/Mitglieder.MF C:\Documents and Settings\User\Configurações locais\Temp\~10.exe
Virus:W32/Bagle.LA.worm C:\Documents and Settings\User\Configurações locais\Temp\~11.exe
Virus:Trj/Mitglieder.MF C:\Documents and Settings\User\Configurações locais\Temp\~2.exe
Virus:W32/Bagle.LA.worm C:\Documents and Settings\User\Configurações locais\Temp\~3.exe
Virus:Trj/Mitglieder.MF C:\Documents and Settings\User\Configurações locais\Temp\~4.exe
Virus:W32/Bagle.LA.worm C:\Documents and Settings\User\Configurações locais\Temp\~5.exe
Virus:Trj/Mitglieder.MF C:\Documents and Settings\User\Configurações locais\Temp\~E.exe
Virus:W32/Bagle.LA.worm C:\Documents and Settings\User\Configurações locais\Temp\~F.exe
Spyware:Cookie/Atwola C:\Documents and Settings\User\Cookies\user@atwola[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Cookies\user@de.uol.com[1].txt
Spyware:Cookie/Go C:\Documents and Settings\User\Cookies\user@go[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Cookies\user@ig.com[1].txt
Spyware:Cookie/Overture C:\Documents and Settings\User\Cookies\user@overture[2].txt
Spyware:Cookie/Serving-sys C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Cookies\user@terra.com[2].txt
Spyware:Cookie/Toplist C:\Documents and Settings\User\Cookies\user@toplist[2].txt
Spyware:Cookie/Com.com C:\Documents and Settings\User\Cookies\user@uol.com[1].txt
Spyware:Cookie/Yadro C:\Documents and Settings\User\Cookies\user@yadro[2].txt
Spyware:Cookie/2o7 C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Tribalfusion C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Atlas DMT C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Doubleclick C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adserver C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/YieldManager C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/WebtrendsLive C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/HotLog C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Reliablestats C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Winantivirus C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/Comclick C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/PointRoll C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atwola C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Serving-sys C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/2o7 C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Overture C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Serving-sys C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Yadro C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Bridgetrack C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Com.com C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[de.uol.com.br/]
Spyware:Cookie/Server.iad.Liveperson C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\5w5ll9p3.default\cookies.txt[server.iad.liveperson.net/hc/16847762]
Hacktool:HackTool/SRunner.B C:\WINDOWS\system32\nstalador.exe

Hi gabriel_kuajara and welcome to the forums :)

You got infections...

One or more of the identified infections is a backdoor trojan :sick:
You also have a rootkit there.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but I can't promise that we'll get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb:

Mr_JAk3, thanks for the info!

you know, i rather try to clean the system, it's always a headache to reinstall the O.S.

I was checking on the internet and i found the mcafee has a rookit detector that seems to be very effective. Do you think it can help me getting rid of the rootkit in my system?

Thanks again for the help:bigthumb:

Hi :)

I'll be happy to help you with the cleaning...

Please don't use any P2P programs during the cleaning.

We'll start with GMER which is a rootkit detector.

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.majorgeeks.com/GMER_d5198.html

Unzip it and start the GMER.exe
Click the Rootkit tab and check all the boxes on the rigth hand side exect the "Show all" box.
Click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply. You may need to use several messages so that you can post everything. If the log is very long, you may upload it to rapidshare (http://www.rapidshare.com) and post the link to me

Warning ! Please, do not select the "Show all" checkbox during the scan.

Mr_JAk3

Here is the link for the rapidshare file with the results for my system's scan. It's a txt file.

http://rapidshare.com/files/11250147/Novo_a__Documento_de_texto.txt

Regards.

Gabriel

Hi, please make a new scan with gmer but make sure you have all the following boxes checked (right hand side):

System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry, Files

Or let me know if they were already checked on the first run :bigthumb:

If not, please post a fresh log :bigthumb:

Hi, all those boxes were checked when I scanned my system.:bigthumb:

Ok good :)

Generate a HijackThis Startup list:
Open HijackThis: Click on "Open the Misc Tools Section"
Check the following boxes to the right of "Generate StartupList Log": List also minor sections (Full)
List empty sections (Complete)
Click "Generate StartupListLog"
Click "Yes" at the prompt.
A Notepad window will open with the contents of the HijackThis Startup list displayed
Copy & Paste that log to here

You may need to use several messages so that you can post everything.

:bigthumb:

How is it going gabriel_kuajara. :)

This topic is closed due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.