View Full Version : llehs.com popups
I'm having a problem with multiple llehs.com popups. There is a strange megaclick.com error page too. I had a expired Norton Anti-Virus Corporate Edition so I uninstalled it and installed AVG Anti Virus and Anti Spyware. Both of them get viruses all the time in normal and safe mode, but they always come back. I've already detected SHeur.ZQ, something.Generic5.QB, something.Generic4.ZQI and some downloaders.
I've already opened msconfig and turned on all startup itens. I also downloaded HijackThis V1.99.1 and renamed it's exe file. Follows its log file. I've also downloaded and ran vundofix and it removed some files but returned me no log file.
I'd appreciate a lot your help.
Logfile of HijackThis v1.99.1
Scan saved at 22:45:39, on 20/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Hijackthis\sacnner.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4400D65A-80E3-4E27-8741-3EA15E64F548} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqnnmm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerfootball.terra.com.br/applet/PowerLoader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127491708265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqnnmm - ssqnnmm.dll (file missing)
O20 - Winlogon Notify: WB - C:\ARQUIV~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrvc32 - C:\WINDOWS\SYSTEM32\winrvc32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Hi Mug6489
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
- vundofix report
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 08:57:31, on 21/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Hijackthis\sacnner.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4400D65A-80E3-4E27-8741-3EA15E64F548} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqnnmm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerfootball.terra.com.br/applet/PowerLoader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127491708265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3157EF33-EDA8-4D3E-95AF-5A5463479D19}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{3157EF33-EDA8-4D3E-95AF-5A5463479D19}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqnnmm - ssqnnmm.dll (file missing)
O20 - Winlogon Notify: WB - C:\ARQUIV~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Vundo log (2 runs, 1 yesterday and 1 today)
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 22:18:24 20/7/2007
Listing files found while scanning....
C:\windows\system32\brdgghql.dll
C:\WINDOWS\system32\ctaovqdp.dll
C:\windows\system32\fxmajfpj.dll
C:\windows\system32\ghaqpltj.dll
C:\WINDOWS\system32\gxrduonv.dll
C:\windows\system32\itvpllrp.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\mljjj.dll
C:\windows\system32\mmwocico.dll
C:\windows\system32\oswypxeg.dll
C:\windows\system32\prllpvti.dll
C:\windows\system32\qwdyecse.dll
C:\windows\system32\sraqikpr.dll
C:\windows\system32\ulddbpoj.dll
C:\windows\system32\vnoudrxg.ini
Beginning removal...
Attempting to delete C:\windows\system32\brdgghql.dll
C:\windows\system32\brdgghql.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ctaovqdp.dll
C:\WINDOWS\system32\ctaovqdp.dll Has been deleted!
Attempting to delete C:\windows\system32\fxmajfpj.dll
C:\windows\system32\fxmajfpj.dll Has been deleted!
Attempting to delete C:\windows\system32\ghaqpltj.dll
C:\windows\system32\ghaqpltj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gxrduonv.dll
C:\WINDOWS\system32\gxrduonv.dll Has been deleted!
Attempting to delete C:\windows\system32\itvpllrp.ini
C:\windows\system32\itvpllrp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\windows\system32\mmwocico.dll
C:\windows\system32\mmwocico.dll Has been deleted!
Attempting to delete C:\windows\system32\oswypxeg.dll
C:\windows\system32\oswypxeg.dll Has been deleted!
Attempting to delete C:\windows\system32\prllpvti.dll
C:\windows\system32\prllpvti.dll Has been deleted!
Attempting to delete C:\windows\system32\qwdyecse.dll
C:\windows\system32\qwdyecse.dll Has been deleted!
Attempting to delete C:\windows\system32\sraqikpr.dll
C:\windows\system32\sraqikpr.dll Has been deleted!
Attempting to delete C:\windows\system32\ulddbpoj.dll
C:\windows\system32\ulddbpoj.dll Has been deleted!
Attempting to delete C:\windows\system32\vnoudrxg.ini
C:\windows\system32\vnoudrxg.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 08:26:18 21/7/2007
Listing files found while scanning....
No infected files were found.
Combofix log: (had to split into 2 replies, message too long)
"user2005" - 2007-07-21 8:35:29 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\winrvc32.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))
2007-07-21 08:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 22:33 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive%
2007-07-20 22:18 <DIR> d-------- C:\VundoFix Backups
2007-07-19 19:40 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-19 19:38 <DIR> d-------- C:\DOCUME~1\user2005\.housecall6.6
2007-07-18 19:33 606,848 --a------ C:\WINDOWS\flashax.exe
2007-07-18 19:33 503,808 --a------ C:\WINDOWS\GE_GE4_1024x768.scr
2007-07-18 19:33 12,288 --a------ C:\WINDOWS\impborl.dll
2007-07-18 19:33 <DIR> d-------- C:\WINDOWS\GE_GE4_1024x768 dir
2007-07-16 01:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-16 00:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-14 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy
2007-07-14 12:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft
2007-07-14 12:25 <DIR> d-------- C:\Arquivos de programas\Lavasoft
2007-07-14 12:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2007-07-13 19:47 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter
2007-07-12 00:09 <DIR> d-------- C:\Arquivos de programas\VideoZip
2007-07-11 23:19 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-07-11 23:19 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-07-11 23:19 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-07-11 23:19 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-07-11 23:19 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-07-11 23:19 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-07-11 23:19 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-07-11 23:19 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-07-11 23:19 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-07-11 23:19 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-07-11 23:19 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-07-11 23:19 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-07-11 23:19 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-07-11 23:19 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-07-11 23:19 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-07-11 23:19 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-07-11 23:19 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-07-11 23:19 <DIR> d-------- C:\Arquivos de programas\A-Z
2007-07-11 21:54 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\Media Player Classic
2007-07-11 20:36 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\Real
2007-07-11 20:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real
2007-07-11 20:36 <DIR> d-------- C:\Arquivos de programas\Real Alternative
2007-07-11 20:36 <DIR> d-------- C:\Arquivos de programas\Media Player Classic
2007-07-11 20:35 <DIR> d-------- C:\Arquivos de programas\AviSynth 2.5
2007-07-11 20:34 <DIR> d-------- C:\Arquivos de programas\VirtualDubMod
2007-07-11 19:44 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\MegauploadToolbar
2007-07-11 19:44 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar
2007-07-10 21:45 <DIR> d-------- C:\DOCUME~1\user2005\.vdrift
2007-07-10 21:19 <DIR> d-------- C:\Arquivos de programas\orbiter
2007-07-10 21:14 <DIR> d-------- C:\Arquivos de programas\VDrift
2007-07-09 12:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-09 12:48 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\Talkback
2007-07-04 21:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink
2007-07-04 21:38 <DIR> d-------- C:\Arquivos de programas\DVD Shrink
2007-07-03 19:04 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\Ahead
2007-07-03 18:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero
2007-07-03 18:59 <DIR> d-------- C:\Arquivos de programas\Nero
2007-07-02 20:14 <DIR> d-------- C:\Arquivos de programas\GameSpy Arcade
2007-06-30 18:07 <DIR> d-------- C:\Arquivos de programas\PowerChallenge
2007-06-30 16:24 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-06-30 16:24 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-06-29 19:36 <DIR> d-------- C:\DOCUME~1\user2005\DADOSD~1\Motive
2007-06-29 19:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Motive
2007-06-29 19:31 <DIR> d-------- C:\WINDOWS\Motive
2007-06-29 19:31 <DIR> d-------- C:\Arquivos de programas\Common Files
2007-06-29 19:30 <DIR> d-------- C:\Arquivos de programas\Motive
2007-06-29 19:30 <DIR> d-------- C:\Arquivos de programas\Assistente Tecnico Speedy
2007-06-29 19:21 <DIR> d-------- C:\Arquivos de programas\Telefonica
2007-06-29 19:20 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-06-29 19:20 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-21 18:26 501,760 --a------ C:\WINDOWS\system32\Deutz Engine.scr
2007-06-21 18:26 501,760 --a------ C:\WINDOWS\system32\Deutz Engine.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-21 11:47:05 -------- d-----w C:\Arquivos de programas\lg_fwupdate
2007-07-21 11:16:20 -------- d-----w C:\DOCUME~1\user2005\DADOSD~1\Skype
2007-07-21 01:32:58 81,920 ----a-w C:\WINDOWS\system32\Dversion.dll
2007-07-21 01:32:57 5,120 ----a-w C:\WINDOWS\system32\Fsinst16.DLL
2007-07-21 01:32:57 45,056 ----a-w C:\WINDOWS\system32\Fsinst32.dll
2007-07-21 01:32:57 122,880 ----a-w C:\WINDOWS\system32\DVC.dll
2007-07-21 01:32:31 -------- d-----w C:\Arquivos de programas\Anti-Blaxx
2007-07-19 21:13:57 -------- d-----w C:\Arquivos de programas\Yahoo!
2007-07-19 21:08:38 -------- d-----w C:\DOCUME~1\user2005\DADOSD~1\AdobeUM
2007-07-19 04:10:08 -------- d-----w C:\Arquivos de programas\Symantec
2007-07-19 04:08:38 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared
2007-07-13 23:40:02 -------- d-----w C:\Arquivos de programas\GetRight
2007-07-10 21:07:24 -------- d-----w C:\Arquivos de programas\GbPlugin
2007-07-03 22:03:58 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead
2007-07-03 21:54:10 -------- d-----w C:\Arquivos de programas\Ahead
2007-06-29 23:36:33 -------- d-----w C:\Arquivos de programas\SecondLife
2007-06-29 21:08:39 -------- d-----w C:\Arquivos de programas\Discador itelefonica
2007-06-13 00:29:38 -------- d-----w C:\Arquivos de programas\MINITAB 14
2007-06-06 23:56:41 -------- d-----w C:\Arquivos de programas\Click21
2007-06-04 18:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 18:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 18:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-23 03:20:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-23 03:18:26 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-23 03:18:26 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-23 03:18:26 -------- d-----w C:\Arquivos de programas\OpenAL
2007-05-23 03:16:11 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2007-03-28 00:27:11 98,576 ----a-w C:\DOCUME~1\user2005\DADOSD~1\GDIPFONTCACHEV1.DAT
2006-09-07 05:15:31 12,609 ----a-w C:\Arquivos de programas\SolidWorksswxJRNL.BAK
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-06-07 11:09 399352 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2006-07-17 17:11 237568 --a------ C:\Arquivos de programas\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4400D65A-80E3-4E27-8741-3EA15E64F548}]
C:\WINDOWS\system32\mljjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-06-19 19:48 1936840 --a------ C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-05-03 03:14 434279 --a------ C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]
C:\WINDOWS\system32\ssqnnmm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\arquivos de programas\google\googletoolbar4.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
2006-11-09 14:33 226344 --a------ C:\WINDOWS\Downloaded Program Files\gbieh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]
C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46]
"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 16:19]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-07-16 00:57]
"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25]
"vptray"="C:\Arquivos de programas\NavNT\vptray.exe" []
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 07:20 C:\WINDOWS\SOUNDMAN.EXE]
"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" []
"nwiz"="nwiz.exe" [2005-02-24 10:32 C:\WINDOWS\system32\nwiz.exe]
"NVIDIA nTune"="C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 11:38]
"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 18:22]
"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2006-08-28 10:25]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" []
"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SysBrand"="C:\ARQUIV~1\iGv6\sysbrand.exe" []
"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 15:18]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 16:20]
"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2006-11-09 14:33]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\WINDOWS\Downloaded Program Files\gbiehabn.dll" []
"{941508F8-CCD9-44E0-AC29-4F1E141373F7}"="C:\WINDOWS\system32\ssqnnmm.dll" []
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 09:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnmm]
ssqnnmm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\ARQUIV~1\OBJECT~1\WINDOW~1\fastload.dll --a------ 2001-12-20 22:34 24576 C:\ARQUIV~1\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185801cf-2c0d-11da-a1fa-806d6172696f}]
AutoRun\command- D:\ASUSACPI.exe
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 08:46:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-21 8:49:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-21 08:49
--- E O F ---
Hi
Do you know what's this -> O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"?
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {4400D65A-80E3-4E27-8741-3EA15E64F548} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\ssqnnmm.dll (file missing)
O20 - Winlogon Notify: ssqnnmm - ssqnnmm.dll (file missing)
Close all windows including browser and press fix checked.
Reboot.
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe
IG was my former internet provider. Maybe this file is it's dialer. When my wideband is not connected, some virus tries to connect using dial-up. I think it's safer to remove this file because I'm not using it anymore.
When kaspersky was scaning, AVG resident shield detected many viruses.
Here is AVG report:
Trojan horse Downloader.Small.PM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP51\A0005111.dll 21/7/2007 12:43:33 A0005111.dll 30.52 KB
Trojan horse Downloader.Small.PM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005452.dll 21/7/2007 12:44:07 A0005452.dll 30.52 KB
Trojan horse SHeur.ZQ C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005454.exe 21/7/2007 12:44:23 A0005454.exe 64.56 KB
Trojan horse SHeur.ZQ C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005455.exe 21/7/2007 12:44:30 A0005455.exe 64.56 KB
Trojan horse Agent.DGM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005529.dll 21/7/2007 12:44:36 A0005529.dll 125.56 KB
Trojan horse Agent.DGM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005530.dll 21/7/2007 12:44:42 A0005530.dll 125.56 KB
Trojan horse Agent.DGM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0005890.dll 21/7/2007 12:44:44 A0005890.dll 125.56 KB
Trojan horse BHO.AD C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006007.dll 21/7/2007 12:44:47 A0006007.dll 65 KB
Trojan horse Generic5.PUP C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006008.dll 21/7/2007 12:44:50 A0006008.dll 65 KB
Trojan horse Agent.DGM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006011.dll 21/7/2007 12:44:52 A0006011.dll 125.56 KB
Trojan horse Generic5.PUP C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006014.dll 21/7/2007 12:44:55 A0006014.dll 65 KB
Trojan horse Generic5.PUP C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006015.dll 21/7/2007 12:44:57 A0006015.dll 65 KB
Trojan horse Agent.DGM C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006016.dll 21/7/2007 12:44:59 A0006016.dll 125.56 KB
Trojan horse Generic5.PUP C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006017.dll 21/7/2007 12:45:01 A0006017.dll 65 KB
Trojan horse Generic5.PUP C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006019.dll 21/7/2007 12:45:04 A0006019.dll 65 KB
Trojan horse BHO.AD C:\VundoFix Backups\brdgghql.dll.bad 21/7/2007 12:45:05 brdgghql.dll.bad 65 KB
Trojan horse Generic5.PUP C:\VundoFix Backups\ctaovqdp.dll.bad 21/7/2007 12:45:13 ctaovqdp.dll.bad 65 KB
Trojan horse Agent.DGM C:\VundoFix Backups\gxrduonv.dll.bad 21/7/2007 12:45:14 gxrduonv.dll.bad 125.56 KB
Trojan horse Generic5.PUP C:\VundoFix Backups\mmwocico.dll.bad 21/7/2007 12:45:15 mmwocico.dll.bad 65 KB
Trojan horse Generic5.PUP C:\VundoFix Backups\oswypxeg.dll.bad 21/7/2007 12:45:16 oswypxeg.dll.bad 65 KB
Trojan horse Agent.DGM C:\VundoFix Backups\prllpvti.dll.bad 21/7/2007 12:45:18 prllpvti.dll.bad 125.56 KB
Trojan horse Generic5.PUP C:\VundoFix Backups\qwdyecse.dll.bad 21/7/2007 12:45:19 qwdyecse.dll.bad 65 KB
Trojan horse Generic5.PUP C:\VundoFix Backups\ulddbpoj.dll.bad 21/7/2007 12:45:21 ulddbpoj.dll.bad 65 KB
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:57:58, on 21/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Hijackthis\sacnner.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Arquivos de programas\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powerfootball.terra.com.br/applet/PowerLoader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127491708265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3157EF33-EDA8-4D3E-95AF-5A5463479D19}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{3157EF33-EDA8-4D3E-95AF-5A5463479D19}: NameServer = 200.204.0.10 200.204.0.138
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\ARQUIV~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
karspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 21, 2007 12:57:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/07/2007
Kaspersky Anti-Virus database records: 366128
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 179454
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 2
Duration of the scan process: 02:31:19
Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\Assistente Tecnico Speedy\log\mpbtn.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\AlertFilter.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\log\httpclient.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\SmartBridge.log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Bluebeam Software\Brewery\V4\Printer Support\BBPDFPortMon.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/win76.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\Virtumonde2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\SID.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\SII.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\ApplicationHistory\hpqimzone.exe.57576738.ini.inuse Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Histórico\History.IE5\MSHist012007072120070722\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temp\~DF21E2.tmp Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temp\~DFFEC8.tmp Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\cert8.db Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\history.dat Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\key3.db Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\parent.lock Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Mozilla\Firefox\Profiles\1iohmvhr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\call256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\callmember256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\chat512.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\index2.dat Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\profile256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\transfer256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\transfer512.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\user1024.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\user16384.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\user256.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\user4096.dbb Object is locked skipped
C:\Documents and Settings\user2005\Dados de aplicativos\Skype\rogerio.takejame\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\user2005\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user2005\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winrvc32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP42\A0004361.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP42\A0004364.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP51\A0005111.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005452.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005454.exe Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005455.exe Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005496.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005529.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005530.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0005890.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006007.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006008.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006009.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006010.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006011.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006014.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006015.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006016.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006017.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006018.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006019.dll Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP56\A0006275.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP56\change.log Object is locked skipped
C:\VundoFix Backups\brdgghql.dll.bad Object is locked skipped
C:\VundoFix Backups\ctaovqdp.dll.bad Object is locked skipped
C:\VundoFix Backups\fxmajfpj.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\ghaqpltj.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\gxrduonv.dll.bad Object is locked skipped
C:\VundoFix Backups\mljjj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\VundoFix Backups\mmwocico.dll.bad Object is locked skipped
C:\VundoFix Backups\oswypxeg.dll.bad Object is locked skipped
C:\VundoFix Backups\prllpvti.dll.bad Object is locked skipped
C:\VundoFix Backups\qwdyecse.dll.bad Object is locked skipped
C:\VundoFix Backups\sraqikpr.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\ulddbpoj.dll.bad Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nmp.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
Then you can fix that line and delete corresponding folder (C:\ARQUIV~1\iGv6)
"AVG resident shield detected many viruses."
That's normal and expected :)
Empty these folders:
C:\QooBox\Quarantine\
C:\VundoFix Backups\
Empty Recycle Bin
Still problems?
ok. folders emptied.
I don't know if I still have problems. Everytime AVG finds and heals a virus, it comes back. Kaspersky found many virus but didn't clean them because they were locked. And to clean them I must buy it.
How do I know that I don't have any more problems?
Thanks for your help.
Hi
"Everytime AVG finds and heals a virus, it comes back"
Where does AVG tell virus is?
"Kaspersky found many virus but didn't clean them because they were locked."
They are all in system restore according to Kaspersky and inactive (after you've emptied those folders).
usually they appear at Internet Temporary Files folder.
Hi
Well then empty it and run this:
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Still problems?
ok. System cleaned.
Thanks a lot for your help.
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 2 (http://java.sun.com/javase/downloads/index.jsp) and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
I had a problem with llehs.com popus (please see previous thread posted today "llehs.com popups" and followed the all instructions to remove them. I ran kaspersky online antivirus again just to be sure everything was ok, but it found viruses again.
Here is the kaspersky report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 21, 2007 6:15:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/07/2007
Kaspersky Anti-Virus database records: 366226
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 178529
Number of viruses found: 6
Number of infected objects: 10
Number of suspicious objects: 2
Duration of the scan process: 02:26:49
Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\Assistente Tecnico Speedy\log\diag_svc.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\log\mad.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\log\mpbtn.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\AlertFilter.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\log\httpclient.log Object is locked skipped
C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\SmartBridge.log Object is locked skipped
C:\Arquivos de programas\Motive\AsstCommon\log\MotiveDirectory.log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Bluebeam Software\Brewery\V4\Printer Support\BBPDFPortMon.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/win76.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\Virtumonde2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\ApplicationHistory\hpqimzone.exe.57576738.ini.inuse Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Histórico\History.IE5\MSHist012007072120070722\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temp\bbassistant.log Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temp\~DF21E2.tmp Object is locked skipped
C:\Documents and Settings\user2005\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user2005\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user2005\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user2005\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP42\A0004361.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP42\A0004364.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP52\A0005496.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006009.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006010.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP55\A0006018.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP56\A0006275.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{FED7BFD1-BBCF-42D6-8E75-3DFDD1836E0F}\RP56\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\app_filter_ui.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nmp.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Can anybody help me to solve this problem?
Thanks in advance
Hi Mug6489
You were supposed to empty System Restore, reboot and put it back on. I instructed to do that in my all clean.
I also instructed you to empty this folder:
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery
Please do those steps now and kaspersky report should be clean again.
ok. spybot recovery cleaned.
Where can I clean System Restore?
Hi
As instructed before:
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above [/list]
Sorry, I didn't read your last post carefully.
Now the status is:
System cleaned
Firewall installed
System restore cleaned
AV updated
IE secured
Kaspersky scan didn't find anything
I'm currently using Firefox instead of IE. How can I configure it to improve security?
Hi
"I'm currently using Firefox instead of IE. How can I configure it to improve security?"
Default settings are ok but you can install NoScript and Adblock addons if you like.
See here (https://addons.mozilla.org)
Ok, Shaba, thanks a lot for your help.
I really apreciated it.
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.