Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] PC very infected!

Started by sergioduarte , Nov 25 2007 08:15 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 sergioduarte

sergioduarte

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 25 November 2007 - 08:15 AM

Help me, someone! My PC is running veru slow and some programs are not working! Can someone help me out? Please!!! :( :(

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 November 2007 - 10:28 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.


Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.






Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 sergioduarte

sergioduarte

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 25 November 2007 - 04:53 PM

The HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:49, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\NavNT\vptray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Dicionário de Sinônimos AOL\Sinonimo.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\Dicionário de Sinônimos AOL\Sinonimo.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
c:\arquivos de programas\a-squared free\a2service.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\eMule\emule.exe
C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-725345543-823518204-2146829589-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sergio')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1174306686640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\arquivos de programas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Arquivos de programas\NavNT\defwatch.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Arquivos de programas\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8601 bytes


The uninstall list:

Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
Apple Software Update
a-squared Free 2.1
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para o Windows Media Player 9 (KB917734)
Atualização de Segurança para Windows Internet Explorer 7 (KB928090)
Atualização de Segurança para Windows Internet Explorer 7 (KB931768)
Atualização de Segurança para Windows Internet Explorer 7 (KB933566)
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB939653)
Atualização de Segurança para Windows XP (KB893756)
Atualização de Segurança para Windows XP (KB896358)
Atualização de Segurança para Windows XP (KB896423)
Atualização de Segurança para Windows XP (KB896424)
Atualização de Segurança para Windows XP (KB896428)
Atualização de Segurança para Windows XP (KB899587)
Atualização de Segurança para Windows XP (KB899591)
Atualização de Segurança para Windows XP (KB900725)
Atualização de Segurança para Windows XP (KB901017)
Atualização de Segurança para Windows XP (KB901214)
Atualização de Segurança para Windows XP (KB902400)
Atualização de Segurança para Windows XP (KB904706)
Atualização de Segurança para Windows XP (KB905414)
Atualização de Segurança para Windows XP (KB905749)
Atualização de Segurança para Windows XP (KB908519)
Atualização de Segurança para Windows XP (KB911562)
Atualização de Segurança para Windows XP (KB911927)
Atualização de Segurança para Windows XP (KB912919)
Atualização de Segurança para Windows XP (KB913580)
Atualização de Segurança para Windows XP (KB914388)
Atualização de Segurança para Windows XP (KB914389)
Atualização de Segurança para Windows XP (KB917344)
Atualização de Segurança para Windows XP (KB917422)
Atualização de Segurança para Windows XP (KB917953)
Atualização de Segurança para Windows XP (KB918118)
Atualização de Segurança para Windows XP (KB918439)
Atualização de Segurança para Windows XP (KB919007)
Atualização de Segurança para Windows XP (KB920213)
Atualização de Segurança para Windows XP (KB920670)
Atualização de Segurança para Windows XP (KB920683)
Atualização de Segurança para Windows XP (KB920685)
Atualização de Segurança para Windows XP (KB921503)
Atualização de Segurança para Windows XP (KB922819)
Atualização de Segurança para Windows XP (KB923191)
Atualização de Segurança para Windows XP (KB923414)
Atualização de Segurança para Windows XP (KB923689)
Atualização de Segurança para Windows XP (KB923694)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB923980)
Atualização de Segurança para Windows XP (KB924191)
Atualização de Segurança para Windows XP (KB924270)
Atualização de Segurança para Windows XP (KB924496)
Atualização de Segurança para Windows XP (KB924667)
Atualização de Segurança para Windows XP (KB925902)
Atualização de Segurança para Windows XP (KB926255)
Atualização de Segurança para Windows XP (KB926436)
Atualização de Segurança para Windows XP (KB927779)
Atualização de Segurança para Windows XP (KB927802)
Atualização de Segurança para Windows XP (KB928090)
Atualização de Segurança para Windows XP (KB928255)
Atualização de Segurança para Windows XP (KB928843)
Atualização de Segurança para Windows XP (KB929123)
Atualização de Segurança para Windows XP (KB930178)
Atualização de Segurança para Windows XP (KB931261)
Atualização de Segurança para Windows XP (KB931784)
Atualização de Segurança para Windows XP (KB932168)
Atualização de Segurança para Windows XP (KB933729)
Atualização de Segurança para Windows XP (KB935839)
Atualização de Segurança para Windows XP (KB935840)
Atualização de Segurança para Windows XP (KB936021)
Atualização de Segurança para Windows XP (KB938829)
Atualização de Segurança para Windows XP (KB941202)
Atualização de Segurança para Windows XP (KB943460)
Atualização para Windows XP (KB894391)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB900485)
Atualização para Windows XP (KB904942)
Atualização para Windows XP (KB908531)
Atualização para Windows XP (KB910437)
Atualização para Windows XP (KB911280)
Atualização para Windows XP (KB916595)
Atualização para Windows XP (KB920872)
Atualização para Windows XP (KB922582)
Atualização para Windows XP (KB927891)
Atualização para Windows XP (KB929338)
Atualização para Windows XP (KB930916)
Atualização para Windows XP (KB931836)
Atualização para Windows XP (KB933360)
Atualização para Windows XP (KB938828)
AVG 7.5
Barra de Ferramentas do Outlook do Windows Live (Windows Live Toolbar)
Bloqueador de Pop-ups (Windows Live Toolbar)
Carom3D
Civilization III
Civilization III Play the World
Command & Conquer Generals
Detector de Feed do Windows Live Toolbar (Windows Live Toolbar)
Dicionário de Sinônimos AOL
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
eMule
Extensão do Windows Live Toolbar (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB914440)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Premier Software 6.5
HP Software Update
HP Solution Center 7.0
IRPF2007 - Declaração de Ajuste Anual
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
LiveUpdate 1.6 (Symantec Corporation)
Menus Inteligentes (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.9)
MSXML 4.0 SP2 (KB936181)
Multimedia Launcher
Nero OEM
Norton AntiVirus Corporate Edition
Norton CleanSweep
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer
Receitanet 2007
Remove Vista Customization Pack v3
Replay Converter 2.8
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites para Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip


Thank you very much for helping me so promptly, Scotty. :)

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 26 November 2007 - 04:24 AM

Hi

You are operating your computer with multiple Anti Virus programs running in memory at once:
AVG, Norton

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

Please disable one or the other so they do not conflict.

It may be that you have uninstalled Norton with out using the removal tool. I can provide a link for that.

Edited by Scotty, 26 November 2007 - 04:25 AM.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#5 sergioduarte

sergioduarte

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2007 - 03:03 PM

Ok. I disabled Norton. Thanks!! :thumbup:

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 01 December 2007 - 05:21 PM

Hi

  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.

Post the report in your next reply.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#7 sergioduarte

sergioduarte

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 02 December 2007 - 08:56 AM

Incident Status Location Dialer:Dialer.ABR Not disinfected C:\BACKUP OLD COMPUTER\Serginho\backups\backup-20060914-080638-426.inf Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\BACKUP OLD COMPUTER\sUBs\TSF\nircmd.exe Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Cookies\serginho@ig.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Cookies\serginho@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.uol.com.br/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.ig.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.acesso.uol.com.br/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.atwola.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.com.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.go.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.gostats.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[.xiti.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Serginho\Dados de aplicativos\Mozilla\Firefox\Profiles\a3jodqkq.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@azjmp[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@bravenet[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@bs.serving-sys[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@de.uol.com[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@go[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@ig.com[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@overture[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@serving-sys[1].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@stat.onestat[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@uol.com[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sergio\Cookies\sergio@xiti[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\q2awnvmg.default\cookies.txt[.de.uol.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\q2awnvmg.default\cookies.txt[.ig.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\q2awnvmg.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\q2awnvmg.default\cookies.txt[.uol.com.br/]

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 02 December 2007 - 10:43 AM

Hi

Im not seeing anything malware related.

Let's take a closer look.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#9 sergioduarte

sergioduarte

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 03 December 2007 - 04:15 AM

Hi, Scotty.

Extra.txt, first.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.53 MiB / 187.18 MiB
Pagefile Memory (total/avail): 1250.23 MiB / 946.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 2 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de arquivos instalável - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Arquivos de programas\\EA Games\\Command and Conquer Generals\\patchget.dat"="C:\\Arquivos de programas\\EA Games\\Command and Conquer Generals\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"="C:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Serginho\Dados de aplicativos
CLASSPATH=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=SERGIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Serginho
LOGONSERVER=\\SERGIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Arquivos de programas\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
QTJAVA=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Serginho\CONFIG~1\Temp
TMP=C:\DOCUME~1\Serginho\CONFIG~1\Temp
USERDOMAIN=SERGIO
USERNAME=Serginho
USERPROFILE=C:\Documents and Settings\Serginho
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sergio (admin)
Serginho (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Arquivos de programas\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.1 --> "C:\Arquivos de programas\a-squared Free\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Atualização de Segurança para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Atualização de Segurança para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Atualização para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Atualização para Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Atualização para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Atualização para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Atualização para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Atualização para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Atualização para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Atualização para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Atualização para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Atualização para Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Atualização para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Atualização para Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Atualização para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Atualização para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
AVG 7.5 --> C:\Arquivos de programas\Grisoft\AVG7\setup.exe /UNINSTALL
Barra de Ferramentas do Outlook do Windows Live (Windows Live Toolbar) --> MsiExec.exe /X{6A6B10FE-3A8C-48B8-AF8A-274BA6889734}
Bloqueador de Pop-ups (Windows Live Toolbar) --> MsiExec.exe /X{60844F16-2659-45BB-BF8A-C5B390D4F397}
Civilization III --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Civilization III Play the World --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E8650C8D-CCB2-496E-816C-ECC54A7EE411}\setup.exe"
Command & Conquer Generals --> C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Detector de Feed do Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{7B73D22F-B1FA-447B-948D-D706616C3773}
Dicionário de Sinônimos AOL --> C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\Dicionário de Sinônimos AOL\DeIsL1.isu" -c"C:\Arquivos de programas\Dicionário de Sinônimos AOL\_ISREG32.DLL"
DivX Codec --> C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Arquivos de programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Arquivos de programas\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> "C:\Arquivos de programas\Uninstall_CDS.exe"
eMule --> "C:\Arquivos de programas\eMule\Uninstall.exe"
Extensão do Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{88902514-B65F-4093-AF94-8DA7B41DCCD8}
HijackThis 2.0.2 --> "C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Arquivos de programas\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\Arquivos de programas\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Premier Software 6.5 --> C:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IRPF2007 - Declaração de Ajuste Anual --> C:\ARQUIV~1\PROGRA~1\IRPF2007\UNWISE.EXE C:\ARQUIV~1\PROGRA~1\IRPF2007\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 1.6 (Symantec Corporation) --> C:\Arquivos de programas\Symantec\LiveUpdate\LSETUP.EXE /U
Menus Inteligentes (Windows Live Toolbar) --> MsiExec.exe /X{9D57C4FB-39C1-4EC3-9386-845FD08453D5}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003 --> MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.11) --> C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
Norton CleanSweep --> C:\WINDOWS\UNCS32.EXE -fC:\ARQUIV~1\NORTON~1\DeIsL1.isu -cC:\ARQUIV~1\NORTON~1\NCSUnins.dll /interactive -bootmsg
OCR Software by I.R.I.S 7.0 --> C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{AF9B8ED2-BC1A-4673-9519-3FDD5C54D71A}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Receitanet 2007 --> C:\WINDOWS\DesinstRecnet.exe
Remove Vista Customization Pack v3 --> c:\windows\vcp_save\runme.bat
Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\iruninRCV.ini"
Spybot - Search & Destroy 1.4 --> "C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Arquivos de programas\SpywareBlaster\unins000.exe"
Windows Live Favorites para Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Arquivos de programas\Windows Live Toolbar\UnInstall.exe" {6FEE62BC-67E3-4083-BEE2-3C33A487F85C}
Windows Live Toolbar --> MsiExec.exe /X{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Arquivos de programas\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type3057 / Error
Event Submitted/Written: 12/03/2007 03:10:07 AM
Event ID/Source: 14 / Norton AntiVirus
Event Description:
Norton AntiVirus services failed to start. Virus definition file is invalid. (CC001000)

Event Record #/Type3054 / Error
Event Submitted/Written: 12/03/2007 03:10:02 AM
Event ID/Source: 1280 / DefWatch
Event Description:
Failed to get virus definitions folder.

Event Record #/Type3026 / Error
Event Submitted/Written: 12/03/2007 03:01:55 AM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 1.1 -- Error 1704.An installation for Norton AntiVirus Corporate Edition is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Event Record #/Type3021 / Error
Event Submitted/Written: 12/02/2007 11:14:16 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicativo com falha WINWORD.EXE, versão 11.0.8134.0, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Event Record #/Type3020 / Error
Event Submitted/Written: 12/02/2007 11:14:11 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicativo com falha WINWORD.EXE, versão 11.0.8134.0, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30973 / Warning
Event Submitted/Written: 12/03/2007 01:10:14 AM
Event ID/Source: 36 / W32Time
Event Description:
O serviço de tempo não pôde sincronizar a hora do sistema
para 49152 segundos porque nenhum dos provedores pôde
fornecer um carimbo de data/hora utilizável. O relógio do sistema não está sincronizado.

Event Record #/Type30959 / Error
Event Submitted/Written: 12/02/2007 11:31:03 AM
Event ID/Source: 7028 / Service Control Manager
Event Description:
A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM e o Gerenciador de controle de serviços apropriou-se da chave.

Event Record #/Type29467 / Error
Event Submitted/Written: 12/01/2007 00:25:22 PM
Event ID/Source: 7 / Disk
Event Description:
O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

Event Record #/Type28315 / Error
Event Submitted/Written: 12/01/2007 03:10:16 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
O serviço Norton AntiVirus Client terminou com o erro:
%%10

Event Record #/Type28306 / Error
Event Submitted/Written: 12/01/2007 03:10:15 AM
Event ID/Source: 7028 / Service Control Manager
Event Description:
A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM e o Gerenciador de controle de serviços apropriou-se da chave.



-- End of Deckard's System Scanner: finished at 2007-12-03 08:10:08 ------------


Main.txt:

Deckard's System Scanner v20071014.68
Run by Serginho on 2007-12-03 08:08:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
82: 2007-12-03 10:08:17 UTC - RP268 - Deckard's System Scanner Restore Point
81: 2007-12-03 05:01:14 UTC - RP267 - Software Distribution Service 3.0
80: 2007-12-03 01:36:59 UTC - RP266 - Ponto de verificação do sistema
79: 2007-12-03 05:01:57 UTC - RP265 - Removed Norton AntiVirus Corporate Edition
78: 2007-12-01 05:00:51 UTC - RP264 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-14 15:09:00 UTC - RP187 - Ponto de verificação do sistema


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2 GiB (less than 15%) free.


-- HijackThis (run as Serginho.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:31, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\arquivos de programas\a-squared free\a2service.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\NavNT\vptray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Serginho\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\ARQUIV~1\TRENDM~1\HIJACK~1\Serginho.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1174306686640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\arquivos de programas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Arquivos de programas\NavNT\defwatch.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Arquivos de programas\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8062 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\arquivos de programas\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

0


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador RAID
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&61AAA01&0&78
Manufacturer:
Name: Controlador RAID
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&61AAA01&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-03 07:24:01 272 --a------ C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job
2007-11-26 13:02:02 300 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-02 11:35:31 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-01 03:01:05 0 d-------- C:\Arquivos de programas\Windows Live Favorites
2007-11-25 14:44:32 139264 --a------ C:\WINDOWS\NeoUninstall.exe <Not Verified; Neoact; NeoUninstall Application>
2007-11-25 14:43:46 0 d-------- C:\Program Files
2007-11-13 09:04:06 0 dr-h----- C:\$VAULT$.AVG


-- Find3M Report ---------------------------------------------------------------

2007-12-03 08:00:07 0 d-------- C:\Documents and Settings\Serginho\Dados de aplicativos\AVG7
2007-12-02 17:13:54 0 d-------- C:\Arquivos de programas\Norton CleanSweep
2007-12-02 16:14:23 0 d-------- C:\Arquivos de programas\eMule
2007-12-02 12:09:32 0 d-------- C:\Arquivos de programas\Windows Live Toolbar
2007-12-02 12:09:05 0 d-------- C:\Arquivos de programas\QuickTime
2007-12-02 12:08:40 0 d-------- C:\Arquivos de programas\NavNT
2007-12-02 12:08:31 0 d-------- C:\Arquivos de programas\MSN Messenger
2007-12-02 12:00:00 0 d-------- C:\Arquivos de programas\GbPlugin
2007-12-02 11:56:53 0 d-------- C:\Arquivos de programas\a-squared Free
2007-12-01 03:02:47 413126 --a------ C:\WINDOWS\system32\perfh016.dat
2007-12-01 03:02:47 61400 --a------ C:\WINDOWS\system32\perfc016.dat
2007-11-20 14:24:13 0 d-------- C:\Arquivos de programas\MegaJogos
2007-10-31 13:20:18 0 d-------- C:\Documents and Settings\Serginho\Dados de aplicativos\HP
2007-10-17 23:40:28 0 d-------- C:\Arquivos de programas\Java
2007-10-15 13:04:27 0 d-------- C:\Documents and Settings\Serginho\Dados de aplicativos\Apple Computer
2007-09-10 21:59:48 120634 --a------ C:\WINDOWS\hpoins09.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [23/10/2007 09:30]
"iconcache"="" []
"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 21:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [16/02/2007 11:54]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"vptray"="C:\Arquivos de programas\NavNT\vptray.exe" [24/09/2001 08:59]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:45]
"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [19/01/2007 13:54]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [19/2/2006 05:21:22]
Inicializa‡Æo r pida do HP Photosmart Premier.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [10/2/2006 08:56:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [20/11/2007 16:51 347464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 20/11/2007 16:51 347464 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APITRAP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - DEFWATCH
*Newly Created Service* - NORTON_ANTIVIRUS_SERVER



-- End of Deckard's System Scanner: finished at 2007-12-03 08:10:08 ------------

Thanks again!

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 03 December 2007 - 04:54 AM

Hi Are you using AVG or Norton anti-virus?
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 December 2007 - 06:28 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·