Options
Computer help, please!
I've been experiencing some problems with my PC, it occasionally turns itself off, it changed the screen saver and desktop, and I can't change it back, also i'm finding it really difficult to surf the web, because it blocks a lot of sites and I suddenly disconnect sometimes.
Here's the Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 19:47:55, on 31/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lphcgl6j0e10n.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Particular\Desktop\In Case of Fire... Break the Glass!\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: (no name) - {01E5F450-FDFA-46A4-8D8B-9BF22B7E1A8F} - C:\WINDOWS\system32\vtUOHyYQ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {efc0496b-4dd1-8f1b-d864-c182a2823a67} - {76a3282a-281c-468d-b1f8-1dd4b6940cfe} - C:\WINDOWS\system32\yjwrll.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [6c900be6] rundll32.exe "C:\WINDOWS\system32\lgywcasw.dll",b
O4 - HKLM\..\Run: [lphcgl6j0e10n] C:\WINDOWS\system32\lphcgl6j0e10n.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0C351A55-B0FC-11D5-B443-0040C7A63343} (AcromaniaX Control) - http://www.centraldejogos.com.br/AcromaniaWeb/AcromaniaWeb.cab
O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204385309546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EF8235-BC02-11D5-B44E-0040C7A63343} (ChessWebX Control) - http://www.centraldejogos.com.br/ChessWeb/ChessWeb.cab
O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpwa32 - C:\WINDOWS\SYSTEM32\winpwa32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Arquivos de programas\OneStepSearch\onestep.exe" "C:\Arquivos de programas\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
PS: sorry but i didnt do all of those steps before posting this log, I tried but the PC didnt let me. I'm actually posting this from another computer, I tried from my own but it wouldn't let me.
Thanks:)
Here's the Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 19:47:55, on 31/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lphcgl6j0e10n.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Particular\Desktop\In Case of Fire... Break the Glass!\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: (no name) - {01E5F450-FDFA-46A4-8D8B-9BF22B7E1A8F} - C:\WINDOWS\system32\vtUOHyYQ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {efc0496b-4dd1-8f1b-d864-c182a2823a67} - {76a3282a-281c-468d-b1f8-1dd4b6940cfe} - C:\WINDOWS\system32\yjwrll.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [6c900be6] rundll32.exe "C:\WINDOWS\system32\lgywcasw.dll",b
O4 - HKLM\..\Run: [lphcgl6j0e10n] C:\WINDOWS\system32\lphcgl6j0e10n.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0C351A55-B0FC-11D5-B443-0040C7A63343} (AcromaniaX Control) - http://www.centraldejogos.com.br/AcromaniaWeb/AcromaniaWeb.cab
O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204385309546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EF8235-BC02-11D5-B44E-0040C7A63343} (ChessWebX Control) - http://www.centraldejogos.com.br/ChessWeb/ChessWeb.cab
O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpwa32 - C:\WINDOWS\SYSTEM32\winpwa32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Arquivos de programas\OneStepSearch\onestep.exe" "C:\Arquivos de programas\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
PS: sorry but i didnt do all of those steps before posting this log, I tried but the PC didnt let me. I'm actually posting this from another computer, I tried from my own but it wouldn't let me.
Thanks:)
0
Comments
You are running an outdated version of HijackThis. Please delete it, and follow the instructions here:
http://icrontic.com/forum/showthread.php?t=43902
Will be glad to help you once you've got those steps down.
Here's the new log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:04, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lphcgl6j0e10n.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: (no name) - {01E5F450-FDFA-46A4-8D8B-9BF22B7E1A8F} - C:\WINDOWS\system32\vtUOHyYQ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {efc0496b-4dd1-8f1b-d864-c182a2823a67} - {76a3282a-281c-468d-b1f8-1dd4b6940cfe} - C:\WINDOWS\system32\yjwrll.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [6c900be6] rundll32.exe "C:\WINDOWS\system32\lgywcasw.dll",b
O4 - HKLM\..\Run: [lphcgl6j0e10n] C:\WINDOWS\system32\lphcgl6j0e10n.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0C351A55-B0FC-11D5-B443-0040C7A63343} (AcromaniaX Control) - http://www.centraldejogos.com.br/AcromaniaWeb/AcromaniaWeb.cab
O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204385309546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EF8235-BC02-11D5-B44E-0040C7A63343} (ChessWebX Control) - http://www.centraldejogos.com.br/ChessWeb/ChessWeb.cab
O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: winpwa32 - C:\WINDOWS\SYSTEM32\winpwa32.dll
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Arquivos de programas\OneStepSearch\onestep.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10412 bytes
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.
Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
==============================================
Ok. Let's have you download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:
Go here ======> A guide and tutorial on using ComboFix <====== Go here
Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
MBAM log
C:\ComboFix.txt
New HijackThis log
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
MBAM:
Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 2
2/9/2008 13:42:16
mbam-log-2008-09-02 (13-42-16).txt
Scan type: Quick Scan
Objects scanned: 47515
Time elapsed: 6 minute(s), 39 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 40
Memory Processes Infected:
C:\WINDOWS\system32\lphcgl6j0e10n.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\blphcgl6j0e10n.scr (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76a3282a-281c-468d-b1f8-1dd4b6940cfe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76a3282a-281c-468d-b1f8-1dd4b6940cfe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpwa32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c900be6 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgl6j0e10n (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Arquivos de programas\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.
Files Infected:
C:\WINDOWS\system32\yjwrll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcgl6j0e10n.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Arquivos de programas\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Arquivos de programas\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winpwa32.dll (Dialer) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM6fa3387a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM6fa3387a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcgl6j0e10n.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgl6j0e10n.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Particular\Configurações locais\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ComboFix.txt:
ComboFix 08-09-01.03 - Particular 2008-09-02 14:53:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.182 [GMT -3:00]
Executando de: C:\Documents and Settings\Particular\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Particular\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Dados de aplicativos\sysproc64
C:\Documents and Settings\LocalService\Dados de aplicativos\sysproc64\sysproc32.sys
C:\Documents and Settings\NetworkService\Dados de aplicativos\sysproc64
C:\Documents and Settings\NetworkService\Dados de aplicativos\sysproc64\sysproc32.sys
C:\Documents and Settings\Particular\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\AMRLAYVW\bin.clearspring.com
C:\Documents and Settings\Particular\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\AMRLAYVW\static.youku.com
C:\Documents and Settings\Particular\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Particular\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\WINDOWS\system32\nhwgodwg.ini
C:\WINDOWS\system32\QYyHOUtv.ini
C:\WINDOWS\system32\QYyHOUtv.ini2
C:\WINDOWS\system32\wsacwygl.ini
I:\Knight.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_SYSREST.SYS
\Legacy_TDSSSERV
\Service_sysrest.sys
\Service_tdssserv
((((((((((((((((((((((( Ficheiros criados de 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))))
.
2008-09-02 13:47 . 2008-09-02 14:48 196,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 13:47 . 2008-09-02 14:48 1,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 13:47 . 2008-09-02 13:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 13:47 . 2008-09-02 13:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 13:30 . 2008-09-02 13:30 <DIR> d
C:\Documents and Settings\Particular\Dados de aplicativos\Malwarebytes
2008-09-02 13:30 . 2008-09-02 13:30 <DIR> d
C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2008-09-02 13:30 . 2008-09-02 13:30 <DIR> d
C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-09-02 13:30 . 2008-09-02 00:16 38,528 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-02 13:30 . 2008-09-02 00:16 17,200 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 20:25 . 2008-09-01 20:25 <DIR> d
C:\Arquivos de programas\Trend Micro
2008-08-29 20:04 . 2008-08-29 20:07 <DIR> d
C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-08-29 20:04 . 2008-08-29 20:04 <DIR> d
C:\Arquivos de programas\Lavasoft
2008-08-29 20:00 . 2008-08-29 20:00 <DIR> d
C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-08-29 16:14 . 2008-08-29 16:14 153 --a
C:\WINDOWS\wininit.ini
2008-08-29 15:32 . 2008-08-29 15:33 <DIR> d
C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-08-29 15:32 . 2008-08-29 15:32 <DIR> d
C:\Arquivos de programas\Spybot - Search & Destroy
2008-08-27 12:36 . 2008-08-27 12:36 268 --ah
C:\sqmdata19.sqm
2008-08-27 12:36 . 2008-08-27 12:36 244 --ah
C:\sqmnoopt19.sqm
2008-08-27 01:16 . 2008-09-02 15:02 86,804 --a
C:\WINDOWS\system32\drivers\dc4e5ccc.sys
2008-08-26 16:37 . 2008-08-26 16:37 268 --ah
C:\sqmdata18.sqm
2008-08-26 16:37 . 2008-08-26 16:37 244 --ah
C:\sqmnoopt18.sqm
2008-08-26 16:28 . 2008-08-26 16:28 96,559 --a
C:\WINDOWS\system32\drivers\klin.dat
2008-08-26 16:28 . 2008-08-26 16:28 87,855 --a
C:\WINDOWS\system32\drivers\klick.dat
2008-08-26 16:27 . 2008-09-02 13:48 <DIR> d
C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab
2008-08-26 16:27 . 2008-08-26 16:27 <DIR> d
C:\Arquivos de programas\Kaspersky Lab
2008-08-26 16:10 . 2008-08-26 16:10 268 --ah
C:\sqmdata17.sqm
2008-08-26 16:10 . 2008-08-26 16:10 244 --ah
C:\sqmnoopt17.sqm
2008-08-26 15:48 . 2008-08-26 15:48 <DIR> d
C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2008-08-25 15:53 . 2008-08-25 15:54 <DIR> d
C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7
2008-08-25 15:51 . 2008-02-28 08:01 <DIR> d--h
C:\Documents and Settings\Administrador\Modelos
2008-08-25 15:51 . 2008-02-28 04:55 <DIR> d
C:\Documents and Settings\Administrador\Meus documentos
2008-08-25 15:51 . 2008-02-28 04:55 <DIR> dr
C:\Documents and Settings\Administrador\Menu Iniciar
2008-08-25 15:51 . 2008-02-28 04:55 <DIR> d
C:\Documents and Settings\Administrador\Favoritos
2008-08-25 15:51 . 2008-08-25 15:53 <DIR> dr-h
C:\Documents and Settings\Administrador\Dados de aplicativos
2008-08-25 15:51 . 2008-09-02 14:56 <DIR> d--h
C:\Documents and Settings\Administrador\Configura‡äes locais
2008-08-25 15:51 . 2008-02-28 04:55 <DIR> d--h
C:\Documents and Settings\Administrador\Ambiente de rede
2008-08-25 15:51 . 2008-02-28 04:55 <DIR> d--h
C:\Documents and Settings\Administrador\Ambiente de impressÆo
2008-08-25 15:51 . 2008-08-25 15:51 <DIR> d
C:\Documents and Settings\Administrador
2008-08-24 00:27 . 2008-08-24 00:27 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-08-24 00:27 . 2008-08-24 00:27 1,409 --a
C:\WINDOWS\QTFont.for
2008-08-20 12:38 . 2008-08-20 12:38 268 --ah
C:\sqmdata16.sqm
2008-08-20 12:38 . 2008-08-20 12:38 244 --ah
C:\sqmnoopt16.sqm
2008-08-19 12:31 . 2008-08-19 12:31 268 --ah
C:\sqmdata15.sqm
2008-08-19 12:31 . 2008-08-19 12:31 244 --ah
C:\sqmnoopt15.sqm
2008-08-18 23:03 . 2008-08-18 23:03 <DIR> d
C:\Arquivos de programas\WoW-2.3.0.7561-enUS
2008-08-18 23:03 . 2008-08-18 23:03 <DIR> d
C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment
2008-08-18 23:03 . 2008-08-18 23:03 1,283,912 --a
C:\Arquivos de programas\WoW-2.3.0.7561-enUS-downloader.exe
2008-08-13 21:20 . 2008-08-13 21:20 268 --ah
C:\sqmdata14.sqm
2008-08-13 21:20 . 2008-08-13 21:20 244 --ah
C:\sqmnoopt14.sqm
2008-08-11 12:51 . 2008-08-11 12:51 268 --ah
C:\sqmdata13.sqm
2008-08-11 12:51 . 2008-08-11 12:51 244 --ah
C:\sqmnoopt13.sqm
2008-08-10 01:33 . 2008-08-10 01:33 <DIR> d
C:\Arquivos de programas\Glamus
2008-08-09 10:23 . 2008-08-09 10:23 268 --ah
C:\sqmdata12.sqm
2008-08-09 10:23 . 2008-08-09 10:23 244 --ah
C:\sqmnoopt12.sqm
2008-08-08 22:24 . 2008-08-08 22:24 <DIR> d
C:\Arquivos de programas\Sony
2008-08-03 08:57 . 2008-08-03 08:57 268 --ah
C:\sqmdata11.sqm
2008-08-03 08:57 . 2008-08-03 08:57 244 --ah
C:\sqmnoopt11.sqm
2008-08-02 12:57 . 2008-08-02 12:57 268 --ah
C:\sqmdata10.sqm
2008-08-02 12:57 . 2008-08-02 12:57 244 --ah
C:\sqmnoopt10.sqm
.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 18:38
d
w C:\Arquivos de programas\DreMule
2008-08-28 23:18
d
w C:\Documents and Settings\Particular\Dados de aplicativos\SPORE Creature Creator
2008-08-26 12:11
d
w C:\Documents and Settings\Particular\Dados de aplicativos\AVG7
2008-08-10 04:33
d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-07-31 13:30
d
w C:\Arquivos de programas\City Interactive
2008-07-29 23:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-26 20:38
d
w C:\Arquivos de programas\EA GAMES
2008-07-25 16:37
d
w C:\Arquivos de programas\OnGame
2008-07-25 16:22
d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-07-25 05:16
d
w C:\Documents and Settings\Particular\Dados de aplicativos\FarmerJane
2008-07-25 04:02 0 ----a-w C:\Arquivos de programas\temp01
2008-07-25 03:02
d
w C:\Arquivos de programas\Outspark
2008-07-24 15:07
d
w C:\Arquivos de programas\MotherGaiaStudio
2008-07-21 21:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-21 14:01
d
w C:\Arquivos de programas\Electronic Arts
.
Sigcheck
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
2005-06-10 21:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:45 57856 3971289fa7072812caf4d053bbc6352b C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 126976]
"SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"WatchDog"="C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"HP Software Update"="C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-01 98304]
"eabconfg.cpl"="C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SynTPStart"="C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-07 29744]
"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
DVD Check.lnk - C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe [2007-03-01 184320]
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xirHIXpGt"= {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll [2007-04-16 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-07 29744]
S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys [ ]
S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys [ ]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
- - - - ORFAOS REMOVIDOS - - - -
BHO-{01E5F450-FDFA-46A4-8D8B-9BF22B7E1A8F} - C:\WINDOWS\system32\vtUOHyYQ.dll
.
Ccan Suplementar
.
FireFox -: Profile - C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\jdc4tnbs.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google
FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 15:00:29
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe??4?3?6??P???? ?,?B?????????????hLC?0??????
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dc4e5ccc]
"ImagePath"="\SystemRoot\System32\drivers\dc4e5ccc.sys"
.
Outros Processos em Execu‡Æo
.
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\hpq\Shared\hpqwmi.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\SoftwareDistribution\Download\4d6abb4abb73b8841817968bb9fef3b2\update\update.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-09-02 15:14:42 - Maquina reiniciou
ComboFix-quarantined-files.txt 2008-09-02 18:14:12
Pre-Run: 11 pasta(s) 28,261,265,408 bytes disponíveis
Post-Run: 15 pasta(s) 28,134,223,872 bytes dispon¡veis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
216 --- E O F --- 2008-07-10 03:30:01
New Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:51, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0C351A55-B0FC-11D5-B443-0040C7A63343} (AcromaniaX Control) - http://www.centraldejogos.com.br/AcromaniaWeb/AcromaniaWeb.cab
O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204385309546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EF8235-BC02-11D5-B44E-0040C7A63343} (ChessWebX Control) - http://www.centraldejogos.com.br/ChessWeb/ChessWeb.cab
O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8867 bytes
C:\WINDOWS\system32\zgn.dll
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
Sorry, I couldn't find that file, do you think it has anything to do with the Kaspersky scan my brother did with this computer?
Here's a new Hijackthis log to help you:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:40, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe
C:\Arquivos de programas\Vuze\Azureus.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0C351A55-B0FC-11D5-B443-0040C7A63343} (AcromaniaX Control) - http://www.centraldejogos.com.br/AcromaniaWeb/AcromaniaWeb.cab
O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204385309546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EF8235-BC02-11D5-B44E-0040C7A63343} (ChessWebX Control) - http://www.centraldejogos.com.br/ChessWeb/ChessWeb.cab
O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9895 bytes
I'm sorry for the trouble :sad2:
Let's boot into Safe Mode now.
Restart your computer. As the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.
Once you're in Safe Mode, run HijackThis and place a checkmark by the following entry:
O21 - SSODL: xirHIXpGt - {6C900B4A-C63A-A1E0-E59B-D6B47FDE0877} - C:\WINDOWS\system32\zgn.dll (file missing)
Press "Fix Checked". Then close HijackThis and restart the computer.
Post a new HijackThis log in your reply.
If it has been 7 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead (grin)