Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • Please log in to reply
1 reply to this topic

#1 stroltz

stroltz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 07 December 2008 - 10:20 PM

Please help me! I infected my computer with some virus Adware.Vundo. I can´t use the Internet because I can´t access any site. I installed HiJackThis and SuperAntiSpyware and here are the logs:

Log1 (HiJackThis):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:38, on 08-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [32066d3d] rundll32.exe "C:\WINDOWS\system32\gffaiicd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\andrle~1\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: isurko.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10220 bytes


And here's the most recent SuperAntiSpyware log:

Log2 (SuperAntiSpyware):


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/08/2008 at 03:07 AM

Application Version : 4.22.1014

Core Rules Database Version : 3640
Trace Rules Database Version: 1623

Scan type : Complete Scan
Total Scan Time : 00:52:51

Memory items scanned : 510
Memory threats detected : 0
Registry items scanned : 7120
Registry threats detected : 3
File items scanned : 24984
File threats detected : 0

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa

And another one from SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/08/2008 at 01:05 AM

Application Version : 4.22.1014

Core Rules Database Version : 3640
Trace Rules Database Version: 1623

Scan type : Complete Scan
Total Scan Time : 00:54:36

Memory items scanned : 498
Memory threats detected : 2
Registry items scanned : 7120
Registry threats detected : 69
File items scanned : 24980
File threats detected : 81

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\EFCCUUTR.DLL
C:\WINDOWS\SYSTEM32\EFCCUUTR.DLL
C:\WINDOWS\SYSTEM32\BYXQNGFG.DLL
C:\WINDOWS\SYSTEM32\BYXQNGFG.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
HKU\S-1-5-21-1506153189-1159583693-2035616263-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Trojan.Vundo-Variant/NextGen-Six
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53c9fa68-8d31-41e6-8941-a6cdca1c98e3}
HKCR\CLSID\{53C9FA68-8D31-41E6-8941-A6CDCA1C98E3}
HKCR\CLSID\{53C9FA68-8D31-41E6-8941-A6CDCA1C98E3}\InprocServer32
HKCR\CLSID\{53C9FA68-8D31-41E6-8941-A6CDCA1C98E3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ISURKO.DLL

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AE7597-160F-4A81-8FE5-C9C82CDEED05}
HKCR\CLSID\{F2AE7597-160F-4A81-8FE5-C9C82CDEED05}
HKCR\CLSID\{F2AE7597-160F-4A81-8FE5-C9C82CDEED05}\InprocServer32
HKCR\CLSID\{F2AE7597-160F-4A81-8FE5-C9C82CDEED05}\InprocServer32#ThreadingModel
HKU\S-1-5-21-1506153189-1159583693-2035616263-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2AE7597-160F-4A81-8FE5-C9C82CDEED05}

Trojan.Vundo-Variant/NextGen
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcCuutR

Trojan.Media-Codec/V4
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKLM\Software\Microsoft\32067FB3
HKLM\Software\Microsoft\32067FB3#32067fb3
HKLM\Software\Microsoft\32067FB3#Version
HKLM\Software\Microsoft\32067FB3#3206d233
HKLM\Software\Microsoft\32067FB3#3206bbd6

Adware.Tracking Cookie
C:\Documents and Settings\André Leitão\Cookies\andré leitão@tripod[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@atwola[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@atwola[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@richmedia.yahoo[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@richmedia.yahoo[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@centralmediaserver[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.adgoto[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adsrevenue[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@xiti[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@indextools[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@indextools[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@bleeparoo[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@xiti[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@partners.webmasterplan[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.crakmedia[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@clickintext[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.cnn[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.rtp[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.rtp[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ipoint.targetpoint[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@partypoker[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adserver.portugalmail[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@www.screenclick[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@partner2profit[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@partner2profit[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ad.zanox[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ad.zanox[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@windowsmedia[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@zbox.zanox[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adrevolver[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@media.hotels[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@sexy-girlz[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@banner[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@nextag[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@m1.webstats.motigo[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adinterax[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@insightexpressai[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adinterax[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adinterax[4].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@insightexpressai[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adultadworld[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@insightexpressai[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.clicksor[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adultadworld[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adinterax[6].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adinterax[5].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@stats.channel4[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adserver.fusacapital[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@sexfilms[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@myroitracking[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@sexuality.about[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@accounts[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adultfriendfinder[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@track[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@clickaider[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@ads.us.e-planning[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@banner120.blogspot[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@clickaider[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@adserver[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@bravenet[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@bravenet[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@eas.apm.emediate[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@eas.apm.emediate[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@eas.apm.emediate[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@eas.apm.emediate[5].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@fr.classic.clickintext[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@fr.classic.clickintext[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@fr.classic.clickintext[3].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@fr.classic.clickintext[4].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@kontera[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@mcmads.mediacapital[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@mcmads.mediacapital[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@s1.trafficmaxx[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@specificclick[1].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@specificclick[2].txt
C:\Documents and Settings\André Leitão\Cookies\andré leitão@specificclick[4].txt
C:\Documents and Settings\André Leitão\Local Settings\Temp\Cookies\andré leitão@richmedia.yahoo[1].txt

Please help me on this thing as soon as possible! Thanx :thumbsup:

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:43 PM

Posted 10 December 2008 - 05:15 AM

Hello Stroltz and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users