Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Pressing F7 in the Command Prompt Lists Previously Entered Commands

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Photo

HJT log

Started by mjdcp , Jan 28 2010 03:23 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 mjdcp

mjdcp

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 28 January 2010 - 03:23 PM

Well, recently I've been infested by multiple viruses. I've used AVG, AVIRA, malwarebytes to scan and delete these virus, some were deleted, others no. I made a log with HJT so you guys could help me out.

QUOTE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:26, on 28/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe
C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\InterSystems\Cache\bin\csystray.exe
C:\WINDOWS\system32\cmd.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_1.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DkAutoReg.exe] "C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe"
O4 - HKLM\..\Run: [DkMonitor.exe] "C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe"
O4 - HKLM\..\Run: [DkStartup] "C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe"
O4 - HKLM\..\Run: [AxMonitor] "C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe"
O4 - HKLM\..\Run: [DkAutoReg] "C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [UninstallLockedSOSFiles] C:\DOCUME~1\Anderson\CONFIG~1\Temp\UninstallLockedSOSFiles.lnk
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2000478354-854245398-1177238915-1006\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\CTFMON.EXE" (User 'Expresso')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CACHE.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.flvdirect.com
O15 - ESC Trusted Zone: http://www.flvdirect.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC03A36-43F7-4029-A50E-D6B1759A666E}: NameServer = 189.36.129.1,189.36.129.2
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Web Server for CACHE (CACHEhttpd) - Apache Software Foundation - C:\InterSystems\Cache\httpd\bin\httpd.exe
O23 - Service: Caché Controller para CACHE (Cache_c-_intersystems_cache) - InterSystems Corporation - c:\intersystems\cache\bin\cservice.exe
O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe
O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe
O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11608 bytes

BC AdBot (Login to Remove)

 

#2 mjdcp

mjdcp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 28 January 2010 - 05:52 PM

Well, I've made a post here before but then I realized I didn't did it the right way.

Anyway, I've been recently been infected by several viruses, I firstly noticed that when my computer started to run slowly, I scanned with AVG and it found 21 virus, then I scanned with Malwarebytes which found 3. The programs deleted these virus but I wasn't completely sure of their removal, I installed AViRA and scanned it again, which found 6 virus and then I updated Malwarebytes and scanned again, and it found 8 virus. My computer is that way since Sunday. I've done several scans with Avira and Malwarebytes and at each scan they find some virus, sometimes only 2, other times 3.

Anyway this is my DDS log

QUOTE
DDS (Ver_09-12-01.01) - FAT32x86
Run by Anderson at 20:37:28,01 on qui 28/01/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3061.2287 [GMT -2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============


QUOTE

C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe
C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\InterSystems\Cache\bin\csystray.exe
c:\intersystems\cache\bin\cservice.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\SCardSvr.exe
c:\intersystems\cache\bin\cache.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dkcktkn.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\BIN\ctelnetd.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anderson\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uol.com.br/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\arquivos de programas\bs_player\tbBS_1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\arquivos de programas\bs_player\tbBS_1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\arquivos de programas\bs_player\tbBS_1.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\arquivos de programas\bittorrent\bittorrent.exe"
uRun: [swg] "c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DkAutoReg.exe] "c:\arquivos de programas\datakey\crypt32\DkAutoReg.exe"
mRun: [DkMonitor.exe] "c:\arquivos de programas\datakey\crypt32\DkMonitor.exe"
mRun: [DkStartup] "c:\arquivos de programas\safenet\bsecclient\dkstartup.exe"
mRun: [AxMonitor] "c:\arquivos de programas\safenet\bsecclient\axmonitor.exe"
mRun: [DkAutoReg] "c:\arquivos de programas\safenet\bsecclient\DkAutoReg.exe"
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\cache.lnk - c:\intersystems\cache\bin\csystray.exe
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
IE: {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - c:\arquivos de programas\datakey\crypt32\DkSmartLogonExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: flvdirect.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {DAC03A36-43F7-4029-A50E-D6B1759A666E} = 189.36.129.1,189.36.129.2
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
Notify: DkWLNP - DkWLNP.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anderson\dadosd~1\mozilla\firefox\profiles\zabo55bo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13997&locale=en_BR&q=
FF - component: c:\arquivos de programas\mozilla firefox\extensions\{baaea93a-cbe5-01d1-5892-33b65ff5f3ca}\components\WS5_a_aW3_H-TGf.dll
FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\documents and settings\anderson\dados de aplicativos\mozilla\firefox\profiles\zabo55bo.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{baaea93a-cbe5-01d1-5892-33b65ff5f3ca}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-1-26 11608]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-10-2 141312]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\avira\antivir desktop\sched.exe [2010-1-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-1-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-26 56816]
R2 Cache_c-_intersystems_cache;Caché Controller para CACHE;c:\intersystems\cache\bin\cservice.exe [2009-7-22 73728]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2007-8-6 122880]
R2 ES lite Service;ES lite Service for program management.;c:\arquivos de programas\gigabyte\easysaver\essvr.exe [2009-7-17 68136]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-7-23 54048]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R3 CACHEhttpd;Web Server for CACHE;c:\intersystems\cache\httpd\bin\httpd.exe [2009-7-22 20541]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2009-8-18 12480]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2009-8-18 19232]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-7-23 30752]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2009-8-18 22304]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-28 19:33:18 0 d-----w- C:\PenClean
2010-01-28 00:50:23 0 d-----w- c:\arquivos de programas\Ask.com
2010-01-28 00:50:09 0 d-----w- c:\arquivos de programas\MSSOAP
2010-01-28 00:49:53 0 d-----w- c:\arquivos de programas\Webroot
2010-01-28 00:33:43 164 ----a-w- c:\windows\install.dat
2010-01-27 20:42:02 0 d-----w- C:\LinhaDefensiva
2010-01-26 19:34:36 0 d-----w- C:\HijackThis
2010-01-26 15:16:07 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-26 15:16:06 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Avira
2010-01-26 15:16:06 0 d-----w- c:\arquivos de programas\Avira
2010-01-26 14:57:30 0 d-----w- c:\docume~1\alluse~1\dadosd~1\AntiVir PersonalEdition Classic
2010-01-25 19:56:43 0 d-----w- c:\docume~1\anderson\dadosd~1\GlarySoft
2010-01-25 19:55:53 0 d-----w- c:\arquivos de programas\Glary Utilities
2010-01-25 00:40:06 0 d-----w- c:\arquivos de programas\VDOWNLOADER
2010-01-25 00:40:06 0 d-----w- c:\arquivos de programas\arquivos comuns\eBay
2010-01-24 15:30:13 12 ----a-w- c:\windows\system32\drivers\IncompleteBoot.cnt
2010-01-23 21:49:48 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Azureus
2010-01-23 21:49:46 0 d-----w- c:\docume~1\anderson\dadosd~1\Azureus
2010-01-23 21:49:18 0 d-----w- c:\arquivos de programas\Vuze
2010-01-23 12:20:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-23 12:20:55 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-22 21:02:24 0 d-sh--w- c:\documents and settings\anderson\IECompatCache
2010-01-22 21:02:08 0 d-sh--w- c:\documents and settings\anderson\PrivacIE
2010-01-22 20:59:21 0 d-sh--w- c:\documents and settings\anderson\IETldCache
2010-01-22 20:53:28 0 d-----w- c:\windows\ie8updates
2010-01-22 20:47:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-22 20:47:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-22 20:45:39 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-22 20:40:18 953 ----a-w- c:\windows\Active Setup Log.BAK

==================== Find3M ====================

2010-01-28 20:55:26 16608 ----a-w- c:\windows\gdrv.sys
2010-01-25 20:05:44 204 ----a-w- c:\windows\system32\drivers\GbpKmAp.lst
2010-01-22 20:36:48 67450 ----a-w- c:\windows\system32\perfc016.dat
2010-01-22 20:36:48 425426 ----a-w- c:\windows\system32\perfh016.dat
2010-01-07 18:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 18:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 09:59:18 118114 ----a-w- c:\windows\system32\xL0-_K-.exe
2009-12-30 12:59:36 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-12-11 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-18 11:37:44 286720 ------w- c:\windows\Setup1.exe
2009-11-18 11:37:42 73216 ----a-w- c:\windows\ST6UNST.EXE

============= FINISH: 20:37:40,51 ===============



Anyways, thanks in advance. I really aprecciate what you guys are doing here

Attached Files


Edited by Orange Blossom, 28 January 2010 - 08:20 PM.
Merged topics. ~ OB

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:17 PM

Posted 05 February 2010 - 03:34 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:17 PM

Posted 10 February 2010 - 06:51 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·