Hi again!
First of all, thank you Judy and PP for the help.
I've done what you told me to and here's the log files. I had difficulties with the Kaspersky Online, so i've used BitDefender. I didn't put the Spyware Doctor log, because he didn't found anything bad.
I hope you can help me
Thanks once more.
Cheers
BitDefender Online Scanner
Scan report generated at: Sat, Apr 07, 2007 - 14:55:18
Statistics
Time
01:48:53
Files
618881
Folders
6412
Boot Sectors
3
Archives
2720
Packed Files
64140
Results
Identified Viruses
6
Infected Files
7
Suspect Files
1
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
463243
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe
Infected with: DeepScan:Generic.Banker.Delf.C926416E
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe
Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe
Delete failed
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
Infected with: Trojan.PWS.Banker.CZ
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
Delete failed
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\ma4n2cks.default\XUL .mfl
Clean
C:\Documents and Settings\LocalService\Local Settings\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHO1834N\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat=>REMOVED_NULLS
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV29GHIV\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV89MTCD\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFGZCJEL\desktop.ini
Clean
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
Clean
C:\Documents and Settings\LocalService\NTUSER.DAT
Clean
C:\Documents and Settings\LocalService\ntuser.dat.LOG
Clean
C:\Documents and Settings\LocalService\NTUSER.DAT_BAK_35535
Clean
C:\Documents and Settings\LocalService\NTUSER.DAT_BAK_93582
Clean
C:\Documents and Settings\LocalService\NTUSER.DAT_TU_35535.LOG
Clean
C:\Documents and Settings\LocalService\NTUSER.DAT_TU_93582.LOG
Clean
C:\Documents and Settings\LocalService\ntuser.ini
Clean
C:\Documents and Settings\LocalService\ntuser.ini=>(unicode)
Clean
C:\Documents and Settings\LocalService\Start Menu\Programs\Windows Media Player.lnk
Clean
C:\Documents and Settings\NetworkService\Cookies\index.dat
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_BAK_10434
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_BAK_45366
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_TU_10434.LOG
Clean
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_TU_45366.LOG
Clean
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\022-3315.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\022-3315.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\061-2802.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\061-2802.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\022-3306.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\022-3306.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\061-2882.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\061-2882.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\061-2769.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\061-2769.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\index-windows-1[1].sucatalog
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2832.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2832.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2882.pt[1].dist
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2882.pt[1].dist=>(JAVASCRIPT 1)
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\desktop.ini
Clean
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
Clean
C:\Documents and Settings\NetworkService\NTUSER.DAT
Clean
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Clean
C:\Documents and Settings\NetworkService\NTUSER.DAT_BAK_58832
Clean
C:\Documents and Settings\NetworkService\NTUSER.DAT_BAK_84651
Clean
C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_58832.LOG
Clean
C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_84651.LOG
Clean
C:\Documents and Settings\NetworkService\ntuser.ini
Clean
C:\Documents and Settings\NetworkService\ntuser.ini=>(unicode)
Clean
C:\Documents and Settings\Paulo\.gtk-bookmarks
Clean
C:\Documents and Settings\Paulo\.housecall6.6\8ball.txt
Clean
C:\Documents and Settings\Paulo\.housecall6.6\aucfg.ini
Clean
C:\Documents and Settings\Paulo\.housecall6.6\AU_Log\TmuDump.txt
Clean
C:\Documents and Settings\Paulo\.housecall6.6\BPMNT.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\ciussi32.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\dsvout.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\engine.stat
Clean
C:\Documents and Settings\Paulo\.housecall6.6\getMac.exe
Clean
C:\Documents and Settings\Paulo\.housecall6.6\GetServer.ini
Clean
C:\Documents and Settings\Paulo\.housecall6.6\jsapi.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\jupdate.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\local.conf
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\2007-03-27-09-22-21.infections
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\2007-04-07-12-08-11.pending
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\dsvout.log
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\engine0.log
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\error0.log
Clean
C:\Documents and Settings\Paulo\.housecall6.6\log\execution0.log
Clean
C:\Documents and Settings\Paulo\.housecall6.6\patch.exe
Clean
C:\Documents and Settings\Paulo\.housecall6.6\PATCHW32.DLL
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\lpt$vpn.371
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\lpt$vpn.395
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmaptn.473
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmaptn.481
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmvamain.ptn
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tsc.ptn
Clean
C:\Documents and Settings\Paulo\.housecall6.6\ssapi32.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\ssapiptn.da5
Clean
C:\Documents and Settings\Paulo\.housecall6.6\tmcomm.sys
Clean
C:\Documents and Settings\Paulo\.housecall6.6\TmEngDrv.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\TmUpdate.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\tsc.exe
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\ini_xml.zip
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\ini_xml.zip.etag
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\server.ini
Clean
C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\server.ini.etag
Clean
C:\Documents and Settings\Paulo\.housecall6.6\usrbl.dat
Clean
C:\Documents and Settings\Paulo\.housecall6.6\usrwl.dat
Clean
C:\Documents and Settings\Paulo\.housecall6.6\vsapi32.dll
Clean
C:\Documents and Settings\Paulo\.housecall6.6\vscan.dat
Clean
C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\routing_table
Clean
C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\torrent_config
Clean
C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\ui_config
Clean
C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\ui_state
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\19585ggug5gdb0d6t7198877b26u 1ab6a7a73458
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\4tg5b03g9tb8tb043160d1ga97dt dd18tuab8260
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\5157td112u60399tau6t7t7u3574 a0b16553gtg0
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\6dg8bb7042t27u0u885t053t8tg2 9ad7d04596db
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\809td91618894g8ba8bt31249ddu t9t1970184gd
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\935tbaa2a6u7g1t660au409ug722 ug2248g5330u
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\976g8ad0a98dugd83g7819614u1u 7d4g7u1d2863
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\9a848128u8g2t9g00d2du99b4248 u82255234b02
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\aa45t225gg93dt77ag575272u720 g23gt4b57bub
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\gu3tgg447027308g955739t80187 02bg034tbd37
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\t7g68618991582133213a5804g45 u7g9a1b57gt9
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\alloc.gif
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\black.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\black1.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\blue.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\green.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\green1.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\icon_bt.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\icon_done.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\red.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\white.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\yellow.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\yellow1.ico
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\36camara_de_shaolin.ratDVD.tor rent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\3_filmes_de_camaras_escondidas _em_balnearios_e_vestuarios_femininos.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack1.iso.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack2.ISO.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack3.ISO.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A.Girls.Guide.To.21st.Century. Sex_4_of_8_[XviD]_-_Peh.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Ainda.ha.pastores.ratDVD-RuShY.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Ass.Parade.10.XviD-NYMPHO.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A_Girls_Guide_To_21st_Century_ Sex_1_of_8_[XviD]_-_Peh.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A_Girls_Guide_To_21st_Century_ Sex_2_of_8_[XviD]_-_Peh.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_2.0.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_2.5.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_One.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_The_Movie.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_The_Resistance_-_All_Webisodes.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\bloodsport_dvd_rip.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Britney.Spears.exposed.*****.i n.xxx.upskirt.paparazzi.video.(2).torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Britney[1].Spears.*****.Shots.XXX.Images-NICE*****.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Bruna_Surfistinha_e_Suas_Amiga s_na_Sex_Shop.rar.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\carmen_kinsley_manojob[1].wmv.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Celtic_Woman_-_Celtic_Woman_-_2005.By.NeXinhA.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Da_weasel_-_3_ordm__Cap_tulo.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate.Housewives.S3.PT.DVD 1-EVO.ratDVD.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate.Housewives.Season1.H DTV.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate_Housewives_-_Season_2.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_-_ep._21_a_23.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_-_episodios_15_a_17.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Era_uma_vez_o_espaco_ep._10-11.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_ep._12-13.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espa_o_-_ep._18_a_20.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\ESTIGMA.ratDVD.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Frat_House_****fest_4_XXX_DVDR ip_2007.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_1_fix.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_2.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_4_fix.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_5.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Bloopers.avi.to rrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Serie.Lopes.da. Silva.D1.PORTUGUESE.PAL.DVDR-TrusT(2).torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Serie.Lopes.da. Silva.D1.PORTUGUESE.PAL.DVDR-TrusT.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato_Fedorento_-_Serie_Lopes_da_Silva_DVD2.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato_Fedorento_S_rie_Lopes_da_ Silva_-_Extras_DvD_3_DvdRip-_TCK.torrent
Clean
C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_
Suspected of: Trojan.Downloader.Tibs.FW
C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_
Disinfection failed
C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_
Deleted
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe
Infected with: MemScan:Backdoor.VB.EV
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe
Disinfection failed
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe
Deleted
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)
Update failed
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe
Infected with: Trojan.Downloader.Cartao.A
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe
Disinfection failed
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe
Deleted
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe
Infected with: Dropped:Backdoor.Nucleroot.A
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe
Disinfection failed
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe
Deleted
C:\WINDOWS\scvhost.exe
Infected with: MemScan:Backdoor.VB.EV
C:\WINDOWS\scvhost.exe
Disinfection failed
C:\WINDOWS\scvhost.exe
Delete failed
C:\WINDOWS\system32\ii
Infected with: Generic.Botget.93990DAA
C:\WINDOWS\system32\ii
Deleted
---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação
---------------------------------------------------------
+ Criação: 17:07:04 07-04-2007
+ Resultado da verificação:
HKU\S-1-5-21-1482476501-413027322-839522115-1003\Software\Internet Security -> Adware.IntCodec : Ignorado.
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817191.exe -> Logger.Banker.ces : Ignorado.
:mozilla.107:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Ignorado.
:mozilla.30:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Ignorado.
:mozilla.51:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.52:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.53:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.20:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.21:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.22:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.23:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.18:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Atdmt : Ignorado.
:mozilla.154:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.155:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.156:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.252:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.254:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.257:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.611:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.612:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.613:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.85:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.86:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.87:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.88:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.89:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.90:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.91:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.26:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Doubleclick : Ignorado.
:mozilla.526:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Ignorado.
:mozilla.527:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Ignorado.
:mozilla.250:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Ignorado.
:mozilla.251:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Ignorado.
:mozilla.151:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.152:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.153:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.60:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Ignorado.
:mozilla.61:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Ignorado.
:mozilla.184:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Paypal : Ignorado.
:mozilla.31:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.32:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.33:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.34:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.499:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.500:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.501:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.149:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revenue : Ignorado.
:mozilla.16:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.17:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.19:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.25:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.27:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.28:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.29:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.11:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.12:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.7:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.9:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.591:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Toplist : Ignorado.
:mozilla.80:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Weborama : Ignorado.
:mozilla.62:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrends : Ignorado.
:mozilla.13:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Ignorado.
:mozilla.14:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Ignorado.
::Fim do relatório
Logfile of HijackThis v1.99.1
Scan saved at 23:33:38, on 07-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netcount\Netcount.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rg2catbd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\hjtscan.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] "C:\Program Files\Netcount\Netcount.exe" 0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: javsu.exe
O4 - Global Startup: Rg2catbd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130637954328
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB5811A-89ED-4053-AAD5-CC1689495FBB}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Reply With Quote