Thread: 540.filost.com
View Single Post
Old 07-17-2005, 06:39 AM   #3 (permalink)
ehgpdantas
Registered User
 
Join Date: Jul 2005
Posts: 26
OS: Win XP SP2


Hi sUBs,

Thanks a lot for your help. Find below the responses you asked for. Please note the there are 5 different users on this machine, what forced me to, in one or two steps, repeat the procedure 5 times... As a result, I am posting 5 different HijackThis final logs.

--------------------------------------------------------------------------
VIRUSSCAN.JOTTI.ORG
--------------------------------------------------------------------------

Service
Service load: 0% 100%

File: ctfmon.exe
Status: OK
MD5 f40bc97996b8e53799eef1d63996674b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

--------------------------------------------------------------------------
BITDEFENDER SCAN LOG
--------------------------------------------------------------------------

BitDefender Online Scanner



Scan report generated at: Sun, Jul 17, 2005 - 04:01:50





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
00:36:52

Files
294000

Folders
6347

Boot Sectors
4

Archives
2478

Packed Files
47664




Results

Identified Viruses
5

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11




Engines Info

Virus Definitions
196224

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP68\A0069937.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP69\A0069975.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP71\A0071985.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Detected with: Adware.Swizzor.ML

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP75\A0075126.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP77\A0080238.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Infected with: Trojan.Clicker.Agent.AC

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP78\A0082352.dll
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Infected with: Trojan.Lopad.C

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082448.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Infected with: Trojan.Lopad.C

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP80\A0082480.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Detected with: Adware.Swizzor.ML

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089779.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Infected with: Trojan.Downloader.Swizzor.CA

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP96\A0089782.exe
Deleted

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Infected with: Trojan.Downloader.Swizzor.CB

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Disinfection failed

E:\System Volume Information\_restore{7AA95DD0-0D99-4CF1-B6F6-FB8D33834E01}\RP97\A0094813.exe
Deleted











--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER1 (my profile, which generated the first post)
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:32:25, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Registration-PCTV.lnk = E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe



--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER2
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:35:19, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe



--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER3
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:37:37, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe



--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER4
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:40:28, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe



--------------------------------------------------------------------------
HIJACKTHIS SCAN LOG - USER5
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:42:06, on 17/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Probe] e:\arquivos de programas\asus\pcprobe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Arquivos de programas\asus\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "E:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"
O4 - HKLM\..\Run: [PCTVRemote] E:\Arquivos de programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - E:\Arquivos de programas\asus\PC-cillin 2002\Tmntsrv.exe
ehgpdantas is offline