1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojan bgates.exe, dialer.trojan

Discussion in 'Virus & Other Malware Removal' started by helpneed, Jul 14, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. helpneed

    helpneed Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    2
    I'm receiving a lot of messages from Norton about trojans on my computer. I already disabled restore System on my XP and cleaned all temp files with ATF Cleaner. Then I scanned all drives with Ewindo 4.0 and Norton 2006, but I still having those messages. This is my HijackThis log.
    Someone could help me?
    Logfile of HijackThis v1.99.1
    Scan saved at 01:57:15, on 14/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWXP\System32\smss.exe
    C:\WINDOWXP\system32\csrss.exe
    C:\WINDOWXP\system32\winlogon.exe
    C:\WINDOWXP\system32\services.exe
    C:\WINDOWXP\system32\lsass.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWXP\system32\spoolsv.exe
    C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWXP\system32\CTsvcCDA.EXE
    C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWXP\System32\GEARSec.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
    C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWXP\system32\wdfmgr.exe
    C:\WINDOWXP\System32\alg.exe
    C:\WINDOWXP\Explorer.EXE
    C:\WINDOWXP\system32\ishost.exe
    C:\WINDOWXP\system32\devldr32.exe
    C:\WINDOWXP\AGRSMMSG.exe
    C:\WINDOWXP\system32\ismon.exe
    C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Arquivos de programas\iTunes\iTunesHelper.exe
    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
    C:\Arquivos de programas\iPod\bin\iPodService.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
    C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
    C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe
    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe
    C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWXP\system32\ctfmon.exe
    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\Arquivos de programas\Outlook Express\msimn.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Arquivos de programas\Messenger\msmsgs.exe
    C:\ARQUIV~1\WinZip\winzip32.exe
    C:\DOCUME~1\CASA~1.ALB\CONFIG~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.92.92.2:3128
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWXP\system32\scpsssh2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWXP\system32\tload.ocx (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWXP\Downloaded Program Files\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWXP\Downloaded Program Files\gbiehuni.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWXP\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWXP\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O15 - Trusted Zone: http://Download.Windowsupdate.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://email.diagnosticosdaamerica.com.br/iNotes6W.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://soft.trustincash.com/install/tload.cab
    O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://email.diagnosticosdaamerica.com.br/download/dolcontrol.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120315263140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c9.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://200.217.163.1/activex/AxisCamControl.ocx
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/pt/check/qdiagh.cab?326
    O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.oifotos.com/jsp/ImageUploader2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF662F7D-4419-4092-8690-6C83200E85E7}: NameServer = 200.149.55.142 200.165.132.155
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhdn32 - C:\WINDOWXP\SYSTEM32\winhdn32.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Personal Firewall\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWXP\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWXP\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWXP\System32\nvsvc32.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    Welcome to the forum.

    It may be helpful for you to list the information Norton provides.

    RF123
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,269
    Hi and welcome to TSG,

    Please move HijackThis out of the Temporary files and into a separate folder of its own in program files, so that it can function properly and create back-ups which can be restored, if necessary and then post a new log.
     
  4. helpneed

    helpneed Thread Starter

    Joined:
    Jul 11, 2006
    Messages:
    2
    Logfile of HijackThis v1.99.1
    Scan saved at 09:16:50, on 14/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWXP\System32\smss.exe
    C:\WINDOWXP\system32\csrss.exe
    C:\WINDOWXP\system32\winlogon.exe
    C:\WINDOWXP\system32\services.exe
    C:\WINDOWXP\system32\lsass.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\WINDOWXP\System32\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWXP\system32\spoolsv.exe
    C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWXP\system32\CTsvcCDA.EXE
    C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWXP\System32\GEARSec.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
    C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWXP\system32\wdfmgr.exe
    C:\WINDOWXP\System32\alg.exe
    C:\WINDOWXP\Explorer.EXE
    C:\WINDOWXP\system32\ishost.exe
    C:\WINDOWXP\system32\devldr32.exe
    C:\WINDOWXP\AGRSMMSG.exe
    C:\WINDOWXP\system32\ismon.exe
    C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Arquivos de programas\iTunes\iTunesHelper.exe
    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
    C:\Arquivos de programas\iPod\bin\iPodService.exe
    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
    C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
    C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe
    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe
    C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWXP\system32\ctfmon.exe
    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWXP\system32\svchost.exe
    C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE
    C:\Arquivos de programas\Microsoft Office\Office10\POWERPNT.EXE
    C:\Arquivos de programas\Outlook Express\msimn.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Arquivos de programas\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.92.92.2:3128
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWXP\system32\scpsssh2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWXP\system32\tload.ocx (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWXP\Downloaded Program Files\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWXP\Downloaded Program Files\gbiehuni.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWXP\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWXP\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O15 - Trusted Zone: http://Download.Windowsupdate.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://email.diagnosticosdaamerica.com.br/iNotes6W.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://soft.trustincash.com/install/tload.cab
    O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://email.diagnosticosdaamerica.com.br/download/dolcontrol.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120315263140
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c9.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://200.217.163.1/activex/AxisCamControl.ocx
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/pt/check/qdiagh.cab?326
    O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.oifotos.com/jsp/ImageUploader2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF662F7D-4419-4092-8690-6C83200E85E7}: NameServer = 200.149.55.142 200.165.132.155
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhdn32 - C:\WINDOWXP\SYSTEM32\winhdn32.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Personal Firewall\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWXP\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWXP\System32\GEARSec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWXP\System32\nvsvc32.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    And Norton Log

    ategory: Security risks
    Date Time,Feature,Risk Name,Result,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
    14/07/2006 09:10:47,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win93D.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
    14/07/2006 09:10:39,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 09:10:29,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 09:10:21,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 09:10:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 09:10:09,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 09:10:09,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\816RODM7\srvzyj[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 08:55:43,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
    14/07/2006 06:04:02,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\CHIR41MF\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:22:57,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win6F1.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
    14/07/2006 02:22:47,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:22:39,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:22:33,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:22:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:22:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\816RODM7\srvrgs[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:01:27,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win6D6.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
    14/07/2006 02:01:16,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:01:08,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:01:02,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:00:56,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 02:00:56,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\OT6VS1IR\srvtbt[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 01:41:49,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
    14/07/2006 01:40:55,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\OT6VS1IR\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 01:20:43,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
    14/07/2006 01:18:51,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\6NIFITQB\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 01:00:17,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
    14/07/2006 00:58:49,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\85U38LY7\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:38:49,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\winD7.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
    14/07/2006 00:38:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:38:11,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:57,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:45,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:35,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:21,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
    14/07/2006 00:37:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\6NIFITQB\srvtzm[1].exe,Action taken: Repair failed,Action taken: Access denied"
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,269
    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483073

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice