Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

trojan bgates.exe, dialer.trojan

990 views 4 replies 3 participants last post by  Cookiegal 
#1 ·
I'm receiving a lot of messages from Norton about trojans on my computer. I already disabled restore System on my XP and cleaned all temp files with ATF Cleaner. Then I scanned all drives with Ewindo 4.0 and Norton 2006, but I still having those messages. This is my HijackThis log.
Someone could help me?
Logfile of HijackThis v1.99.1
Scan saved at 01:57:15, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWXP\System32\smss.exe
C:\WINDOWXP\system32\csrss.exe
C:\WINDOWXP\system32\winlogon.exe
C:\WINDOWXP\system32\services.exe
C:\WINDOWXP\system32\lsass.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWXP\system32\spoolsv.exe
C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWXP\system32\CTsvcCDA.EXE
C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
C:\WINDOWXP\System32\GEARSec.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWXP\system32\wdfmgr.exe
C:\WINDOWXP\System32\alg.exe
C:\WINDOWXP\Explorer.EXE
C:\WINDOWXP\system32\ishost.exe
C:\WINDOWXP\system32\devldr32.exe
C:\WINDOWXP\AGRSMMSG.exe
C:\WINDOWXP\system32\ismon.exe
C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe
C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWXP\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWXP\system32\svchost.exe
C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\WinZip\winzip32.exe
C:\DOCUME~1\CASA~1.ALB\CONFIG~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.92.92.2:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWXP\system32\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWXP\system32\tload.ocx (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWXP\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWXP\Downloaded Program Files\gbiehuni.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://email.diagnosticosdaamerica.com.br/iNotes6W.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://email.diagnosticosdaamerica.com.br/download/dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120315263140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://200.217.163.1/activex/AxisCamControl.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/pt/check/qdiagh.cab?326
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.oifotos.com/jsp/ImageUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF662F7D-4419-4092-8690-6C83200E85E7}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhdn32 - C:\WINDOWXP\SYSTEM32\winhdn32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWXP\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWXP\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWXP\System32\nvsvc32.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
 
See less See more
#4 ·
Logfile of HijackThis v1.99.1
Scan saved at 09:16:50, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWXP\System32\smss.exe
C:\WINDOWXP\system32\csrss.exe
C:\WINDOWXP\system32\winlogon.exe
C:\WINDOWXP\system32\services.exe
C:\WINDOWXP\system32\lsass.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\system32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\WINDOWXP\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWXP\system32\spoolsv.exe
C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWXP\system32\CTsvcCDA.EXE
C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
C:\WINDOWXP\System32\GEARSec.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWXP\system32\wdfmgr.exe
C:\WINDOWXP\System32\alg.exe
C:\WINDOWXP\Explorer.EXE
C:\WINDOWXP\system32\ishost.exe
C:\WINDOWXP\system32\devldr32.exe
C:\WINDOWXP\AGRSMMSG.exe
C:\WINDOWXP\system32\ismon.exe
C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe
C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWXP\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWXP\system32\svchost.exe
C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE
C:\Arquivos de programas\Microsoft Office\Office10\POWERPNT.EXE
C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.92.92.2:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWXP\system32\scpsssh2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWXP\system32\tload.ocx (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWXP\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWXP\Downloaded Program Files\gbiehuni.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWXP\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Arquivos de programas\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://email.diagnosticosdaamerica.com.br/iNotes6W.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://email.diagnosticosdaamerica.com.br/download/dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120315263140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://200.217.163.1/activex/AxisCamControl.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/pt/check/qdiagh.cab?326
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.oifotos.com/jsp/ImageUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF662F7D-4419-4092-8690-6C83200E85E7}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWXP\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhdn32 - C:\WINDOWXP\SYSTEM32\winhdn32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWXP\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWXP\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWXP\System32\nvsvc32.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

And Norton Log

ategory: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
14/07/2006 09:10:47,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win93D.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
14/07/2006 09:10:39,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 09:10:29,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 09:10:21,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 09:10:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 09:10:09,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win93D.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 09:10:09,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\816RODM7\srvzyj[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 08:55:43,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
14/07/2006 06:04:02,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\CHIR41MF\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:22:57,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win6F1.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
14/07/2006 02:22:47,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:22:39,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:22:33,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:22:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6F1.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:22:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\816RODM7\srvrgs[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:01:27,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\win6D6.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
14/07/2006 02:01:16,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:01:08,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:01:02,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:00:56,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\win6D6.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 02:00:56,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\OT6VS1IR\srvtbt[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 01:41:49,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
14/07/2006 01:40:55,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\OT6VS1IR\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 01:20:43,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
14/07/2006 01:18:51,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\6NIFITQB\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 01:00:17,Virus scanner,Dialer.Trojan,Repaired,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Repaired,Description: Affected areas: 1 Additional areas: Unknown - Deleted "
14/07/2006 00:58:49,Auto-Protect,Dialer.Trojan,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\85U38LY7\bgates[1].exe,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:38:49,Virus scanner,Trojan Horse,Quarantined,File,N/A,N/A,200607130017,12.2.0.13,Casa,DESKTOP,"Source: Manual Scanner,Risk category: Virus,Action taken: Quarantined,Description: Affected areas: 1 Files: c:\WINDOWXP\Temp\winD7.tmp - Quarantined 1 Additional areas: Unknown - Deleted "
14/07/2006 00:38:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:38:11,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:57,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:45,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:35,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:27,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:21,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\WINDOWXP\TEMP\winD7.tmp,Action taken: Repair failed,Action taken: Access denied"
14/07/2006 00:37:15,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200607130017,12.2.0.13,SYSTEM,DESKTOP,"Source: C:\Documents and Settings\Casa.ALBERTO-C33QMXN\Configurações locais\Temporary Internet Files\Content.IE5\6NIFITQB\srvtzm[1].exe,Action taken: Repair failed,Action taken: Access denied"
 
#5 ·
  • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
  • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode.

Run ActiveScan online virus scan: here

When the scan is finished, save the results from the scan!

Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top