Results 1 to 4 of 4

Thread: Virtumonde, Downloader e Adware.Ezula

  1. 2007-11-15, 19:56 #1
    ernestosilva
    ernestosilva is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default Virtumonde, Downloader e Adware.Ezula

    Hi, my antivirus (Norton) detect this virus and removes them, but they apear again and again.

    I have take the steps that are described in Before you post topic.

    Here is Kaspersky log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, November 15, 2007 6:03:38 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 15/11/2007
    Kaspersky Anti-Virus database records: 459910
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    M:\

    Scan Statistics:
    Total number of scanned objects: 100628
    Number of viruses found: 3
    Number of infected objects: 13
    Number of suspicious objects: 0
    Duration of the scan process: 01:33:59

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
    C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Temp\~DF7BB.tmp Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Temp\~DF7C0.tmp Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Temp\~DFD51D.tmp Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\Definições locais\Temporary Internet Files\Content.IE5\JLJ7R88Y\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
    C:\Documents and Settings\Proprietário-de-HP\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Proprietário-de-HP\ntuser.dat.LOG Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Programas\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
    C:\Programas\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Programas\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Programas\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Programas\Norton Internet Security\Norton AntiVirus\Savrt\0015NAV~.TMP Object is locked skipped
    C:\Programas\Norton Internet Security\Norton AntiVirus\Savrt\0659NAV~.TMP Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{A1B2D085-50FA-41ED-B9D3-890A8249F667}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\amgdqegw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\civtiwuu.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\cvghatvi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\glhyyhld.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\gplfogqy.exe Infected: Trojan.Win32.Obfuscated.kp skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\ihrywxaf.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\jfnekauh.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\lpjduxov.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\ogpxpbtb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
    C:\WINDOWS\system32\opsniocw.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\system32\ostbeyre.exe Infected: Trojan.Win32.Obfuscated.kp skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\yptkcicl.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  2. 2007-11-15, 19:57 #2
    ernestosilva
    ernestosilva is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default Hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:55:44, on 15-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe
    C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programas\ASUS\ASUS Remote\RemoteControlAppl.exe
    C:\windows\system\hpsysdrv.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    c:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    c:\Programas\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programas\Ficheiros comuns\InterVideo\RegMgr\iviRegMgr.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    c:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    c:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    c:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\DAP\DAP.EXE
    c:\Programas\Norton Internet Security\Norton AntiVirus\OPScan.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe
    C:\Programas\Microsoft Office\Office10\WINWORD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...J185AA&LF=blue
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUS\ASUS Remote\RemoteControlAppl.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PelSetupRun] F:\setup.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [ISUSPM] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/ra...gameloader.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140882991390
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dll
    O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programas\Norton Internet Security\ISSVC.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Programas\Ficheiros comuns\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 10860 bytes
  3. 2007-11-16, 00:46 #3
    ernestosilva
    ernestosilva is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default

    Please Help
  4. 2007-11-28, 01:06 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    I apologize that you have not been helped, administration has placed this information at the top of this forum to keep that from happening.
    The Waiting Room
    http://forums.spybot.info/forumdisplay.php?f=37

    I can see in your log you have a very dangerous trojan:
    O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
    http://www.castlecops.com/startuplist-11667.html
    http://www.bleepingcomputer.com/star...exe-12888.html

    If you have not resolved this issue, you should have this information.
    A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

    One or more of the identified infections is a backdoor trojan.
    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451

    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    Please let us know what you have decided to do in your next post.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules