Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svhost memory cannot be wrriten

Started by drhoffman25 , Dec 04 2008 07:05 AM

  • Please log in to reply

#1
drhoffman25
Posted 04 December 2008 - 07:05 AM

drhoffman25

    New Member

  • Member
  • Pip
  • 1 posts
Hy People , I am with a problem , my antivirus detects me worm/autorun.dej.4 and i have some erros!

1º) Generic Host Process for win32 Services

2ª) svhost - the instruction 0x58fc16e2 makes reference to the memory 0x58fc16e2 The Memorry cannot be wrriten! and i stay without internet connection. I have portable internet device.

I already try to run all the programas u have in this forum and nothing! i already run combo fix and hijack this! i go put here a log for u to see.


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:38, on 04-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\AntiVir PersonalEdition Classic\avguard.exe
c:\Program Files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE
C:\Programas\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Creative\Shared Files\CTDevSrv.exe
C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\oracle\e1local\bin\ORACLE.EXE
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programas\DAEMON Tools Lite\daemon.exe
C:\Programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\Programas\Kanguru\Kanguru.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.10.254:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.2607.0\pt-pt\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programas\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VodafoneUSBPP.exe] C:\Programas\Huawei technologies\Vodafone Internet Connect Box\VodafoneUSBPP.exe windows
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programas\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programas\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Push Client.LNK = C:\Interwise\Student\pull.exe
O4 - Global Startup: Service Manager.lnk = C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O15 - Trusted Zone: *.oracle.com
O15 - Trusted Zone: *.oracleads.com
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185541869093
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://lsvsvr003.gru...jdewebctlsU.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} (JDEExcelAutoU Control) - http://lsvsvr003.gru.../jdeexpimpU.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5698226-90C0-4EDF-B1A8-F43D55CFE13F}: NameServer = 62.169.67.172 62.169.67.171
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP Loader - Aladdin Knowledge Systems - c:\Program Files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programas\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleE1LocalTNSListener - Unknown owner - C:\Oracle\E1Local\BIN\TNSLSNR.exe
O23 - Service: OracleServiceE1LOCAL - Oracle Corporation - c:\oracle\e1local\bin\ORACLE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programas\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10435 bytes


-----------------------------------------------------------------------
combofix logo



ComboFix 08-12-03.01 - Utilizador 2008-12-04 12:00:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.1312 [GMT 0:00]
Executando de: c:\documents and settings\Utilizador\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\autorun.inf
g:\recycler\Desktop.ini

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))
.

2008-12-04 11:54 . 2008-12-04 11:54 <DIR> d-------- c:\programas\DAEMON Tools Lite
2008-12-04 11:49 . 2008-12-04 11:49 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\DAEMON Tools
2008-12-04 11:49 . 2008-12-04 11:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-04 11:26 . 2008-12-04 11:26 <DIR> d-------- c:\programas\Motorola
2008-12-04 11:25 . 2006-11-22 17:35 982,272 --a------ c:\windows\system32\drivers\smserial.sys
2008-12-04 11:25 . 2006-11-22 17:31 196,608 --a------ c:\windows\system32\sm56co6a.dll
2008-12-04 11:07 . 2008-12-04 11:07 <DIR> d-------- c:\programas\iXi Tools
2008-12-04 11:07 . 2008-12-04 11:07 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}
2008-12-03 16:27 . 2008-12-03 16:27 0 --a------ c:\windows\WATCH.INI
2008-11-27 00:21 . 2008-12-03 16:26 <DIR> d-------- c:\programas\Anti Trojan Elite
2008-11-21 14:19 . 2008-11-21 22:10 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\Uniblue
2008-11-21 14:12 . 2008-11-21 14:12 <DIR> d-------- c:\programas\Trend Micro
2008-11-21 14:10 . 2008-12-04 11:49 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\U3
2008-11-11 19:14 . 2008-11-11 20:01 6,728 --a------ c:\windows\jde.ini
2008-11-11 17:43 . 2008-11-11 17:43 <DIR> d-------- c:\documents and settings\Administrador\.SunDownloadManager
2008-11-11 17:30 . 2008-11-11 17:30 <DIR> d-------- c:\temp\JDK
2008-11-11 10:43 . 2008-11-11 10:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-11 10:30 . 2008-11-11 10:31 <DIR> d-------- C:\tmp

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 12:02 --------- d-----w c:\programas\Kanguru
2008-12-04 11:18 --------- d-----w c:\programas\DIFX
2008-12-04 09:33 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-03 16:29 --------- d-----w c:\programas\Sun
2008-11-27 22:18 --------- d-----w c:\programas\TuxPaint
2008-11-13 09:48 --------- d-----w c:\programas\Ficheiros comuns\Adobe
2008-11-11 19:31 208,896 ----a-w c:\windows\system32\fbdcnfg.dll
2008-11-11 19:21 --------- d-----w c:\programas\Microsoft SQL Server
2008-11-11 10:43 --------- d-----w c:\programas\Java
2008-11-09 20:59 --------- d-----w c:\documents and settings\Utilizador\Application Data\TuxPaint
2008-10-28 16:06 --------- d--h--w c:\programas\InstallShield Installation Information
2008-10-28 16:06 --------- d-----w c:\programas\PeopleSoft Knowledge Center Courses
2007-12-21 11:35 55 ----a-w c:\programas\ROLES.JS
2007-12-21 11:35 298,954 ----a-w c:\programas\csd.xml
2007-12-21 11:35 256 ----a-w c:\programas\SYSTEM.JS
2006-09-28 16:22 896 ----a-w c:\programas\kp_toc.xml
2006-08-03 17:04 293 ----a-w c:\programas\version.js
2006-05-22 13:45 196,608 ----a-w c:\programas\Play.exe
2006-05-22 12:20 977 ----a-w c:\programas\notsupp.html
2006-05-22 12:20 3,645 ----a-w c:\programas\index.html
2006-05-22 12:20 3,645 ----a-w c:\programas\default.htm
2006-05-22 12:20 3,630 ----a-w c:\programas\ods.html
2006-05-22 12:20 2,933 ----a-w c:\programas\tocstart.js
2006-05-22 12:20 2,830 ----a-w c:\programas\toc.html
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"VodafoneUSBPP.exe"="c:\programas\Huawei technologies\Vodafone Internet Connect Box\VodafoneUSBPP.exe" [2006-09-11 1011712]
"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"CTZDetec.exe"="c:\programas\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"MSMSGS"="c:\programas\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DriverUpdaterPro"="c:\programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-12-04 2869760]
"DAEMON Tools Lite"="c:\programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-07-27 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-07-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-07-27 118784]
"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2008-11-11 136600]
"IntelZeroConfig"="c:\programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\programas\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"HControl"="c:\windows\ATK0100\HControl.exe" [2007-07-27 110592]
"avgnt"="c:\programas\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"HUAWEI E620 Data Card"="c:\programas\Kanguru\Kanguru.exe" [2007-05-16 679936]
"HP Component Manager"="c:\programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 172032]
"HP Software Update"="c:\programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-06 49152]
"LogMeIn GUI"="c:\programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SMSERIAL"="c:\programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
Bluetooth Manager.lnk - c:\programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]
Cisco Systems VPN Client.lnk - c:\programas\Cisco Systems\VPN Client\vpngui.exe [2007-07-31 1445904]
Push Client.LNK - c:\interwise\Student\pull.exe [2007-09-27 802816]
Service Manager.lnk - c:\programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe [2007-10-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 14:23 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programas\\Messenger\\msmsgs.exe"=

R2 HASP Loader;HASP Loader;c:\program files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE -service []
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programas\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-05-26 45848]
R2 MSSQL$JDESSELOCAL;SQL Server (JDESSELOCAL);"c:\programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sJDESSELOCAL [2006-04-14 28933976]
R2 OracleServiceE1LOCAL;OracleServiceE1LOCAL;c:\oracle\e1local\bin\ORACLE.EXE E1LOCAL []
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-09 7808]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S2 OracleE1LocalTNSListener;OracleE1LocalTNSListener;c:\oracle\E1Local\BIN\TNSLSNR []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programas\Anti Trojan Elite\ATEPMon.sys []
S3 P1Scanner;MUSTEK P1 Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-08-04 15104]
S4 LMIRfsClientNP;LMIRfsClientNP; []
S4 OracleJobSchedulerE1LOCAL;OracleJobSchedulerE1LOCAL;c:\oracle\e1local\Bin\extjob.exe E1LOCAL []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d30c7d-3e7b-11dc-b354-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d30c7e-3e7b-11dc-b354-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef825d5-e70f-11dc-b539-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{315b5652-ea25-11dc-b543-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d0ec02-9296-11dc-b42a-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5671b4e2-e3b1-11dc-b52a-001bfcb6c685}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec03c9c-e517-11dc-b52f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec03c9e-e517-11dc-b52f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f181eda-e5df-11dc-b531-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62da395d-401e-11dc-b35c-001bfc147ef2}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a84fd8-e3c3-11dc-b52b-001bfcb6c685}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ede0d78-936e-11dc-b42f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{906643a6-fb13-11dc-b56c-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f357aa-7648-11dc-b3df-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f357ab-7648-11dc-b3df-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b132d288-3dff-11dc-b351-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b132d28a-3dff-11dc-b351-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35af5de-93b5-11dc-b431-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73081aa-a319-11dc-b472-001bfcb6c685}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2d873d8-ca73-11dc-b4da-001bfcb6c685}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

*Newly Created Service* - PROCEXP90
*Newly Created Service* - SPTD
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Anti Trojan Elite - c:\programas\Anti Trojan Elite\TJEnder.exe
HKLM-Run-SigmatelSysTrayApp - stsystra.exe


.
------- Scan Suplementar -------
.
FireFox -: Profile - c:\documents and settings\Utilizador\Application Data\Mozilla\Firefox\Profiles\bresysfz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.sapo.pt/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 12:05:15
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTZDetec.exe = c:\programas\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleE1LocalTNSListener]
"ImagePath"="c:\oracle\E1Local\BIN\TNSLSNR "
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1488)
c:\windows\system32\IWPDGINA.DLL
c:\programas\Intel\Wireless\Bin\SsoGnPTG.dll
c:\windows\system32\LMIinit.dll
.
Tempo para conclusão: 2008-12-04 12:06:29
ComboFix-quarantined-files.txt 2008-12-04 12:06:08

Pré-execução: 18.336.784.384 bytes livres
Pós execução: 18,667,331,584 bytes livres

203


--------

Someone Can See The Logs and tell me if i have any problem? tks
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP