1º) Generic Host Process for win32 Services
2ª) svhost - the instruction 0x58fc16e2 makes reference to the memory 0x58fc16e2 The Memorry cannot be wrriten! and i stay without internet connection. I have portable internet device.
I already try to run all the programas u have in this forum and nothing! i already run combo fix and hijack this! i go put here a log for u to see.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:38, on 04-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\AntiVir PersonalEdition Classic\avguard.exe
c:\Program Files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE
C:\Programas\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Creative\Shared Files\CTDevSrv.exe
C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\oracle\e1local\bin\ORACLE.EXE
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programas\DAEMON Tools Lite\daemon.exe
C:\Programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\Programas\Kanguru\Kanguru.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.10.254:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar\01.01.2607.0\pt-pt\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programas\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VodafoneUSBPP.exe] C:\Programas\Huawei technologies\Vodafone Internet Connect Box\VodafoneUSBPP.exe windows
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programas\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Programas\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programas\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Push Client.LNK = C:\Interwise\Student\pull.exe
O4 - Global Startup: Service Manager.lnk = C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O15 - Trusted Zone: *.oracle.com
O15 - Trusted Zone: *.oracleads.com
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185541869093
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://lsvsvr003.gru...jdewebctlsU.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} (JDEExcelAutoU Control) - http://lsvsvr003.gru.../jdeexpimpU.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5698226-90C0-4EDF-B1A8-F43D55CFE13F}: NameServer = 62.169.67.172 62.169.67.171
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP Loader - Aladdin Knowledge Systems - c:\Program Files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programas\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleE1LocalTNSListener - Unknown owner - C:\Oracle\E1Local\BIN\TNSLSNR.exe
O23 - Service: OracleServiceE1LOCAL - Oracle Corporation - c:\oracle\e1local\bin\ORACLE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programas\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10435 bytes
-----------------------------------------------------------------------
combofix logo
ComboFix 08-12-03.01 - Utilizador 2008-12-04 12:00:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.1312 [GMT 0:00]
Executando de: c:\documents and settings\Utilizador\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\autorun.inf
g:\recycler\Desktop.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))
.
2008-12-04 11:54 . 2008-12-04 11:54 <DIR> d-------- c:\programas\DAEMON Tools Lite
2008-12-04 11:49 . 2008-12-04 11:49 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\DAEMON Tools
2008-12-04 11:49 . 2008-12-04 11:49 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-04 11:26 . 2008-12-04 11:26 <DIR> d-------- c:\programas\Motorola
2008-12-04 11:25 . 2006-11-22 17:35 982,272 --a------ c:\windows\system32\drivers\smserial.sys
2008-12-04 11:25 . 2006-11-22 17:31 196,608 --a------ c:\windows\system32\sm56co6a.dll
2008-12-04 11:07 . 2008-12-04 11:07 <DIR> d-------- c:\programas\iXi Tools
2008-12-04 11:07 . 2008-12-04 11:07 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}
2008-12-03 16:27 . 2008-12-03 16:27 0 --a------ c:\windows\WATCH.INI
2008-11-27 00:21 . 2008-12-03 16:26 <DIR> d-------- c:\programas\Anti Trojan Elite
2008-11-21 14:19 . 2008-11-21 22:10 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\Uniblue
2008-11-21 14:12 . 2008-11-21 14:12 <DIR> d-------- c:\programas\Trend Micro
2008-11-21 14:10 . 2008-12-04 11:49 <DIR> d-------- c:\documents and settings\Utilizador\Application Data\U3
2008-11-11 19:14 . 2008-11-11 20:01 6,728 --a------ c:\windows\jde.ini
2008-11-11 17:43 . 2008-11-11 17:43 <DIR> d-------- c:\documents and settings\Administrador\.SunDownloadManager
2008-11-11 17:30 . 2008-11-11 17:30 <DIR> d-------- c:\temp\JDK
2008-11-11 10:43 . 2008-11-11 10:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-11 10:30 . 2008-11-11 10:31 <DIR> d-------- C:\tmp
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 12:02 --------- d-----w c:\programas\Kanguru
2008-12-04 11:18 --------- d-----w c:\programas\DIFX
2008-12-04 09:33 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-03 16:29 --------- d-----w c:\programas\Sun
2008-11-27 22:18 --------- d-----w c:\programas\TuxPaint
2008-11-13 09:48 --------- d-----w c:\programas\Ficheiros comuns\Adobe
2008-11-11 19:31 208,896 ----a-w c:\windows\system32\fbdcnfg.dll
2008-11-11 19:21 --------- d-----w c:\programas\Microsoft SQL Server
2008-11-11 10:43 --------- d-----w c:\programas\Java
2008-11-09 20:59 --------- d-----w c:\documents and settings\Utilizador\Application Data\TuxPaint
2008-10-28 16:06 --------- d--h--w c:\programas\InstallShield Installation Information
2008-10-28 16:06 --------- d-----w c:\programas\PeopleSoft Knowledge Center Courses
2007-12-21 11:35 55 ----a-w c:\programas\ROLES.JS
2007-12-21 11:35 298,954 ----a-w c:\programas\csd.xml
2007-12-21 11:35 256 ----a-w c:\programas\SYSTEM.JS
2006-09-28 16:22 896 ----a-w c:\programas\kp_toc.xml
2006-08-03 17:04 293 ----a-w c:\programas\version.js
2006-05-22 13:45 196,608 ----a-w c:\programas\Play.exe
2006-05-22 12:20 977 ----a-w c:\programas\notsupp.html
2006-05-22 12:20 3,645 ----a-w c:\programas\index.html
2006-05-22 12:20 3,645 ----a-w c:\programas\default.htm
2006-05-22 12:20 3,630 ----a-w c:\programas\ods.html
2006-05-22 12:20 2,933 ----a-w c:\programas\tocstart.js
2006-05-22 12:20 2,830 ----a-w c:\programas\toc.html
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"VodafoneUSBPP.exe"="c:\programas\Huawei technologies\Vodafone Internet Connect Box\VodafoneUSBPP.exe" [2006-09-11 1011712]
"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"CTZDetec.exe"="c:\programas\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"MSMSGS"="c:\programas\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DriverUpdaterPro"="c:\programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-12-04 2869760]
"DAEMON Tools Lite"="c:\programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-07-27 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-07-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-07-27 118784]
"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2008-11-11 136600]
"IntelZeroConfig"="c:\programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\programas\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"HControl"="c:\windows\ATK0100\HControl.exe" [2007-07-27 110592]
"avgnt"="c:\programas\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"HUAWEI E620 Data Card"="c:\programas\Kanguru\Kanguru.exe" [2007-05-16 679936]
"HP Component Manager"="c:\programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 172032]
"HP Software Update"="c:\programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-06 49152]
"LogMeIn GUI"="c:\programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SMSERIAL"="c:\programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
Bluetooth Manager.lnk - c:\programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]
Cisco Systems VPN Client.lnk - c:\programas\Cisco Systems\VPN Client\vpngui.exe [2007-07-31 1445904]
Push Client.LNK - c:\interwise\Student\pull.exe [2007-09-27 802816]
Service Manager.lnk - c:\programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\programas\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe [2007-10-11 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 14:23 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programas\\Messenger\\msmsgs.exe"=
R2 HASP Loader;HASP Loader;c:\program files\Aladdin\NetHASP LM\Service\NHSRVICE.EXE -service []
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programas\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-05-26 45848]
R2 MSSQL$JDESSELOCAL;SQL Server (JDESSELOCAL);"c:\programas\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sJDESSELOCAL [2006-04-14 28933976]
R2 OracleServiceE1LOCAL;OracleServiceE1LOCAL;c:\oracle\e1local\bin\ORACLE.EXE E1LOCAL []
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-09 7808]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S2 OracleE1LocalTNSListener;OracleE1LocalTNSListener;c:\oracle\E1Local\BIN\TNSLSNR []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programas\Anti Trojan Elite\ATEPMon.sys []
S3 P1Scanner;MUSTEK P1 Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-08-04 15104]
S4 LMIRfsClientNP;LMIRfsClientNP; []
S4 OracleJobSchedulerE1LOCAL;OracleJobSchedulerE1LOCAL;c:\oracle\e1local\Bin\extjob.exe E1LOCAL []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d30c7d-3e7b-11dc-b354-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d30c7e-3e7b-11dc-b354-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef825d5-e70f-11dc-b539-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{315b5652-ea25-11dc-b543-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d0ec02-9296-11dc-b42a-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5671b4e2-e3b1-11dc-b52a-001bfcb6c685}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec03c9c-e517-11dc-b52f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec03c9e-e517-11dc-b52f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f181eda-e5df-11dc-b531-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62da395d-401e-11dc-b35c-001bfc147ef2}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a84fd8-e3c3-11dc-b52b-001bfcb6c685}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ede0d78-936e-11dc-b42f-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{906643a6-fb13-11dc-b56c-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f357aa-7648-11dc-b3df-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f357ab-7648-11dc-b3df-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b132d288-3dff-11dc-b351-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b132d28a-3dff-11dc-b351-001bfc147ef2}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35af5de-93b5-11dc-b431-001bfcb6c685}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73081aa-a319-11dc-b472-001bfcb6c685}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2d873d8-ca73-11dc-b4da-001bfcb6c685}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SPTD
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-Anti Trojan Elite - c:\programas\Anti Trojan Elite\TJEnder.exe
HKLM-Run-SigmatelSysTrayApp - stsystra.exe
.
------- Scan Suplementar -------
.
FireFox -: Profile - c:\documents and settings\Utilizador\Application Data\Mozilla\Firefox\Profiles\bresysfz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.sapo.pt/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 12:05:15
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTZDetec.exe = c:\programas\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleE1LocalTNSListener]
"ImagePath"="c:\oracle\E1Local\BIN\TNSLSNR "
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(1488)
c:\windows\system32\IWPDGINA.DLL
c:\programas\Intel\Wireless\Bin\SsoGnPTG.dll
c:\windows\system32\LMIinit.dll
.
Tempo para conclusão: 2008-12-04 12:06:29
ComboFix-quarantined-files.txt 2008-12-04 12:06:08
Pré-execução: 18.336.784.384 bytes livres
Pós execução: 18,667,331,584 bytes livres
203
--------
Someone Can See The Logs and tell me if i have any problem? tks