Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Error! Corrupt Data!

[Fixed] Hijackthis! Logs - Error! Corrupt Data! posted in the Security & Safety forums; Hi, I have a computer running Windows XP Pro and all the time is appearing the follow message: Error! Corrupt Data! Logfile of HijackThis v1.99.1 Scan saved at 10:38:07, on ...

JOIN US NOW to remove these Ads

pc help forum number one in the search engines
Post New Thread  Reply
Page 1 of 3 1 2 3 >
  #1  
Old 02-07-2008
migasmike's Avatar
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Question Error! Corrupt Data!
Hi,

I have a computer running Windows XP Pro and all the time is appearing the follow message: Error! Corrupt Data!

Logfile of HijackThis v1.99.1
Scan saved at 10:38:07, on 07-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
C:\Programas\Ficheiros comuns\Symantec Shared\AppCore\AppSvc32.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programas\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe
C:\Programas\Analog Devices\Core\smax4pnp.exe
C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Programas\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programas\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
C:\Programas\Java\jre1.6.0_01\bin\jucheck.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
Y:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.itqb.unl.pt/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\secpol.exe,
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programas\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programas\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programas\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programas\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programas\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {B85537E9-2D9C-400A-BC92-B04F4D9FF17D} (Silverwire Image Uploader Control) - http://htmlupload.silverwire.de/uplo...eUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E265B11-6B0B-4207-A9F1-028ECDE40FC9}: Domain = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E265B11-6B0B-4207-A9F1-028ECDE40FC9}: NameServer = 193.136.176.14,193.136.176.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Programas\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programas\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\AppCore\AppSvc32.exe


Some Help please!

Thanks,

MigasMike
  #2  
Old 02-12-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,032
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Bummmmp...


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #3  
Old 02-12-2008
migasmike's Avatar
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Originally Posted by ih8bills View Post
Bummmmp...
Sorry! I don´t understand!
  #4  
Old 02-13-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,301
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

=========================================

Download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this Information Page
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 02-13-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,032
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Originally Posted by migasmike View Post
Sorry! I don´t understand!

Hi-- we're not really supposed to do it-- but when someone's thread appears to be "overlooked" (which we try really hard not to do )
posting just one word-- "bumps" it too the top of the list again.

When used sparingly-- it is very useful.
When abused -- it is annoying to all.
So use it only when you must.
In some forums you can be penalized-- for doing it at all.
Here, we sometimes use it for this type of situation.
I noticed your thread had not been replied to-- so I bumped it to the top. I was in the middle of something else at that moment-- did not have time to elaborate. sssawright ? sssawright !


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #6  
Old 02-18-2008
migasmike's Avatar
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Question Re: Error! Corrupt Data! Infostealer.Wowcraft.. Song911.exe...swreg.exe
Hi,

i had installed several antispyware, the message "Error! Corrupt Data" disparead.
Norton Antivirus detects the "Infostealer.Wowcraft" and blocks him.
The new message in "Song911.exe", i tried to deleted manually Song911.exe" but the file turn on again, last Week. Today i didn´t find the file!!!
I Run the Prevx and appears malware in the c:\Windows\system32\swreg.exe.

Bellow are the log´s: 1º with SDFix.exe, 2º with the Combofix and 3º the Hijackthis


SDFix: Version 1.143

Run by Raiz7 on 18-02-2008 at 11:47

Microsoft Windows XP [VersÆo 5.1.2600]
Running From: C:\DOCUME~1\Raiz7\AMBIEN~1\AntiSpy\SDFix\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 12:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programas\\Java\\j2re1.4.2_05\\bin\\javaw.exe "="C:\\Programas\\Java\\j2re1.4.2_05\\bin\\javaw.e xe:*:Enabled:javaw"
"C:\\Programas\\Java\\jre1.5.0_06\\bin\\tnameserv. exe"="C:\\Programas\\Java\\jre1.5.0_06\\bin\\tname serv.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Programas\\UltraVNC\\winvnc.exe"="C:\\Program as\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Programas\\RealVNC\\VNC4\\winvnc4.exe"="C:\\P rogramas\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:win vnc4.exe"
"C:\\Programas\\Java\\jre1.5.0_06\\bin\\java.exe"= "C:\\Programas\\Java\\jre1.5.0_06\\bin\\java.exe:* :Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Programas\\Java\\jre1.5.0_06\\bin\\javaw.exe" ="C:\\Programas\\Java\\jre1.5.0_06\\bin\\javaw.exe :*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programas\\Messenger\\msmsgs.exe"="C:\\Progra mas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:



Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 12 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 7 May 2005 1,206 A..HR --- "C:\Programas\Ficheiros comuns\Symantec Shared\Registry Backup\ccReg.reg"
Sat 7 May 2005 12,792 A..HR --- "C:\Programas\Ficheiros comuns\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d0569 29e13eacf8392044f602e53e\BIT13.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e 78b88fd8276fd7d29cb7e4eb\BIT12.tmp"

Finished!



ComboFix 08-02-18.1 - Raiz7 2008-02-18 12:14:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.551 [GMT 0:00]
Executando de: C:\Documents and Settings\Raiz7\Ambiente de trabalho\AntiSpy\ComboFix.exe
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Ficheiros criados de 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))
.

2008-02-18 12:09 . 2008-02-18 12:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-18 11:46 . 2008-02-18 11:46 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-15 10:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-02-15 10:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-02-15 10:51 . 2008-02-15 10:52 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\PrevxCSI
2008-02-12 10:17 . 2008-02-14 08:26 <DIR> d-------- C:\Programas\SUPERAntiSpyware
2008-02-12 10:17 . 2008-02-12 10:17 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\SUPERAntiSpyware.com
2008-02-12 10:17 . 2008-02-12 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2008-02-08 10:30 . 2008-02-08 08:28 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-08 08:27 . 2008-02-11 08:08 <DIR> d-------- C:\Documents and Settings\Raiz7\.housecall6.6
2008-02-08 08:06 . 2008-02-08 08:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-08 08:06 . 2008-02-08 08:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-08 08:06 . 2008-02-08 08:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-08 08:06 . 2008-02-08 08:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-04 11:13 . 2008-02-06 10:10 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\AdobeUM

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-15 11:50 --------- d-----w C:\Programas\Ficheiros comuns\Symantec Shared
2008-02-15 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-15 10:52 --------- d-----w C:\Programas\UltraVNC
2008-02-11 17:12 --------- d-----w C:\Programas\Norton SystemWorks
2008-02-07 11:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 11:24 --------- d-----w C:\Programas\Spybot - Search & Destroy
2008-02-04 10:38 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-01-17 16:11 --------- d-----w C:\Programas\R
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 14:45 --------- d-----w C:\Programas\HP
2008-01-11 14:45 --------- d-----w C:\Programas\Ficheiros comuns\HP
2008-01-09 10:28 --------- d-----w C:\Documents and Settings\Raiz7\Application Data\HP
2008-01-08 14:55 --------- d-----w C:\Programas\MultiqtlComplete V2.6
2008-01-08 14:52 --------- d-----w C:\Programas\Ficheiros comuns\Aladdin Shared
2008-01-08 14:51 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-01-08 14:51 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2007-12-27 15:51 --------- d-----w C:\Programas\Google
2007-12-27 13:12 --------- d-----w C:\Programas\Java
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 08:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1 .2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-27 14:44 171448]
"WMPNSCFG"="C:\Programas\Windows Media Player\WMPNSCFG.exe" [2007-01-05 19:08 204288]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programas\SUPERAntiSpyware\ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Programas\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 08:08 143360]
"RoxioEngineUtility"="C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" [2003-05-01 17:44 65536]
"RoxioDragToDisc"="C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2005-05-10 17:11 868352]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programas\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22 26248]
"Symantec PIF AlertEng"="C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"NSWosCheck"="C:\Programas\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41 25472]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Acrobat Assistant.lnk - C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
InterVideo WinCinema Manager.lnk - C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e [2005-05-07 14:36:33 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programas\SUPERAntiSpyware\SASWINLO.dll

R2 aksfridge;HASP Fridge;C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-05-28 10:02]
R2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);C:\WINDOWS\system32\Drivers\ezusb.sys [2003-07-22 00:29]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe [2007-08-09 14:58]
R2 pgsql-8.1;PostgreSQL Database Server 8.1;C:\Programas\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N "pgsql-8.1" []
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 13:17]
S3 akshhl;Aladdin HASP HL Key;C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 16:12]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddr iver.sys [2005-11-04 02:43]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Programas\Ficheiros comuns\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42d8c0c6-a31e-11dc-9537-001279670118}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8b5c31a0-8164-11dc-951a-001279670118}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a9a86a5c-df4f-11d9-93c3-001279670118}]
\Shell\Auto\command - F:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-02-11 08:08:29 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Raiz7.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-02-11 17:12:01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Programas\Norton SystemWorks\OBC.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 12:16:22
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

************************************************** ************************
.
Tempo para conclusão: 2008-02-18 12:17:23
.
2008-02-15 03:00:35 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:35:10, on 18-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programas\Analog Devices\SoundMAX\SMTray.exe
C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programas\Windows Media Player\WMPNSCFG.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Raiz7\Ambiente de trabalho\AntiSpy\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ITQB &mdash; ITQB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSWosCheck] C:\Programas\Norton SystemWorks\osCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programas\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115410714603
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0BB0B5-119C-48DE-BC67-9A92893F7CA7}: Domain = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0BB0B5-119C-48DE-BC67-9A92893F7CA7}: NameServer = 193.136.176.16,193.136.176.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Programas\PostgreSQL\8.1\bin\pg_ctl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programas\Ficheiros comuns\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programas\UltraVNC\winvnc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10610 bytes


Please help, this problem spread by LAN ?

Thank´s,

MigasMike

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 3 1 2 3 >

Bookmarks

« Help - I picked up a virus whilst on holiday | Folder Options in Trouble »
Thread Tools
Display Modes
Linear Mode Linear Mode

Postin