Tech Support Forum - View Single Post - I also have the "unsolicited browser pops" problem. Tks

foreverhappy · 11-13-2008, 04:15 PM

Tks. What's next?

COMBO FIX

ComboFix 08-11-12.01 - Butterfly 2008-11-13 18:01:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.1633 [GMT -5:00]
Executando de: c:\documents and settings\Butterfly\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Butterfly\Desktop\CFScript.txt
* Criado um novo ponto de restauro

FILE ::
c:\windows\system32\uEKnmnmp.ini
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\RLUHVKKCYG
c:\documents and settings\All Users\Application Data\RLUHVKKCYG\2265.Dat
c:\documents and settings\All Users\Application Data\XRUHVKKCYG
c:\documents and settings\All Users\Application Data\XRUHVKKCYG\2427.Dat
c:\documents and settings\Butterfly\.housecall6.6\quarantine
c:\temp\PRE45
c:\windows\system32\sX3i19
c:\windows\system32\uEKnmnmp.ini

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))
.

2008-11-11 20:18 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:18 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 18:55 . 2008-11-13 18:01 <DIR> d-------- c:\documents and settings\Butterfly\.housecall6.6
2008-11-09 17:50 . 2008-11-09 17:50 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-09 14:59 . 2008-11-09 15:00 3,043,976 -ra------ c:\program files\ComboFix.exe
2008-11-09 12:29 . 2008-11-09 12:31 <DIR> d-------- C:\rsit
2008-11-09 11:17 . 2008-11-09 11:56 250 --a------ c:\windows\gmer.ini
2008-11-09 09:57 . 2008-11-09 09:57 <DIR> d-------- c:\program files\gmer
2008-11-09 09:56 . 2008-11-09 09:57 747,873 --a------ c:\program files\gmer.zip
2008-11-09 09:48 . 2008-11-09 09:48 305,705 --a------ c:\program files\RSIT.exe
2008-11-09 09:21 . 2008-11-09 09:21 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 18:22 . 2008-11-08 18:23 19,153,264 --a------ c:\program files\aaw2008.exe
2008-11-08 16:24 . 2008-11-09 11:06 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 16:24 . 2008-11-09 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 16:02 . 2008-11-08 16:19 7,478,208 --a------ c:\program files\windows-kb890830-v2.3.exe
2008-11-08 11:05 . 2006-06-20 08:40 692,224 --a------ c:\windows\system32\lxctdrs.dll
2008-11-08 11:05 . 2006-07-11 13:54 335,872 --a------ c:\windows\system32\lxctcoin.dll
2008-11-08 11:05 . 2006-05-18 06:01 65,536 --a------ c:\windows\system32\lxctcaps.dll
2008-11-08 11:05 . 2006-05-03 09:31 61,440 --a------ c:\windows\system32\lxctcnv4.dll
2008-11-08 11:05 . 2005-06-23 21:37 40,960 --a------ c:\windows\system32\lxctvs.dll
2008-11-08 11:04 . 2006-07-10 18:34 40,960 --a------ c:\windows\system32\lxctpmon.dll
2008-11-08 11:04 . 2006-07-10 18:34 32,768 --a------ c:\windows\system32\LXCTFXPU.DLL
2008-11-08 11:04 . 2006-07-10 18:36 12,288 --a------ c:\windows\system32\lxctpmrc.dll
2008-11-08 11:02 . 2008-11-08 11:05 <DIR> d-------- c:\program files\Lexmark 5400 Series
2008-11-08 08:00 . 2008-10-09 14:25 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\scripting
2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\en
2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\bits
2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\l2schemas
2008-11-08 07:48 . 2008-11-08 07:50 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-02 14:03 . 2008-11-02 14:03 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-02 14:03 . 2008-11-02 14:03 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-27 17:55 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-27 17:51 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-27 17:51 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-27 17:51 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-27 17:51 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-27 17:51 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-27 17:46 . 2008-05-01 09:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-10-27 17:45 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-10-27 17:43 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 20:16 . 2008-11-13 08:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-22 20:16 . 2008-10-22 20:16 1,409 --a------ c:\windows\QTFont.for

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 23:04 178,330,912 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-13 15:19 2,365,076 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-13 02:16 --------- d-----w c:\program files\BadgeHelp
2008-11-12 00:26 --------- d-----w c:\program files\Lx_cats
2008-11-08 23:24 --------- d-----w c:\program files\Lavasoft
2008-11-08 22:56 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-08 16:03 --------- d-----w c:\program files\Lexmark Toolbar
2008-11-02 19:03 --------- d-----w c:\program files\Java
2008-10-30 12:07 --------- d-----w c:\program files\NetExchange Pro3.0
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 03:11 387 ----a-w C:\Board.Dat
2008-10-09 19:25 73,104 ----a-w c:\windows\zllsputility.exe
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 00:03 --------- d-----w c:\program files\activePDF
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 16:11 --------- d-----w c:\program files\FinePixViewer
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-06 21:30 1,201,351 ----a-w c:\program files\hidemyip.exe
2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-30 05:53 151,552 ----a-w c:\windows\system32\securenet.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-07-10 23:48 27,579,280 ----a-w c:\program files\zaAvSetup_70_483_000_en.exe
2008-07-06 20:52 214,430 ----a-w c:\program files\handytweakers.zip
2008-05-29 00:22 5,452,082 ----a-w c:\program files\K-Meleon1.1.5en-US.exe
2008-04-18 22:53 210,416 ----a-w c:\program files\zaavSetup_en.exe
2008-02-13 02:57 2,869,264 ----a-w c:\program files\dotNetFx35setup.exe
2008-01-12 22:09 21,216,112 ----a-w c:\program files\aaw2007.exe
2007-05-11 19:31 6,006,832 ----a-w c:\program files\Firefox Setup 2.0.0.3.exe
2007-04-09 21:51 900,168 ----a-w c:\program files\pi19299.exe
2007-04-03 20:23 454,381 ----a-w c:\program files\pipe.rar
2007-03-28 21:26 5,696,136 ----a-w c:\program files\R143248.EXE
2007-03-10 00:39 16,918,488 ----a-w c:\program files\SystemMechanic7.exe
2007-04-01 19:07 88 --sha-r c:\windows\system32\03C2D086F5.sys
2007-04-01 19:09 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-11-11_20.43.36.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 02:08:33 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-28 01:27:06 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-12 02:09:32 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-28 01:27:06 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-12 02:09:32 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-28 01:27:06 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-12 02:09:32 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-28 01:27:06 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-12 02:09:32 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-28 01:27:06 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-12 02:09:32 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-28 01:27:06 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-12 02:09:32 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-28 01:27:06 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-12 02:09:32 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-28 01:27:06 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-12 02:09:32 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-28 01:27:06 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-12 02:09:32 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-07 17:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-11-12 01:36:34 649,640 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-11-13 22:59:53 652,552 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-11-13 22:10:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3e8.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-06-24 303104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Back"= 2 (0x2)
"Btn_Forward"= 2 (0x2)
"Btn_Stop"= 2 (0x2)
"Btn_Refresh"= 2 (0x2)
"Btn_Home"= 2 (0x2)
"Btn_Search"= 2 (0x2)
"Btn_Favorites"= 2 (0x2)
"Btn_History"= 2 (0x2)
"Btn_Folders"= 2 (0x2)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Tools"= 2 (0x2)
"Btn_MailNews"= 2 (0x2)
"Btn_Size"= 2 (0x2)
"Btn_Print"= 2 (0x2)
"Btn_Edit"= 2 (0x2)
"Btn_Discussions"= 2 (0x2)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 2 (0x2)
"Btn_Paste"= 2 (0x2)
"Btn_Encoding"= 2 (0x2)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 04:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-06-06 22:05 98304 c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
--a------ 2006-07-10 18:30 294912 c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
--a------ 2006-06-20 08:37 286720 c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-16 22:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 21:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [2008-09-05 110880]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2006-06-05 24064]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSWAP.sys [2007-01-16 91496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296afdda-4e0a-11dd-88cc-001676baf5ec}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 18:04:37
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: c:\windows\system32\lsass.exe
-> c:\windows\system32\securenet.dll
.
Tempo para conclusão: 2008-11-13 18:08:45
ComboFix-quarantined-files.txt 2008-11-13 23:07:42
ComboFix2.txt 2008-11-12 01:44:56
ComboFix3.txt 2008-11-09 21:21:55

Pré-execução: 286,849,572,864 bytes free
Pós execução: 286,837,059,584 bytes free

257 --- E O F --- 2008-11-12 02:10:31

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:22 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F95549-09CA-48E7-B953-4E1A71AB9071}: NameServer = 209.84.253.11,209.84.253.12
O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021}
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5091 bytes

11-13-2008, 04:15 PM	#7 (permalink)
foreverhappy Registered User Join Date: Nov 2008 Posts: 5 OS: windowsXP	Re: I also have the "unsolicited browser pops" problem. Tks Tks. What's next? COMBO FIX ComboFix 08-11-12.01 - Butterfly 2008-11-13 18:01:21.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.1633 [GMT -5:00] Executando de: c:\documents and settings\Butterfly\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Butterfly\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: c:\windows\system32\uEKnmnmp.ini . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\RLUHVKKCYG c:\documents and settings\All Users\Application Data\RLUHVKKCYG\2265.Dat c:\documents and settings\All Users\Application Data\XRUHVKKCYG c:\documents and settings\All Users\Application Data\XRUHVKKCYG\2427.Dat c:\documents and settings\Butterfly\.housecall6.6\quarantine c:\temp\PRE45 c:\windows\system32\sX3i19 c:\windows\system32\uEKnmnmp.ini . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))) . 2008-11-11 20:18 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 20:18 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 18:55 . 2008-11-13 18:01 <DIR> d-------- c:\documents and settings\Butterfly\.housecall6.6 2008-11-09 17:50 . 2008-11-09 17:50 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-11-09 14:59 . 2008-11-09 15:00 3,043,976 -ra------ c:\program files\ComboFix.exe 2008-11-09 12:29 . 2008-11-09 12:31 <DIR> d-------- C:\rsit 2008-11-09 11:17 . 2008-11-09 11:56 250 --a------ c:\windows\gmer.ini 2008-11-09 09:57 . 2008-11-09 09:57 <DIR> d-------- c:\program files\gmer 2008-11-09 09:56 . 2008-11-09 09:57 747,873 --a------ c:\program files\gmer.zip 2008-11-09 09:48 . 2008-11-09 09:48 305,705 --a------ c:\program files\RSIT.exe 2008-11-09 09:21 . 2008-11-09 09:21 <DIR> d-------- c:\program files\Trend Micro 2008-11-08 18:24 . 2008-11-08 18:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-08 18:22 . 2008-11-08 18:23 19,153,264 --a------ c:\program files\aaw2008.exe 2008-11-08 16:24 . 2008-11-09 11:06 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-08 16:24 . 2008-11-09 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 16:02 . 2008-11-08 16:19 7,478,208 --a------ c:\program files\windows-kb890830-v2.3.exe 2008-11-08 11:05 . 2006-06-20 08:40 692,224 --a------ c:\windows\system32\lxctdrs.dll 2008-11-08 11:05 . 2006-07-11 13:54 335,872 --a------ c:\windows\system32\lxctcoin.dll 2008-11-08 11:05 . 2006-05-18 06:01 65,536 --a------ c:\windows\system32\lxctcaps.dll 2008-11-08 11:05 . 2006-05-03 09:31 61,440 --a------ c:\windows\system32\lxctcnv4.dll 2008-11-08 11:05 . 2005-06-23 21:37 40,960 --a------ c:\windows\system32\lxctvs.dll 2008-11-08 11:04 . 2006-07-10 18:34 40,960 --a------ c:\windows\system32\lxctpmon.dll 2008-11-08 11:04 . 2006-07-10 18:34 32,768 --a------ c:\windows\system32\LXCTFXPU.DLL 2008-11-08 11:04 . 2006-07-10 18:36 12,288 --a------ c:\windows\system32\lxctpmrc.dll 2008-11-08 11:02 . 2008-11-08 11:05 <DIR> d-------- c:\program files\Lexmark 5400 Series 2008-11-08 08:00 . 2008-10-09 14:25 1,221,008 --a------ c:\windows\system32\zpeng25.dll 2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\scripting 2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\en 2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\system32\bits 2008-11-08 07:50 . 2008-11-08 07:50 <DIR> d-------- c:\windows\l2schemas 2008-11-08 07:48 . 2008-11-08 07:50 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-02 14:03 . 2008-11-02 14:03 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-02 14:03 . 2008-11-02 14:03 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-27 17:55 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys 2008-10-27 17:51 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-27 17:51 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-27 17:51 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-27 17:51 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-27 17:51 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2008-10-27 17:46 . 2008-05-01 09:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll 2008-10-27 17:45 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll 2008-10-27 17:43 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 20:16 . 2008-11-13 08:22 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-22 20:16 . 2008-10-22 20:16 1,409 --a------ c:\windows\QTFont.for . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-13 23:04 178,330,912 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-13 15:19 2,365,076 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-13 02:16 --------- d-----w c:\program files\BadgeHelp 2008-11-12 00:26 --------- d-----w c:\program files\Lx_cats 2008-11-08 23:24 --------- d-----w c:\program files\Lavasoft 2008-11-08 22:56 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-08 16:03 --------- d-----w c:\program files\Lexmark Toolbar 2008-11-02 19:03 --------- d-----w c:\program files\Java 2008-10-30 12:07 --------- d-----w c:\program files\NetExchange Pro3.0 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-20 03:11 387 ----a-w C:\Board.Dat 2008-10-09 19:25 73,104 ----a-w c:\windows\zllsputility.exe 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-10-02 00:03 --------- d-----w c:\program files\activePDF 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-27 16:11 --------- d-----w c:\program files\FinePixViewer 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-06 21:30 1,201,351 ----a-w c:\program files\hidemyip.exe 2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll 2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-30 05:53 151,552 ----a-w c:\windows\system32\securenet.dll 2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-07-10 23:48 27,579,280 ----a-w c:\program files\zaAvSetup_70_483_000_en.exe 2008-07-06 20:52 214,430 ----a-w c:\program files\handytweakers.zip 2008-05-29 00:22 5,452,082 ----a-w c:\program files\K-Meleon1.1.5en-US.exe 2008-04-18 22:53 210,416 ----a-w c:\program files\zaavSetup_en.exe 2008-02-13 02:57 2,869,264 ----a-w c:\program files\dotNetFx35setup.exe 2008-01-12 22:09 21,216,112 ----a-w c:\program files\aaw2007.exe 2007-05-11 19:31 6,006,832 ----a-w c:\program files\Firefox Setup 2.0.0.3.exe 2007-04-09 21:51 900,168 ----a-w c:\program files\pi19299.exe 2007-04-03 20:23 454,381 ----a-w c:\program files\pipe.rar 2007-03-28 21:26 5,696,136 ----a-w c:\program files\R143248.EXE 2007-03-10 00:39 16,918,488 ----a-w c:\program files\SystemMechanic7.exe 2007-04-01 19:07 88 --sha-r c:\windows\system32\03C2D086F5.sys 2007-04-01 19:09 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot_2008-11-11_20.43.36.82 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-11-12 02:08:33 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-10-28 01:27:06 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-11-12 02:09:32 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-10-28 01:27:06 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-11-12 02:09:32 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-10-28 01:27:06 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-11-12 02:09:32 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-10-28 01:27:06 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-11-12 02:09:32 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-10-28 01:27:06 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-11-12 02:09:32 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-10-28 01:27:06 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-11-12 02:09:32 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-10-28 01:27:06 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-11-12 02:09:32 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-10-28 01:27:06 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-11-12 02:09:32 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-10-28 01:27:06 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-11-12 02:09:32 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-10-07 17:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll + 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll - 2008-11-12 01:36:34 649,640 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat + 2008-11-13 22:59:53 652,552 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat + 2008-11-13 22:10:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3e8.dat + 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . Nota entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-06-24 303104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"= 1 (0x1) "Btn_Back"= 2 (0x2) "Btn_Forward"= 2 (0x2) "Btn_Stop"= 2 (0x2) "Btn_Refresh"= 2 (0x2) "Btn_Home"= 2 (0x2) "Btn_Search"= 2 (0x2) "Btn_Favorites"= 2 (0x2) "Btn_History"= 2 (0x2) "Btn_Folders"= 2 (0x2) "Btn_Fullscreen"= 2 (0x2) "Btn_Tools"= 2 (0x2) "Btn_MailNews"= 2 (0x2) "Btn_Size"= 2 (0x2) "Btn_Print"= 2 (0x2) "Btn_Edit"= 2 (0x2) "Btn_Discussions"= 2 (0x2) "Btn_Cut"= 2 (0x2) "Btn_Copy"= 2 (0x2) "Btn_Paste"= 2 (0x2) "Btn_Encoding"= 2 (0x2) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2006-08-28 22:57 395776 c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-11-01 04:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2006-06-06 22:05 98304 c:\program files\Lexmark 5400 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-07-27 17:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-07-27 17:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server] --a------ 2006-07-10 18:30 294912 c:\program files\Lexmark 5400 Series\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe] --a------ 2006-06-20 08:37 286720 c:\program files\Lexmark 5400 Series\lxctmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2001-08-16 22:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --------- 2003-09-10 03:24 20480 c:\program files\NetWaiting\netwaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] --------- 2002-02-04 21:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxctcoms.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120] R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [2008-09-05 110880] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664] S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2006-06-05 24064] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSWAP.sys [2007-01-16 91496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296afdda-4e0a-11dd-88cc-001676baf5ec}] \Shell\AutoRun\command - F:\autorun.exe \Shell\phone\command - F:\autorun.exe . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-13 18:04:37 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... ************************************************************************ . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- PROCESSOS: c:\windows\system32\lsass.exe -> c:\windows\system32\securenet.dll . Tempo para conclusão: 2008-11-13 18:08:45 ComboFix-quarantined-files.txt 2008-11-13 23:07:42 ComboFix2.txt 2008-11-12 01:44:56 ComboFix3.txt 2008-11-09 21:21:55 Pré-execução: 286,849,572,864 bytes free Pós execução: 286,837,059,584 bytes free 257 --- E O F --- 2008-11-12 02:10:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ HT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:09:22 PM, on 11/13/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxctcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Hide My IP 2008\SecureSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79F95549-09CA-48E7-B953-4E1A71AB9071}: NameServer = 209.84.253.11,209.84.253.12 O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5091 bytes