FredAsterr

ok ... muito obrigado ... :D

Logfile of HijackThis v1.99.1 Scan saved at 14:16:59, on 23-01-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Programas\Analog Devices\SoundMAX\SMAgent.exe C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programas\Microsoft IntelliType Pro\type32.exe C:\Programas\Microsoft IntelliPoint\point32.exe C:\Programas\Java\jre1.5.0_10\bin\jusched.exe C:\Programas\Samsung\SmarThru\PORTCTRL.EXE C:\Programas\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE C:\Programas\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Shareaza\Shareaza.exe C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programas\GetRight\getright.exe C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe C:\Programas\GetRight\getright.exe C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe C:\Programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O1 - Hosts: 194.79.73.118 pombaldir.com O1 - Hosts: 194.79.73.118 www.pombaldir.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe SmitFraudFix v2.133 Scan done at 14:13:45,07, 23-01-2007 Run from C:\Documents and Settings\Administrador\Ambiente de trabalho\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

Incident Status Location Adware:adware/beehappyy Not disinfected c:\windows\system32\z14.exe Adware:adware/spysheriff Not disinfected C:\Documents and Settings\Posto_3\Menu Iniciar\Programas\SpySheriff Adware:adware/alexa-toolbar Not disinfected c:\programas\Alexa Toolbar Virus:Bck/mIRCBased.X Not disinfected C:\Documentos joana\Programas\scoop2004.exe[mirc.exe] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ad.yieldmanager[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adtech[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adultfriendfinder[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@atdmt[2].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@centrport[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@data.coremetrics[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@doubleclick[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@fastclick[2].txt Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ilead.itrack[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@media.fastclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@mediaplex[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@revenue[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@stats1.reliablestats[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@tribalfusion[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@winfixer[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@www.errorsafe[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@zedo[2].txt Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\Posto_3\Ambiente de trabalho\Fred\Prog\ Sothink SWF Decompiler MX 2005 + crack\swfdec\data1.cab[MySetp.exe] Dialer:Dialer.IQK Not disinfected C:\Documents and Settings\Posto_3\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ActiveXComponent.class-2cd8806b-19215ca8.class Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@2o7[2].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@888[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adtech[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adultfriendfinder[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@apmebf[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-eu.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-us.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as1.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bannerlandia.com[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@belnk[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bfast[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bluestreak[2].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bravenet[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bs.serving-sys[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@casalemedia[2].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@centrport[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cgi-bin[3].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@com[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter.hitslink[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter9.sextracker[1].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cs.sexcounter[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@de.uol.com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg-ati.hitbox[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg.hitbox[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fastclick[2].txt Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fl01.ct2.comclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@google.com[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hitbox[2].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hotlog[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ig.com[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[2].txt Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@landing.domainsponsor[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@media.adrevolver[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@perf.overture[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@realmedia[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@revenue[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@searchportal.information[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@serving-sys[2].txt Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sexlist[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sextracker[2].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@spylog[1].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@stat.onestat[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statse.webtrendslive[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@terra.com[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tradedoubler[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tribalfusion[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@uol.com[1].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@valueclick[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@weborama[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www2.addfreestats[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www6.addfreestats[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@xiti[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@yadro[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@zedo[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@ad.yieldmanager[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@adtech[2].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@bravenet[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@fastclick[1].txt Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@landing.domainsponsor[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@media.fastclick[2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@revenue[2].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@spylog[1].txt Virus:Trj/Downloader.KWU Disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\dkrendis.tmp Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Ficheiros temporários da Internet\Content.IE5\CPEFSH67\free[1].anr Adware:Adware/Alexa-Toolbar Not disinfected C:\Downloads\AlexaInstaller.exe Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur000.dll Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur001.dll Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur002.dll Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur003.dll Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\IESecurity.dll Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\ProcMon.dll Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\SpySheriff.exe Adware:Adware/Spytrooper Not disinfected C:\Program Files\SpySheriff\Uninstall.exe Adware:Adware/Alexa-Toolbar Not disinfected C:\Programas\Alexa Toolbar\uninstall.exe Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\system32\msdtkysx.dll Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\thunderbird.exe Virus:W32/Mytob.DR.worm Disinfected Pastas locais\A receber\Your Email Account is Suspended For Security Reasons\email-doc.zip[email-doc.txt .pif]

Sim é de um screensaver da superbook... pK? poderá esta aí o virus????

Logfile of HijackThis v1.99.1 Scan saved at 11:37:17, on 17-01-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programas\Microsoft IntelliType Pro\type32.exe C:\Programas\Microsoft IntelliPoint\point32.exe C:\Programas\Java\jre1.5.0_10\bin\jusched.exe C:\Programas\Samsung\SmarThru\PORTCTRL.EXE C:\Programas\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programas\QuickTime\qttask.exe C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programas\GetRight\getright.exe C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe C:\Programas\GetRight\getright.exe C:\WINDOWS\System32\svchost.exe C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe C:\Programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O1 - Hosts: 194.79.73.118 pombaldir.com O1 - Hosts: 194.79.73.118 www.pombaldir.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222 O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

acho k não ... Pk k diz isso?

LOG Logfile of HijackThis v1.99.1 Scan saved at 14:56:12, on 15-01-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RunDLL32.EXE C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)