FredAsterr
-
Total de itens
0 -
Registro em
-
Última visita
Posts postados por FredAsterr
-
-
Logfile of HijackThis v1.99.1
Scan saved at 14:16:59, on 23-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Microsoft IntelliType Pro\type32.exe
C:\Programas\Microsoft IntelliPoint\point32.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\Samsung\SmarThru\PORTCTRL.EXE
C:\Programas\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Shareaza\Shareaza.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programas\GetRight\getright.exe
C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe
C:\Programas\GetRight\getright.exe
C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 194.79.73.118 pombaldir.com
O1 - Hosts: 194.79.73.118 www.pombaldir.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"
O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat
O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
SmitFraudFix v2.133
Scan done at 14:13:45,07, 23-01-2007
Run from C:\Documents and Settings\Administrador\Ambiente de trabalho\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Incident Status Location
Adware:adware/beehappyy Not disinfected c:\windows\system32\z14.exe
Adware:adware/spysheriff Not disinfected C:\Documents and Settings\Posto_3\Menu Iniciar\Programas\SpySheriff
Adware:adware/alexa-toolbar Not disinfected c:\programas\Alexa Toolbar
Virus:Bck/mIRCBased.X Not disinfected C:\Documentos joana\Programas\scoop2004.exe[mirc.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ad.yieldmanager[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@centrport[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@doubleclick[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@fastclick[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@ilead.itrack[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@mediaplex[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@revenue[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@stats1.reliablestats[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@winfixer[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@www.errorsafe[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compt_1\Cookies\compt_1@zedo[2].txt
Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\Posto_3\Ambiente de trabalho\Fred\Prog\ Sothink SWF Decompiler MX 2005 + crack\swfdec\data1.cab[MySetp.exe]
Dialer:Dialer.IQK Not disinfected C:\Documents and Settings\Posto_3\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ActiveXComponent.class-2cd8806b-19215ca8.class
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@888[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bannerlandia.com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@casalemedia[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@centrport[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cgi-bin[3].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter.hitslink[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@counter9.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@cs.sexcounter[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@de.uol.com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg-ati.hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ehg.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fastclick[2].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@fl01.ct2.comclick[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hitbox[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@hotlog[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@ig.com[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@int.sitestat[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@landing.domainsponsor[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@serving-sys[2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sexlist[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@sextracker[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@spylog[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@statse.webtrendslive[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@terra.com[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@uol.com[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@valueclick[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@weborama[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www2.addfreestats[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@www6.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Posto_3\Cookies\posto_3@zedo[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@ad.yieldmanager[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@adtech[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@bravenet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@fastclick[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@landing.domainsponsor[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@media.fastclick[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@revenue[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Cookies\posto_3@spylog[1].txt
Virus:Trj/Downloader.KWU Disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\dkrendis.tmp
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Posto_3\Definições locais\Temp\Ficheiros temporários da Internet\Content.IE5\CPEFSH67\free[1].anr
Adware:Adware/Alexa-Toolbar Not disinfected C:\Downloads\AlexaInstaller.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur000.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur001.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur002.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\heur003.dll
Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\IESecurity.dll
Adware:Adware/SpywareNo Not disinfected C:\Program Files\SpySheriff\ProcMon.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\SpySheriff.exe
Adware:Adware/Spytrooper Not disinfected C:\Program Files\SpySheriff\Uninstall.exe
Adware:Adware/Alexa-Toolbar Not disinfected C:\Programas\Alexa Toolbar\uninstall.exe
Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\system32\msdtkysx.dll
Virus:Trj/Jupillites.P Disinfected C:\WINDOWS\thunderbird.exe
Virus:W32/Mytob.DR.worm Disinfected Pastas locais\A receber\Your Email Account is Suspended For Security Reasons\email-doc.zip[email-doc.txt .pif]
-
Sim é de um screensaver da superbook... pK?
poderá esta aí o virus????
-
Logfile of HijackThis v1.99.1
Scan saved at 11:37:17, on 17-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Microsoft IntelliType Pro\type32.exe
C:\Programas\Microsoft IntelliPoint\point32.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\Samsung\SmarThru\PORTCTRL.EXE
C:\Programas\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programas\GetRight\getright.exe
C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe
C:\Programas\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 194.79.73.118 pombaldir.com
O1 - Hosts: 194.79.73.118 www.pombaldir.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programas\GetRight\xx2gr.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Programas\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [GW Port Controller] C:\Programas\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"
O4 - HKLM\..\Run: [sbad] C:\SuperBock\ActiveDesktop\restart.bat
O4 - HKLM\..\Run: [FlashSaver] C:\PROGRA~1\FLASHS~1.0\FlashSaver.exe -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVWks50] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programas\GetRight\getright.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Busca - res://C:\Programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.MSN.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.pt/static/download/pixacodndupload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.MSN.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.MSN.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.MSN.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0154046C-BDB2-4F9F-A8A8-DD826FAAF2EC}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
-
-
acho k não ... Pk k diz isso?
-
LOG
Logfile of HijackThis v1.99.1
Scan saved at 14:56:12, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
[resolvido] Log Do Hijackthis
em Casos Resolvidos
Postado
ok ... muito obrigado ... :D