Blue Zee
mais uma vez obrigado pela sua disponibilidade
aqui esta o novo log
no entanto no item 08 noto ainda este webcloner
ao qual nao tenho nada disso instalado e muito menos
configurado para o Dir E:/ ( deve ser fixed não??)
outra coisa que agora notei ao comparar os logs é no item 017
que sao os IP do meu DNS; os que estao a vermelho
sao do DNS da netcabo aos quais ja os retirei por duas vezes
e continuam sempre a aparecer
seram eles a forçarem a que eu utilize os seus DNSs??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:01, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\system
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Comodo\CBOClean\BOCORE.exe
C:\Programas\cFosSpeed\spd.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\Programas\Comodo\common\CAVASpy\cavasm.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\COMODO\SafeSurf\cssurf.exe
C:\Programas\COMODO\Firewall\cfp.exe
C:\Programas\Comodo\Comodo AntiVirus\CMain.exe
C:\Programas\Comodo\AntiSpam\CAS32.exe
C:\Programas\Comodo\LaunchPad\CLPTray.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Comodo\VEngine\VEngine.exe
C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Comodo\i-Vault\i-Vault.exe
C:\Programas\PeerGuardian2\pg2.exe
C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Programas\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\Programas\Maxthon2\Maxthon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Programas\Comodo\i-Vault\i-Vault.dll (filesize 16896 bytes, MD5 661A7E57EC1DADEB6013F74D52B7EE42)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (filesize 2212224 bytes, MD5 32C4927E013C018A13D8DFBDA4148812)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll (filesize 320920 bytes, MD5 35E6FB6E6003BD54A5D69C9C1C762192)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 322368 bytes, MD5 E43F7CFDEE2B00A22C96C168147B20D3)
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Programas\Comodo\VEngine\VEngineIE.dll (filesize 1511168 bytes, MD5 AE4E5960941D4A5BEEFB3B1BE48DB64A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (filesize 34816 bytes, MD5 5D57FD3DF32DC69CEC3D1D54B4C43162)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 F68EDAFE003F2B3523C0742CD3B8D673)
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -s (filesize 278264 bytes, MD5 9263A3529C1C64407C241551B237AFF9)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -h (filesize 1797880 bytes, MD5 818D100BAB6B5ACB8D1EA28F08AF47CB)
O4 - HKLM\..\Run: [cnfgCav] "C:\Programas\Comodo\Comodo AntiVirus\CMain.exe" (filesize 110592 bytes, MD5 093BA8FC9966145916C718C2B204B717)
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Programas\Comodo\AntiSpam\CAS32.exe" -q (filesize 1470464 bytes, MD5 E51ABC99FE9BFBD5200A4DF72B62B0CD)
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Programas\Comodo\LaunchPad\CLPGuiApp.exeC:\Programas\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Programas\Comodo\LaunchPad\CLPTray.exeC:\Programas\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exeC:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install (filesize 1626112 bytes, MD5 C6B1971E12A35FB69D64D01B915E1AA1)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe" (filesize 136600 bytes, MD5 B98FFA8288EFAABC436C30D198608345)
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Programas\OpenDNS Updater\OpenDNS Updater.exe" (filesize 316416 bytes, MD5 5A02F6E7D66EEDA92A0AC6F9EE5CD8D2)
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exeC:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe (filesize 180224 bytes, MD5 543C17E4CD2BA0502D8B2E7D4E592506)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (filesize 77824 bytes, MD5 FBEF9F9C97B6B93E2041E65D3CD81C9C)
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (filesize 33280 bytes, MD5 C6DEB2EE4C46C4DC725D65836244F3F9)
O4 - HKLM\..\Run: [VEngine] C:\Programas\Comodo\VEngine\VEngine.exeC:\Programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [TrojanScanner] "C:\Programas\Trojan Remover\Trjscan.exe" (filesize 300112 bytes, MD5 A84CABA53156A8A64590AC21F2BD2573)
O4 - HKLM\..\Run: [WindowsTranslator] C:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe
O4 - HKLM\..\Run: [WindowsTranslator_Espanhol] C:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exeC:\PROGRA~1\MICROP~1\DELTAT~1\DWinTrsl.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray (filesize 4865600 bytes, MD5 947DB969EC2B4A57DC82084E9E635D4F)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i-Vault] C:\Programas\Comodo\i-Vault\i-Vault.exeC:\Programas\Comodo\i-Vault\i-Vault.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (filesize 222592 bytes, MD5 EDDB8E76D3EEE9D2F1EBD5D40F8850B1)
O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exeC:\Programas\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (filesize 1591808 bytes, MD5 667F078955A93FE382F74D5F109DFE31)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: - Download &this page with WebCloner - E:\WebCloner Pro 2.6\addthis.htm
O8 - Extra context menu item: - Download all &images with WebCloner - E:\WebCloner Pro 2.6\addimg.htm
O8 - Extra context menu item: - Download all &links with WebCloner - E:\WebCloner Pro 2.6\addurl.htm
O8 - Extra context menu item: - Download selected links with WebCloner - E:\WebCloner Pro 2.6\addsellinks.htm
O8 - Extra context menu item: Download selected images with WebCloner - E:\WebCloner Pro 2.6\addselimgs.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 606288 bytes, MD5 5C044EF0F7D2DD81A45348106AD58152)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 396A4A2DCB4AEC494CA1C0DD7D4165F8)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 B46FEEF1656A2B6BCA6211E0CBECFCF1)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69500B8A-8BCF-4242-876F-12EC1936335E}: NameServer = 208.67.220.220,
212.113.164.56,208.67.222.222,
212.113.164.55,212.113.164.48,212.113.164.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (filesize 224128 bytes, MD5 C48CBBD38D7FBB0E86F4364062EBC66E)
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dllC:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - monln.dll (file missing)
O23 - Service: BOCore - COMODO - C:\Programas\Comodo\CBOClean\BOCORE.exeC:\Programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exeC:\Programas\cFosSpeed\spd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Programas\Comodo\common\CAVASpy\cavasm.exeC:\Programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeC:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exeC:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12942 bytes