Logfile of HijackThis v1.99.1
Scan saved at 15:24:47, on 2006-04-18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Windows\IA\command.exe
C:\Windows\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NALNTSRV.EXE
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\wm.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Windows\System32\WMRUNDLL.EXE
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Windows\System32\PROMon.exe
C:\Windows\System32\NALDESK.EXE
C:\Windows\System32\dpmw32.exe
C:\Windows\System32\NWTRAY.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad10.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Windows\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ICROSO~1\chkdsk.exe
C:\Program Files\Common Files\??crosoft\??plorer.exe
C:\NOVELL\GroupWise\Notify.exe
C:\Program Files\COWON\Jet-MailMonitor\JetMM.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
c:\windows\mousepad12.exe
C:\CCProxy\CCProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\LAFERR~1\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portalfap.emfa.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...DT/0409/bl7.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NDPS] C:\Windows\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard12.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad12.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname12.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [w4f63cd8.dll] RUNDLL32.EXE w4f63cd8.dll,I2 0002f00804f63cd8
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Lerm] "C:\PROGRA~1\COMMON~1\ICROSO~1\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Mplz] C:\Program Files\Common Files\??crosoft\??plorer.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\Notify.exe
O4 - Global Startup: Jet-MailMonitor.lnk = C:\Program Files\COWON\Jet-MailMonitor\JetMM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O8 - Extra context menu item: &Pesquisa do Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantâneo da página em cache - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Links para esta página - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Páginas semelhantes - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://home.emfa.pt
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - https://europe.samsu...M_ClientEXE.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload185a.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Windows\msxml4.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotb...ams/hbtools.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsun...UniSSOCheck.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsun...ctiveXSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65F8BA8E-9EAB-4B0F-82BB-1B50DD597EEB}: Domain = emfa.pt
O20 - Winlogon Notify: BITS - C:\Windows\system32\jt4607hse.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SideBySide - C:\Windows\system32\lt4027hmg.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\Windows\IA\command.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\Windows\System32\cusrvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\Windows\SYSTEM32\DWRCS.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Windows\System32\NALNTSRV.EXE
O23 - Service: VeriSign Updater (navi) - Unknown owner - C:\Program Files\VeriSign\NAVI\naviagent.exe" uimode=agentupdate (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\Windows\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe