Thanks
Logfile of HijackThis v1.97.7
Scan saved at 0:46:18, on 15-04-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\GEARSEC.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Programas\Minolta\PageScope Net Care\JavaService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programas\QuickTime\qttask.exe
C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\WINNT\kdx\KHost.exe
C:\WINNT\system32\sysdll.exe
C:\Programas\Ficheiros comuns\CMEII\CMESys.exe
C:\WINNT\system32\rundll32.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programas\SETI@home\[email protected]
C:\PROGRA~1\WEATHE~1\Weather.exe
C:\Programas\Netscape\Netscape\Netscp.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programas\Gator.com\Gator\Gator.exe
C:\Programas\PrecisionTime\PrecisionTime.exe
C:\Programas\Ficheiros comuns\GMT\GMT.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\COPERN~1\COPERN~1.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rafael Sousa\Ambiente de trabalho\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programas\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc.../www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.122.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: mags more - {DB4A9E6A-771A-AC42-C081-7468D895654E} - C:\PROGRA~1\ACIDDR~1\one bags.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Face Stop] C:\PROGRA~1\IDLEBE~1\NURBLOVEPLUS.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [System DLL Resources] C:\WINNT\system32\sysdll.exe
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programas\Ficheiros comuns\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [SpyBlocker] C:\Programas\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [Configuration Loader] cygwin32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [seticlient] C:\Programas\SETI@home\[email protected] -min
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programas\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Programas\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Programas\Ficheiros comuns\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programas\PrecisionTime\PrecisionTime.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Programas\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Programas\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programas\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programas\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Inicio (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower....ler/A091AEM.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenido.../ruboskizo2.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7712.5569444444
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com...tivex/euras.CAB
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsorad...sWebTelecom.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab