See below ... file 80x26.exe (25.600 bytes) is infected by Virut but nothing is reported
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:32:52, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Arquivos de programas\Comodo\Firewall\CPF.exe
G:\ARQUIV~1\Comodo\CBOClean\BOC425.exe
G:\WINDOWS\system32\taskswitch.exe
G:\WINDOWS\system32\pctspk.exe
G:\Arquivos de programas\Comodo\Comodo AntiVirus\CMain.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
G:\Arquivos de programas\Messenger\msmsgs.exe
G:\Arquivos de programas\Comodo\CBOClean\BOCORE.exe
G:\Arquivos de programas\Comodo\Firewall\cmdagent.exe
G:\Arquivos de programas\Comodo\common\CAVASpy\cavasm.exe
G:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
G:\WINDOWS\system32\svchost.exe
G:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe
G:\Arquivos de programas\Comodo\Comodo AntiVirus\Cavaud.exe
G:\Arquivos de programas\MSN Messenger\msnmsgr.exe
G:\totalcmd\TOTALCMD.EXE
G:\Arquivos de programas\MSN Messenger\usnsvc.exe
G:\Arquivos de programas\Mozilla Firefox\firefox.exe
G:\Arquivos de programas\Skype\Phone\Skype.exe
G:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
G:\Arquivos de programas\Mass Downloader\massdown.exe
G:\Documents and Settings\Arthur\Desktop\Virut\80x26.exe
H:\_dad\hijackthis\hijackthis.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - G:\ARQUIV~1\MASSDO~1\MDHELPER.DLL
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] G:\ARQUIV~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [VEngine] G:\Arquivos de programas\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] G:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] G:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CoolSwitch] G:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "G:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [cnfgCav] "G:\Arquivos de programas\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "G:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] G:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar &tudo com o Mass Downloader - G:\Arquivos de programas\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Baixar com o &Mass Downloader - G:\Arquivos de programas\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - G:\Arquivos de programas\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - G:\Arquivos de programas\Mass Downloader\massdown.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: [at]xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&
http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{70E4A2C3-10DA-4741-8F57-577DF0E5EFD7}: NameServer = 192.168.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: monln - G:\WINDOWS\SYSTEM32\monln.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - G:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: BOCore - COMODO - G:\Arquivos de programas\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Arquivos de programas\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - G:\Arquivos de programas\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - G:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - G:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - G:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Unknown owner - G:\Arquivos de programas\UPHClean\uphclean.exe (file missing)
O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - G:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 6255 bytes
Author