- Miscellany
- Sunday, January 6th, 2008 at 4:39:11pm MST
- Logfile of Trend Micro HijackThis v2.0.2
- Scan saved at 21:37:44, on 6/1/2008
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- MSIE: Internet Explorer v7.00 (7.00.6000.16544)
- Boot mode: Normal
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\csrss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\Explorer.EXE
- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
- C:\Arquivos de programas\Logicool\Qcam10\QCam10.exe
- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
- C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
- C:\WINDOWS\system32\ctfmon.exe
- c:\arquivos de programas\arquivos comuns\logicool\lvmvfm\LVPrcSrv.exe
- C:\Arquivos de programas\Arquivos comuns\Logicool\LComMgr\Communications_Helper.exe
- C:\Arquivos de programas\Arquivos comuns\Logicool\LComMgr\LVComSX.exe
- C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
- C:\Arquivos de programas\GbPlugin\GbpSv.exe
- C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
- C:\WINDOWS\system32\svchost.exe
- C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
- C:\Arquivos de programas\Windows Media Player\wmplayer.exe
- C:\WINDOWS\System32\alg.exe
- C:\Arquivos de programas\Logicool\Qcam10\COCIManager.exe
- C:\WINDOWS\system32\INTERNAT.EXE
- C:\WINDOWS\System32\svchost.exe
- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
- C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
- C:\WINDOWS\system32\wbem\wmiprvse.exe
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
- O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
- O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
- O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
- O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Logicool\Qcam10\QCam10.exe" /hide
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
- O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
- O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
- O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
- O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
- O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
- O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
- O15 - Trusted Zone: http://jogos.msn.com.br
- O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} - http://200.212.184.212/g_bin/eng/boards_2_0_0_34.cab
- O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
- O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
- O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/gamehouse/luxor_ar/mjolauncher.cab
- O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/eng/poker_2_0_0_49.cab
- O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab
- O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
- O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - http://200.212.184.212/g_bin/eng/marbles_2_0_0_32.cab
- O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
- O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
- O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
- O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/zuma/popcaploader.cab
- O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
- O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.atrativa.com.br/Sweetopia.1.0.0.20.cab
- O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logicool\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
- O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
- O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
- O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
- O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
- O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
- O23 - Service: CaCCProvSP - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe
- O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
- O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
- O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Arquivos de programas\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
- O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logicool Inc. - c:\arquivos de programas\arquivos comuns\logicool\lvmvfm\LVPrcSrv.exe
- O23 - Service: LVSrvLauncher - Logicool Inc. - C:\Arquivos de programas\Arquivos comuns\Logicool\SrvLnch\SrvLnch.exe
- O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
- O23 - Service: PPCtlPriv - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
- O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
- --
- End of file - 9227 bytes
advertising
Update the Post
Either update this post and resubmit it with changes, or make a new post.
You may also comment on this post.
Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.
