Log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:42:38, on 17/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\cba\pds.exe
D:\ARQUIV~1\Symantec\SYMANT~1\NSCTOP.EXE
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ams_ii\iao.exe
D:\WINDOWS\system32\MsgSys.EXE
D:\WINDOWS\system32\cba\xfr.exe
D:\WINDOWS\system32\ams_ii\hndlrsvc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
D:\Documents and Settings\administrator\Menu Iniciar\Programas\Inicializar\stickit.exe
D:\WINDOWS\system32\msiexec.exe
D:\Arquivos de programas\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\Rundll32.exe
E:\My Documents\Programas\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - D:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - D:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinVNC] "D:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ClientCR] "D:\WINDOWS\system32\ConRemo.exe" -servicehelper
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{02-2A-AD-D6-ZN}] d:\windows\system32\lmdsrngl.exe P2D002
O4 - HKLM\..\Run: [adstart] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "D:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [K-Lite Nitro BETA] D:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide
O4 - HKCU\..\Run: [BitTorrent] "D:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [K-Lite Nitro] D:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: stickit.exe
O4 - Startup: TA_Start.lnk = D:\WINDOWS\system32\dwdsrngt.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted IP range:
http://10.0.0.15
O16 - DPF: {00000014-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms14 Class) -
https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall14.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) -
https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} -
http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) -
https://bradesconetempresa.com.br/pj/CA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDA3C4AB-B1B5-47B7-B6D1-B27858413B53} (Tap7remotex Control) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
http://200.212.184.212/g_bin/eng/snooker_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6573176-AC35-441E-8716-7999729E1930}: NameServer = 10.0.0.13,10.0.0.10
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - D:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - D:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - D:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - D:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - D:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - D:\WINDOWS\system32\cba\pds.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Serviço de descoberta do Symantec System Center (NSCTOP) - Symantec Corporation - D:\ARQUIV~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: VNC Server (winvnc) - UltraVNC - D:\Arquivos de programas\UltraVNC\WinVNC.exe
--
End of file - 8410 bytes