Ajuda com o log do Hijackthis!

Demon_Hunter

Demon_Hunter

Suspenso
Boas pessoal! Eu fiz aqui um scan com o hijackthis e guardei o log. Mas como n percebo nada disto queria pedirvos ajuda no que devo fazer "fix" e no que não devo! Vou colar aqui:
Logfile of HijackThis v1.99.1
Scan saved at 19:31:12, on 01-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
c:\programas\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\mcafee.com\vso\mcvsshld.exe
c:\programas\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programas\DAEMON Tools Lite\daemon.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
D:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
C:\Programas\WLAN\GConfig\GConfig.exe
D:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programas\iTunes\iTunes.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\distnoted.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antonio\Ambiente de trabalho\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {a1e51063-b46b-201a-5444-02d21ad705f3} - {3f507da1-2d20-4445-a102-b64b36015e1a} - C:\WINDOWS\system32\wwmfghml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddccyxv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9536FA07-A280-4208-AC10-373AD6983714} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {ED42BB8C-8C09-408A-A6D0-49B17A1B194D} - C:\WINDOWS\system32\ddabb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programas\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programas\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Programas\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dc2260a9] rundll32.exe "C:\WINDOWS\system32\dmmyycru.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMdf115335] Rundll32.exe "C:\WINDOWS\system32\kukbyrlt.dll",s
O4 - HKCU\..\Run: [Steam] "c:\programas\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programas\Octoshape Streaming Services\Antonio\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = D:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GConfig.lnk = C:\Programas\WLAN\GConfig\GConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programas\CarbonPoker\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by144fd.bay144.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFC32ED-E264-47EB-A3A8-D6D0884574E8}: NameServer = 194.65.100.117,194.65.3.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ddccyxv - C:\WINDOWS\SYSTEM32\ddccyxv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Programas\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

Eu não sei se os running processes importa mas colei na mesma para ter a certeza que está tudo! Agradecia ajuda o mais rápido possível ( o PC está meio maluco). Abraço
 
C:\WINDOWS\system32\IoctlSvc.exe

Este processo há uns tempos apareceu-me no computador e não faz parte dos serviços do windows, portanto se o desactivares/eliminares não terás qualquer problema. Até me lembra de ver mais coisas sobre isto.

Supostamente está relacionado com esta empresa - Prolific Technology Inc.
Dei uma vista de olhos na altura e não tenho nada no computador que justificasse a sua presença. Na altura até só desactivei, o que me lembra para eliminar.

Esta entrada - O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddccyxv.dll

Esta podes eliminar não prejudicial, mas é desnecessária O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

É tudo o que vejo que possas eliminar. Alguém dirá mais alguma coisa por cero, caso haja algo mais a eliminar.
 
que "belo" conjunto de tralha que tens por aí....
mcafee e agv? juntos? a fazer o quê?
google toolbar? para quê?

posta o teu log em www.hijackthis.de, faz analyze e marca as caixas que correspondem às linhas com ??? ou XXX....
e decide-te. elimina um dos antivírus!
depois, desactiva o restauro de sistema, instala e corre o ccleaner e limpa essa marmelada....
 
O4 - HKLM\..\Run: [BMdf115335] Rundll32.exe "C:\WINDOWS\system32\kukbyrlt.dll"

O4 - HKLM\..\Run: [dc2260a9] rundll32.exe "C:\WINDOWS\system32\dmmyycru.dll"

Como sempre convém fazer um ponto de restauro do sistema para qualquer eventualidade.

O2 - BHO: (no name) - {9536FA07-A280-4208-AC10-373AD6983714} - C:\WINDOWS\system32\ssqpp.dll (file missing)

O2 - BHO: (no name) - {ED42BB8C-8C09-408A-A6D0-49B17A1B194D} - C:\WINDOWS\system32\ddabb.dll (file missing)

O2 - BHO: {a1e51063-b46b-201a-5444-02d21ad705f3} - {3f507da1-2d20-4445-a102-b64b36015e1a} - C:\WINDOWS\system32\wwmfghml.dll (file missing)

luikki disse:
que "belo" conjunto de tralha que tens por aí....
mcafee e agv? juntos? a fazer o quê?
google toolbar? para quê?

posta o teu log em www.hijackthis.de, faz analyze e marca as caixas que correspondem às linhas com ??? ou XXX....
e decide-te. elimina um dos antivírus!
depois, desactiva o restauro de sistema, instala e corre o ccleaner e limpa essa marmelada....
Clicar para expandir...

Podes fazer o que luikki disse. Nota que algumas entradas poderão dizer Possibly Nasty. Não quer dizer que sejam ameaças. Simplesmente as directorias das bases de dados deles estão em alemão. Faz uma comparação entre a directoria das tuas aplicações e das que eles dizem serem as normais.

De qualquer das formas as que eu mencionei poderás fazer Fix.
 
Última edição pelo moderador:
Inicie sessão ou registe-se para poder participar.
Back
Topo