1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Ajuda com o log do Hijackthis!

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Demon_Hunter, 1 de Abril de 2008. (Respostas: 3; Visualizações: 705)

  1. Demon_Hunter

    Demon_Hunter Suspenso

    Boas pessoal! Eu fiz aqui um scan com o hijackthis e guardei o log. Mas como n percebo nada disto queria pedirvos ajuda no que devo fazer "fix" e no que não devo! Vou colar aqui:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:12, on 01-04-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    c:\programas\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programas\mcafee.com\vso\mcvsshld.exe
    c:\programas\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
    C:\Programas\Windows Defender\MSASCui.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Programas\DAEMON Tools Lite\daemon.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
    D:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    C:\Programas\WLAN\GConfig\GConfig.exe
    D:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Programas\iTunes\iTunes.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Antonio\Ambiente de trabalho\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {a1e51063-b46b-201a-5444-02d21ad705f3} - {3f507da1-2d20-4445-a102-b64b36015e1a} - C:\WINDOWS\system32\wwmfghml.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddccyxv.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9536FA07-A280-4208-AC10-373AD6983714} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {ED42BB8C-8C09-408A-A6D0-49B17A1B194D} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Programas\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Programas\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Programas\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [dc2260a9] rundll32.exe "C:\WINDOWS\system32\dmmyycru.dll",b
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BMdf115335] Rundll32.exe "C:\WINDOWS\system32\kukbyrlt.dll",s
    O4 - HKCU\..\Run: [Steam] "c:\programas\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Programas\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programas\Octoshape Streaming Services\Antonio\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = D:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: GConfig.lnk = C:\Programas\WLAN\GConfig\GConfig.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programas\CarbonPoker\Poker.exe (HKCU)
    O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by144fd.bay144.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFC32ED-E264-47EB-A3A8-D6D0884574E8}: NameServer = 194.65.100.117,194.65.3.20
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: ddccyxv - C:\WINDOWS\SYSTEM32\ddccyxv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Programas\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

    Eu não sei se os running processes importa mas colei na mesma para ter a certeza que está tudo! Agradecia ajuda o mais rápido possível ( o PC está meio maluco). Abraço
     
  2. DarkButterfly

    DarkButterfly Power Member

    C:\WINDOWS\system32\IoctlSvc.exe

    Este processo há uns tempos apareceu-me no computador e não faz parte dos serviços do windows, portanto se o desactivares/eliminares não terás qualquer problema. Até me lembra de ver mais coisas sobre isto.

    Supostamente está relacionado com esta empresa - Prolific Technology Inc.
    Dei uma vista de olhos na altura e não tenho nada no computador que justificasse a sua presença. Na altura até só desactivei, o que me lembra para eliminar.

    Esta entrada - O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddccyxv.dll

    Esta podes eliminar não prejudicial, mas é desnecessária O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    É tudo o que vejo que possas eliminar. Alguém dirá mais alguma coisa por cero, caso haja algo mais a eliminar.
     
  3. luikki

    luikki Power Member

    que "belo" conjunto de tralha que tens por aí....
    mcafee e agv? juntos? a fazer o quê?
    google toolbar? para quê?

    posta o teu log em www.hijackthis.de, faz analyze e marca as caixas que correspondem às linhas com ??? ou XXX....
    e decide-te. elimina um dos antivírus!
    depois, desactiva o restauro de sistema, instala e corre o ccleaner e limpa essa marmelada....
     
  4. DarkButterfly

    DarkButterfly Power Member

    O4 - HKLM\..\Run: [BMdf115335] Rundll32.exe "C:\WINDOWS\system32\kukbyrlt.dll"

    O4 - HKLM\..\Run: [dc2260a9] rundll32.exe "C:\WINDOWS\system32\dmmyycru.dll"

    Como sempre convém fazer um ponto de restauro do sistema para qualquer eventualidade.

    O2 - BHO: (no name) - {9536FA07-A280-4208-AC10-373AD6983714} - C:\WINDOWS\system32\ssqpp.dll (file missing)

    O2 - BHO: (no name) - {ED42BB8C-8C09-408A-A6D0-49B17A1B194D} - C:\WINDOWS\system32\ddabb.dll (file missing)

    O2 - BHO: {a1e51063-b46b-201a-5444-02d21ad705f3} - {3f507da1-2d20-4445-a102-b64b36015e1a} - C:\WINDOWS\system32\wwmfghml.dll (file missing)

    Podes fazer o que luikki disse. Nota que algumas entradas poderão dizer Possibly Nasty. Não quer dizer que sejam ameaças. Simplesmente as directorias das bases de dados deles estão em alemão. Faz uma comparação entre a directoria das tuas aplicações e das que eles dizem serem as normais.

    De qualquer das formas as que eu mencionei poderás fazer Fix.
     
    Última edição pelo moderador: 2 de Abril de 2008

Partilhar esta Página