Hijackthis.log - Ajuda

cmgam

Power Member
Boas noites

Já postei este logo no site do Hijackthis e não acusou nada de mau mas, parece-me a mim que há entradas que não servem para nada e que estarão a mais 8|:

Logfile of HijackThis v1.99.1
Scan saved at 23:37:47, on 08-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\Program Files\Qualcomm\Eudora\Eudora.exe
J:\Program Files\Bowlfish\eMule.exe
J:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\CPU\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - J:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "J:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Outpost Firewall] J:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O8 - Extra context menu item: Abrir com o GetRight Browser - J:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Download com o GetRight - J:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight - J:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Browser - J:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{513AC16F-6F49-4276-AB42-ADC74AE50A4E}: NameServer = 194.65.100.117,194.65.5.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B9F9F0-D42C-4A2A-A2E9-D37A8E9E29B8}: NameServer = 212.55.154.174,194.65.5.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: firewall\wl_hook.dll J:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - J:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Alguém conhecedor me dá uma opinião sobre o log?:)

Desde já obrigado
Cumps
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B9F9F0-D42C-4A2A-A2E9-D37A8E9E29B8}: NameServer = 212.55.154.174,194.65.5.2

faz fix a estes 2...e apaga o outro thread...
CuMpZ
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B9F9F0-D42C-4A2A-A2E9-D37A8E9E29B8}: NameServer = 212.55.154.174,194.65.5.2

faz fix a estes 2...e apaga o outro thread...
CuMpZ

Boas tardes carsten_999

Quem não sabe é como quem não vê :'(.
A 2ª entrada que devo fazer o fix (O17 - HKLM\System\CCS\Services\Tcpip .....) é, segundo me parece, repetida logo a seguir. Faço o fix nas duas ou só numa 8|?
Já agora, as 2 entradas "O16 - DPF:....." e relativas à creative, são o quê?
O 2º tópico igual a este que por engano enviei, já foi apagado :)

Obrigado
Cumps
 
boas cmgam,apaga os 2...relativemente a creative é da placa de som,tens uma placa de som da creative,ne?corrige me se estou enganado...
 
boas cmgam,apaga os 2...relativemente a creative é da placa de som,tens uma placa de som da creative,ne?corrige me se estou enganado...

Boas tardes

Obrigado pela resposta.
Quanto à Creative, realmente tenho uma Audigy mas a minha dúvida prende-se com a parte "Creative Software AutoUpdate".
Será que faz parte do programa de autoupdate para quando se acede ao respectivo site fazer o update automático dos componentes da Creative ou é qualquer outra coisa que é carregado?

Mais uma vez obrigado :)
Cumps
 
é um plug in que procura automaticamente updates de drivers pa tua placa(no caso de estar errado que me corrigam)...nao te tens preocupar com nada,se fizest fix aqueles 2...
CuMpZ
 
Não podes instalar por exemplo, no Ambiente de Trabalho, senão vai dar bronca.
Instala, por exemplo, no teu disco rígido, programas, Hijackthis, e ele vai criar um atalho no Ambiente de Trabalho.
Fica bem.
Cumps.
 
essa versão 2 é beta, o HT foi vendido e pelos vistos a TrendMicro está a aperfeiçoar, esperemos que continue free...
As some of you might have seen several IT news websites are offering Trend Micro HijackThis 2.00 beta. An official statement will be posted on their website soon, but since this is a public beta of theirs I figured it'd be best if I answered the question I'm going to get asked a lot, right now.
This is not fake, I sold HijackThis to TrendMicro. Their product incorporates all changes, updates and fixes that I was planning on adding in the v1.99.2 release. I made sure of that and I hope no one will be disappointed with it.
While TrendMicro does not officially support HijackThis yet, I expect they will once it goes final.

I sold HijackThis because I had been sitting on an unfinished update for over a year and I still could not make enough time to finish it. My uni classes are taking up a lot of time and I want to set my goals a bit wider than just the antispyware business (though I still love it). Sitting on an unfinished product until it becomes obsolete is not useful, so I decided to transfer the responsibility to TrendMicro (who have also taken care of my CWShredder) so they can give it proper attention and support. Where the will take HijackThis, I do not know - but I am sure they will respect its goals and what it stands for.

fonte
 
Back
Topo