1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Logfile of HijackThis

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por frank, 21 de Abril de 2006. (Respostas: 9; Visualizações: 1249)

  1. frank

    frank Banido

    boas, alguém me ajuda a encontrar aqui algum processo manhoso?

    cpmts.
    Logfile of HijackThis v1.99.1

    Scan saved at 21:40:58, on 21/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5296.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network PCI Adapter 54G WL-115\Installer\WINXP\WLANUTL.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Opera\Opera.exe
    J:\programas\segurança\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Sitecom WL-115 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PCI Adapter 54G WL-115\Installer\WINXP\WLANUTL.exe
    O9 - Extra button: Criar favorito móvel - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Criar favorito móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142641731623
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  2. ShadeX

    ShadeX Power Member

    Vais desculpar a frontalidade, mas no meio de tanta m***a como raio se vai encontrar coisas manhosas... Sinceramente, se o meu logo do HJT desse mais de 10 linha já andava a saltar pela janela, quanto mais...

    Volta a postar um log quando te livrares de

    e outros que tais. Tudo o que realmente não cumpre funçao está obviamente a mais e a atrasar o boot. Quando te livras desses ficas com os essenciais e os manhosos...
     
  3. Th3 Gam3

    Th3 Gam3 1st Folding then Sex

    Boas
    O teu logfile está limpo. Tirando a catrefada de programas que tens no Arranque, nada a reportar.

    Abraço
     
  4. frank

    frank Banido

    obrigado:)

    vou dar um jeito nisto!

    cpmts.
     
  5. luikki

    luikki Power Member

  6. Th3 Gam3

    Th3 Gam3 1st Folding then Sex

    Boas
    Esse site não ajuda em nada, análises erróneas na maior parte se não na totalidade das vezes. Depois é a velha história: "A emenda pode sair pior do que o soneto".

    Se alguém quiser o seu logfile analisado que se dirija a Fóruns preparados e com pessoal qualificado para tal.

    Abraço
     
  7. kidloco

    kidloco Power Member

    Desde que saibas o que estás a desligar. Eu desligo tudo o que sejam Scheduler's (deixo só do AV), Helper's afins. Nunca os uso por isso ;)
     
  8. Flyer

    Flyer Power Member

    mete o log no www.imnotageek.com q tem analisa logo no minuto e dá-te informação acerca de todos os processos q aí tens....muitos dos quais n sao maléficos, mas realmente sao palha :S
     
  9. luikki

    luikki Power Member

    errado!

    comigo, e em várias máquinas, a informação conseguida em:


    www.hijackthis.de/index.php#anl

    nunca falhou!
    alguém tem provas em contrário????
     
  10. Th3 Gam3

    Th3 Gam3 1st Folding then Sex

    Boas
    No momento não tinha. Hoje estava a analisar um logfile colocado aqui neste Fórum, quando curiosamente recordo este mesmo tópico e os links nele mencionados, insiro o logfile da pessoa em causa no link que referes: www.hijackthis.de/index.php#anl, e tudo muito bem até chegar à parte em que considera a seguinte entrada: O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll como maliciosa, mas vamos ver o que diz o Castlecops: http://castlecops.com/tk1051-stmain_dll.html.

    Parece que afinal falha.

    Abraço
     

Partilhar esta Página