Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

nevs

Como usar o HijackThis?

5 posts neste tópico

Peguei este programa para remoção de malware e quero aprender a usá-lo bem, ao envés de mandar logs para analise.

Como usar o HijackThis? Como eu sei que no meu log tem ou não um malware?

Vou postar aqui o meu log e gostaria de uma analise com explicações do porque remover isso ou aquilo.

Logfile of HijackThis v1.99.1

Scan saved at 07:23:33, on 8/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe

C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe

C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe

C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:Arquivos de programasJavajre1.5.0_06binjusched.exe

C:Arquivos de programasAnalog DevicesSoundMAXSMax4PNP.exe

C:Arquivos de programasAnalog DevicesSoundMAXsmax4.exe

C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe

C:Arquivos de programasDAEMON Toolsdaemon.exe

C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe

C:Arquivos de programasHewlett-PackardHP Software UpdateHPWuSchd2.exe

C:Arquivos de programasHPhpcoretechhpcmpmgr.exe

C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe

C:WINDOWSVM_STI.EXE

C:WINDOWSsystem32RUNDLL32.EXE

C:Program FilesASUSProbeAsusProb.exe

C:Arquivos de programasMSN Messengermsnmsgr.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

C:Arquivos de programasArquivos comunsMicrosoft SharedVS7DEBUGMDM.EXE

C:Arquivos de programasMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe

C:Arquivos de programasNorton AntiVirusnavapsvc.exe

C:Arquivos de programasNorton AntiVirusIWPNPFMntor.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32slserv.exe

C:Arquivos de programasAnalog DevicesSoundMAXSMAgent.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wdfmgr.exe

C:WINDOWSSystem32alg.exe

C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:WINDOWSsystem32WgaTray.exe

C:WINDOWSsystem32svchost.exe

C:Arquivos de programasInternet Exploreriexplore.exe

C:Arquivos de programasMozilla Firefoxfirefox.exe

C:Documents and SettingsDaniel Aliotto NalinDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.uol.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Arquivos de programasAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Arquivos de programasArquivos comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Arquivos de programasNorton AntiVirusNavShExt.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:WINDOWSDownloaded Program Filesgbieh.dll

O3 - Toolbar: Norton antivírus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Arquivos de programasNorton AntiVirusNavShExt.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [sunJavaUpdateSched] C:Arquivos de programasJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [soundMAXPnP] C:Arquivos de programasAnalog DevicesSoundMAXSMax4PNP.exe

O4 - HKLM..Run: [soundMAX] "C:Arquivos de programasAnalog DevicesSoundMAXsmax4.exe" /tray

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe

O4 - HKLM..Run: [DAEMON Tools] "C:Arquivos de programasDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [ccApp] "C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe"

O4 - HKLM..Run: [HP Software Update] "C:Arquivos de programasHewlett-PackardHP Software UpdateHPWuSchd2.exe"

O4 - HKLM..Run: [HP Component Manager] "C:Arquivos de programasHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [iSUSScheduler] "C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [bigDogPath] C:WINDOWSVM_STI.EXE LG Web Camera driver

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe

O4 - HKLM..Run: [iSUSPM Startup] c:ARQUIV~1ARQUIV~1INSTAL~1UPDATE~1isuspm.exe -startup

O4 - HKCU..Run: [msnmsgr] "C:Arquivos de programasMSN Messengermsnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:Arquivos de programasArquivos comunsAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Arquivos de programasAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:Arquivos de programasArquivos comunsAutodesk Sharedacstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:ARQUIV~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ARQUIV~1MICROS~2OFFICE11REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1140927887140

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:ARQUIV~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Arquivos de programasArquivos comunsMicrosoft SharedHelphxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:ARQUIV~1MSNMES~1MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Arquivos de programasArquivos comunsAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:Arquivos de programasArquivos comunsAutodesk SharedServiceAdskScSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:Arquivos de programasMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Serviço do Auto-Protect do Norton antivírus (navapsvc) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusnavapsvc.exe

O23 - Service: Norton antivírus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusIWPNPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusSAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Arquivos de programasAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe

Obrigado


Notebook Sony Vaio VGN-CS325J

Windows 7 Home Premium 64 bits

Intel Core 2 Duo 2,1GHz; 4GB RAM

HD 320GB; NVIDIA GeForce 9300 GS 256MB

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que estou entendendo como funciona...

Entrei no http://www.merijn.org/htlogtutorial.html e analisei meu log

Pra mim parece estar limpo, mas cheio de coisas desnecessarias.

Mas preciso ter certeza disso... alguém pode analisa-lo, por favor?


Notebook Sony Vaio VGN-CS325J

Windows 7 Home Premium 64 bits

Intel Core 2 Duo 2,1GHz; 4GB RAM

HD 320GB; NVIDIA GeForce 9300 GS 256MB

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz todo o procedimento para analise de logs...quero ter certeza que meu PC está livre de malware...

No Scan online do Panda não encontrou nada.

O scan do Ad-Aware SE Professional 1.06 também não.

O scan do Norton antivírus 2006, nada.

Fiz uma limpeza com o CCleaner e também corrigi os erros no registro

Agora gostaria de saber se meu log está limpo...

Logfile of HijackThis v1.99.1

Scan saved at 13:32:45, on 8/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe

C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe

C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe

C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

C:Arquivos de programasArquivos comunsMicrosoft SharedVS7DEBUGMDM.EXE

C:Arquivos de programasMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe

C:Arquivos de programasNorton AntiVirusnavapsvc.exe

C:Arquivos de programasNorton AntiVirusIWPNPFMntor.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32slserv.exe

C:Arquivos de programasAnalog DevicesSoundMAXSMAgent.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wdfmgr.exe

C:WINDOWSSystem32alg.exe

C:Arquivos de programasJavajre1.5.0_06binjusched.exe

C:Arquivos de programasAnalog DevicesSoundMAXSMax4PNP.exe

C:Arquivos de programasAnalog DevicesSoundMAXsmax4.exe

C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe

C:Arquivos de programasDAEMON Toolsdaemon.exe

C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe

C:Arquivos de programasHewlett-PackardHP Software UpdateHPWuSchd2.exe

C:Arquivos de programasHPhpcoretechhpcmpmgr.exe

C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe

C:WINDOWSVM_STI.EXE

C:WINDOWSsystem32RUNDLL32.EXE

C:WINDOWSsystem32WgaTray.exe

C:WINDOWSsystem32svchost.exe

C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:Program FilesASUSProbeASUSPROB.EXE

D:Meus DocumentosAnti MalwaresHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.uol.com.br/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Arquivos de programasYahoo!CompanionInstallscpnyt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Arquivos de programasAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Arquivos de programasArquivos comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Arquivos de programasNorton AntiVirusNavShExt.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:WINDOWSDownloaded Program Filesgbieh.dll

O3 - Toolbar: Norton antivírus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Arquivos de programasNorton AntiVirusNavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Arquivos de programasYahoo!CompanionInstallscpnyt.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [sunJavaUpdateSched] C:Arquivos de programasJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [soundMAXPnP] C:Arquivos de programasAnalog DevicesSoundMAXSMax4PNP.exe

O4 - HKLM..Run: [soundMAX] "C:Arquivos de programasAnalog DevicesSoundMAXsmax4.exe" /tray

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe

O4 - HKLM..Run: [DAEMON Tools] "C:Arquivos de programasDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [ccApp] "C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe"

O4 - HKLM..Run: [HP Software Update] "C:Arquivos de programasHewlett-PackardHP Software UpdateHPWuSchd2.exe"

O4 - HKLM..Run: [HP Component Manager] "C:Arquivos de programasHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [iSUSScheduler] "C:Arquivos de programasArquivos comunsInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [bigDogPath] C:WINDOWSVM_STI.EXE LG Web Camera driver

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe

O4 - HKLM..Run: [iSUSPM Startup] c:ARQUIV~1ARQUIV~1INSTAL~1UPDATE~1isuspm.exe -startup

O4 - HKCU..Run: [msnmsgr] "C:Arquivos de programasMSN Messengermsnmsgr.exe" /background

O4 - HKCU..Run: [AdobeUpdater] C:Arquivos de programasArquivos comunsAdobeUpdaterAdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:Arquivos de programasArquivos comunsAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Arquivos de programasAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:Arquivos de programasArquivos comunsAutodesk Sharedacstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:ARQUIV~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Arquivos de programasJavajre1.5.0_06binssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ARQUIV~1MICROS~2OFFICE11REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1140927887140

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:ARQUIV~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Arquivos de programasArquivos comunsMicrosoft SharedHelphxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:ARQUIV~1MSNMES~1MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Arquivos de programasArquivos comunsAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:Arquivos de programasArquivos comunsAutodesk SharedServiceAdskScSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:Arquivos de programasMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Serviço do Auto-Protect do Norton antivírus (navapsvc) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusnavapsvc.exe

O23 - Service: Norton antivírus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusIWPNPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Arquivos de programasNorton AntiVirusSAVScan.exe

O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Arquivos de programasAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe


Notebook Sony Vaio VGN-CS325J

Windows 7 Home Premium 64 bits

Intel Core 2 Duo 2,1GHz; 4GB RAM

HD 320GB; NVIDIA GeForce 9300 GS 256MB

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Log está limpo.  

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 23 Visualizações
    • 14 Mensagens
    • 363 Visualizações
    • 2 Mensagens
    • 74 Visualizações
    • 21 Mensagens
    • 567 Visualizações
    • 1 Mensagens
    • 77 Visualizações

  • Postagens Recentes

    • Analise do log
      EXE
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\SysWOW64\notepad.exe
      C:\Users\User\Downloads\HijackThis.exe
      C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE07&ocid=UE07DHP
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=userinit.exe,
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
      O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O4 - Global Startup: Nex-Serv.lnk = C:\Nex\NexServ.exe
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
      O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 9485 bytes
          -->