Log HijackThis

agentecris · 07-11-2009, 16:42

Por favor, alguem pode analisar este log? Essa semana uma criança usou o PC e infestou de vírus de sites de jogos tipo mu, dragonball, etc. Consegui excluir alguns com o Eset Smart Security e o Ad-Aware, mas ainda tô achando o PC lento. Obrigado a todos do site!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:40, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programas\Anti-Spyware\Spyware Doctor\pctsAuxs.exe
D:\Programas\Anti-Spyware\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\Programas\Anti-Spyware\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\vsnpstd3.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Avant Browser\avant.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis 2.0.2\HiJackThis.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...16&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "D:\Programas\Anti-Spyware\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NitroPC] "D:\Programas\Otimizador do Sistema\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Avant Browser; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.crazzy.com.br/ferramentas...44&puerto=1232"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Verificador de Calendário Ulead Photo Express.lnk = C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.../GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programas\Anti-Spyware\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programas\Anti-Spyware\Spyware Doctor\pctsSvc.exe
O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (file missing)
--
End of file - 12151 bytes

Diogo R. · 07-11-2009, 17:05

Olá

Faça o download do Ad-Remover

Dê duplo clique em AD-R.exe...

Aparecerá uma janela, clique então emSIM

Logo após, clique em Suivant para instalar

Ao término clique em Quitter

Um ícone no Desktop será criado...

Dê duplo clique em Ad Remover.exe e depois clique em Oui...

Tecle A e depois ENTER para fazer o scan...

O scan pode demorar, aguarde o processo terminar...

Um log será criado em C:\Ad-Report-SCAN.log

Copie e cole esse log aqui...

Aguardo

T+

agentecris · 09-11-2009, 21:00

Citação:

Postado Originalmente por Diogo R.

Olá

Faça o download do Ad-Remover

Dê duplo clique em AD-R.exe...

Aparecerá uma janela, clique então emSIM

Logo após, clique em Suivant para instalar

Ao término clique em Quitter

Um ícone no Desktop será criado...

Dê duplo clique em Ad Remover.exe e depois clique em Oui...

Tecle A e depois ENTER para fazer o scan...

O scan pode demorar, aguarde o processo terminar...

Um log será criado em C:\Ad-Report-SCAN.log

Copie e cole esse log aqui...

Aguardo

T+

Procurando o Ad-Remover na net quase pegava um vírus cavalo de tróia, foi detectado e bloqueado pelo nod32. Porém em relação ao problema que motivou este post, já passei vários anti-vírus e anti-spyware ( passei até o cureit )e acredito que o PC está limpo. O PC apresenta outro problema: "O gerenciador de tarefas foi desativado peo administrador", aparece esta mensagem quando tento acessar o gerenciador de tarefas, ouvi comentários que trata-se de problema do XP SP3. Por favor ajudem!

Diogo R. · 09-11-2009, 21:59

Olá agentecris

O Link para o download do AD-Remover já foi postado e é esse: http://sd-1.archive-host.com/membres...59868/AD-R.exe

Continue com o procedimento e poste o log solicitado.

Obs: Cuidado com os procedimentos sem ter sido solictado...

T+

07-11-2009, 16:42	#1 (permalink)
agentecris Newbie Registrado em: Sep 2008 Mensagens: 30 Reputação: 0	Log HijackThis Por favor, alguem pode analisar este log? Essa semana uma criança usou o PC e infestou de vírus de sites de jogos tipo mu, dragonball, etc. Consegui excluir alguns com o Eset Smart Security e o Ad-Aware, mas ainda tô achando o PC lento. Obrigado a todos do site! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:40, on 7/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programas\Anti-Spyware\Spyware Doctor\pctsAuxs.exe D:\Programas\Anti-Spyware\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe D:\Programas\Anti-Spyware\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\Arquivos de programas\Avant Browser\avant.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis 2.0.2\HiJackThis.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...16&gct=&gc=1&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [ISTray] "D:\Programas\Anti-Spyware\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NitroPC] "D:\Programas\Otimizador do Sistema\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Avant Browser; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.crazzy.com.br/ferramentas...44&puerto=1232" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Verificador de Calendário Ulead Photo Express.lnk = C:\Arquivos de programas\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.../GAME_UNO1.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programas\Anti-Spyware\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programas\Anti-Spyware\Spyware Doctor\pctsSvc.exe O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (file missing) -- End of file - 12151 bytes

07-11-2009, 17:05	#2 (permalink)
Diogo R. Zumbi Registrado em: Jul 2008 Localização: Brasil; MG; Região Metropolitana de BH Idade: 3 Mensagens: 6.405 Reputação: 185	Olá Faça o download do Ad-Remover Dê duplo clique em AD-R.exe... Aparecerá uma janela, clique então emSIM Logo após, clique em Suivant para instalar Ao término clique em Quitter Um ícone no Desktop será criado... Dê duplo clique em Ad Remover.exe e depois clique em Oui... Tecle A e depois ENTER para fazer o scan... O scan pode demorar, aguarde o processo terminar... Um log será criado em C:\Ad-Report-SCAN.log Copie e cole esse log aqui... Aguardo T+ __________________ Visite nosso FAQ (Estarei menos frequente, problemas pessoais)

09-11-2009, 21:59	#4 (permalink)
Diogo R. Zumbi Registrado em: Jul 2008 Localização: Brasil; MG; Região Metropolitana de BH Idade: 3 Mensagens: 6.405 Reputação: 185	Olá agentecris O Link para o download do AD-Remover já foi postado e é esse: http://sd-1.archive-host.com/membres...59868/AD-R.exe Continue com o procedimento e poste o log solicitado. Obs: Cuidado com os procedimentos sem ter sido solictado... T+ __________________ Visite nosso FAQ (Estarei menos frequente, problemas pessoais)

		FórumGdH > Software, Segurança e Mac (Apple) > Análise de logs e remoção de vírus (arquivos maliciosos)
Log HijackThis

1. Log HijackThis - Analisem por favor
Mais resultados? Use nossa pesquisa.

Opções do Tópico
Exibir Versão para Impressão Envie essa página por e-mail