Análise logo hijackithis

  1. 29-04-2010  #1
    neco, o poeta
    neco, o poeta is offline Newbie

    Análise logo hijackithis

    Gostaria que alguém analisasse o logo hijackithis do meu sistema, para saber se preciso excluir algo.

    Desde já obrigado.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:34:39, on 29/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
    C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
    C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\ARQUIVOS DE PROGRAMAS\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
    C:\Arquivos de programas\POPDiscador\POPDiscador.exe
    C:\ARQUIV~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Arquivos de programas\Corel\Corel MediaOne\CorelIOMonitor.exe
    C:\Arquivos de programas\Acelerador POP\slipcore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe
    C:\Documents and Settings\Ademilde dos santos\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHa ndler.exe
    C:\DAP.EXE
    C:\ARQUIVOS DE PROGRAMAS\Acelerador POP\slipgui.exe
    C:\ARQUIVOS DE PROGRAMAS\Outlook Express\msimn.exe
    C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe
    C:\ARQUIVOS DE PROGRAMAS\eMule\emule.exe
    C:\ARQUIVOS DE PROGRAMAS\Malwarebytes' Anti-Malware\mbam.exe
    C:\ARQUIVOS DE PROGRAMAS\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Ademilde dos santos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ademilde dos santos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
    C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ademilde dos santos\Meus documentos\My Completed Downloads\HiJackThis.exe
    C:\Documents and Settings\Ademilde dos santos\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5400
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
    R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\ARQUIVOS DE PROGRAMAS\Acelerador POP\PBHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.17 52\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
    O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleIn stance.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\DAPIEL~1.DLL
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\ARQUIVOS DE PROGRAMAS\Acelerador POP\Toolband.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [POPDiscador] C:\Arquivos de programas\POPDiscador\POPDiscador.exe --minimized
    O4 - HKLM\..\Run: [EEventManager] C:\ARQUIV~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Arquivos de programas\Corel\Corel MediaOne\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [SlipStream] "C:\Arquivos de programas\Acelerador POP\slipcore.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SkinClock] C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ademilde dos santos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [EPSON TX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF DL.EXE /FU "C:\WINDOWS\TEMP\E_S133.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe"
    O4 - HKCU\..\Run: [DownloadAccelerator] "c:\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acelerador POP.lnk = C:\ARQUIVOS DE PROGRAMAS\Acelerador POP\slipgui.exe
    O8 - Extra context menu item: &Clean Traces - c:\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - c:\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - c:\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/328
    O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/327
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: SEARCH_PAGE_URL=&Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93338CFF-FC84-439E-8A31-640B46283308}: NameServer = 200.175.8.89 200.175.5.185
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\ARQUIVOS DE PROGRAMAS\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\ARQUIVOS DE PROGRAMAS\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
    O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Arquivos de programas\Moon Secure Antivirus\msavcore.exe (file missing)
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\ARQUIVOS DE PROGRAMAS\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 14906 bytes
    .
  2. 30-04-2010  #2
    broni
    broni is offline Senior Member
    Gostaria que alguém analisasse o logo hijackithis do meu sistema, para saber se preciso excluir algo.
    Unfortunately, I don't speak Spanish, so if you can, or you have someone, you can post in English for you, we can continue.
  3. 30-04-2010  #3
    neco, o poeta
    neco, o poeta is offline Newbie
    Quote Originally Posted by broni View Post
    Unfortunately, I don't speak Spanish, so if you can, or you have someone, you can post in English for you, we can continue.
    I don´t speak english. I speak portuguese (Brazil)

    Tank you.
  4. 30-04-2010  #4
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    I don't speak Portugese, either.
    This is English forum, so if you can find a way, we can communicate in English, that would be great
Closed Thread
« Somethings wrong | Multiple Infections? : [ »