Jump to content
Fórum Script Brasil
  • 0

[Resolvido]Log Do Hijackthis


Diogo Flammarion

Question

está aqui o log do hijackthis, seguinte, esse tal de lsass.exe e services.exe, faz meu computador reiniciar do nada.... ;) isso sempre acontece, além de que meu pc fica com 100% de uso direto

Logfile of HijackThis v1.99.1

Scan saved at 21:55:28, on 24/2/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINNT\system32\csrs.exe

C:\WINNT\system32\iexploler.exe

C:\WINNT\SOUNDMAN.EXE

C:\WINNT\system32\lssas.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINNT\System32\svchost.exe

D:\Downloads\MuNetPlay\Launcher.exe

D:\Downloads\MuNetPlay\main.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe

O4 - HKLM\..\Run: [services] C:\WINNT\system32\iexploler.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\system32\lssas.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Link to comment
Share on other sites

12 answers to this question

Recommended Posts

  • 0

Ok, há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.

Baixe > BankerFix

Desative o seu anti vírus temporariamente, para não haver conflitos.

Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

Habilite o seu anti vírus.

Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt

Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\

Link to comment
Share on other sites

  • 0

ok, fiz o procedimento que você me falou...

aqui esta o relatorio do bankerfix

INICIANDO BANKER FIX

=======================================================

Arquivo infectado detectado: C:\WINNT\system32\csrs.exe

Arquivo infectado removido com sucesso!

INICIANDO FOX FIX

=======================================================

Iniciando Log do PV

-----------------------------------

Killing '*'

Arquivos a remover

-----------------------------------

Arquivos ruins restantes

-----------------------------------

Reg Importado

-----------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

e também aqui um novo logo do hijack

Logfile of HijackThis v1.99.1

Scan saved at 10:26:38, on 25/2/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINNT\system32\iexploler.exe

C:\WINNT\SOUNDMAN.EXE

C:\WINNT\system32\lssas.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINNT\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\system32\lssas.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

alguém aí pra analisar meu log??? :lol:

Link to comment
Share on other sites

  • 0

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINNT\system32\iexploler.exe

C:\WINNT\system32\csrs.exe

C:\WINNT\system32\lssas.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão X. Depois clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\system32\lssas.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

deu certo o killbox funcionou, dai segui os procedimentos, eis aqui o log do hijackthis que acabei d fazer

Logfile of HijackThis v1.99.1

Scan saved at 13:20:45, on 25/2/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [services] C:\WINNT\system32\iexploler.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Link to comment
Share on other sites

  • 0

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINNT\system32\iexploler.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão X. Depois clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O4 - HKLM\..\Run: [services] C:\WINNT\system32\iexploler.exe

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

procedimentos feitos... novo log do hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 13:39:31, on 25/2/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Link to comment
Share on other sites

  • 0

postei no tópico anterior, so que a pagina não está sendo exibida, portanto não sei se xeguei a confirmar o post... então vou postar aqui novamente o log

Logfile of HijackThis v1.99.1

Scan saved at 13:39:31, on 25/2/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar1.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater1.02.0002.1001\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Link to comment
Share on other sites

  • 0

Pois é, estamos com um problema na nova versão do fórum e erros assim estão acontecendo toda hora, mas em breve solucionaremos.

Quanto ao seu log aparentemente está limpo, os problemas persistem?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


  • Forum Statistics

    • Total Topics
      152.1k
    • Total Posts
      651.8k
×
×
  • Create New...