Jump to content
Fórum Script Brasil
  • 0

Log Do Hijackthis


Alex_Meyer

Question

Estou desconfiando que minha maquina deve estar com alguma infecção pois, noto que algumas vezes ela parece que tenta abrir um pop-up e não abre nada, o problema é quase imperceptivel, mas sinto que ela esta infectada pois, são constantes as vezes que isso ocorre.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.9:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.3.9;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - \\cpd_studio\Spybot\SDHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [siteClient] C:\SiteClient\SiteCli.exe

O4 - HKLM\..\Run: [initClient] C:\SiteClient\InitCli.exe

O4 - HKLM\..\Run: [Vrmon] C:\Arquivos de programas\ViRobot NT\vrmonnt.exe Main

O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\LogMeInSystray.exe"

O4 - HKLM\..\Run: [VrSchedule] C:\Arquivos de programas\ViRobot NT\Vrres.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [system] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\system.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\PV-CX881PL+\TVRMVCR.EXE

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: system.exe

O4 - Global Startup: TVSCHL.lnk = C:\Arquivos de programas\PV-CX881PL+\TVSCHL.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aec.com.br

O17 - HKLM\Software\..\Telephony: DomainName = aec.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{188C112F-2A18-4689-949D-D59BA0719213}: NameServer = 192.168.2.1,192.168.1.1,192.168.3.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D81E5AE7-1AFE-44D3-ADE4-4714EB29B153}: NameServer = 192.168.2.1,192.168.1.1,192.168.3.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aec.com.br

O17 - HKLM\System\CS1\Services\Tcpip\..\{188C112F-2A18-4689-949D-D59BA0719213}: NameServer = 192.168.2.1,192.168.1.1,192.168.3.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aec.com.br

O17 - HKLM\System\CS2\Services\Tcpip\..\{188C112F-2A18-4689-949D-D59BA0719213}: NameServer = 192.168.2.1,192.168.1.1,192.168.3.1

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acesso_RB2707 - RODBEL MADIS Indústria de Relógios S/A Ltda - D:\Rodbel\Comun\Acesso_RB2707.EXE

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Arquivos de programas\LogMeIn\RaMaint.exe

O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Arquivos de programas\LogMeIn\LogMeIn.exe

O23 - Service: SiteClient Service for VMS (SiteClientService) - Unknown owner - C:\SiteClient\clisvc.exe

O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Arquivos de programas\ViRobot NT\vrmonsvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\UltraVNC\winvnc.exe" -service (file missing)

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Forum Statistics

    • Total Topics
      152.1k
    • Total Posts
      652k
×
×
  • Create New...