Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

RUY

[Resolvido!] Computar infectado 23 vezes

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

RUY    2

RUY
Postado

O PC já foi infectado antes, quero saber se o micro está limpo ou se tem algum programa ilegal

 

 

 

==============================================================================================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:10, on 25/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\TARITRON BACKUP\TARITRON WINDOWS\Bilhetagem.exe

C:\TARITRON WINDOWS\Taritron.exe

C:\TARITRON WINDOWS\TELE_14A\TELE_14A.EXE

C:\TARITRON WINDOWS\TELE_211\TELE_211.EXE

C:\TARITRON WINDOWS\Tele_23A\Tele_23A.EXE

C:\TARITRON WINDOWS\TELE_25\TELE_25.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

E:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://correiomapa.agricultura.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.51.24.22:8118

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O4 - .DEFAULT User Startup: Bilhetagem For Windows.lnk = C:\TARITRON WINDOWS\Bilhetagem.exe (User 'Default user')

O4 - .DEFAULT User Startup: Taritron For Windows.lnk = C:\TARITRON WINDOWS\TARITRON.exe (User 'Default user')

O4 - Startup: 4T-MIN.lnk = C:\Tools\4t Tray Minimizer\4T-MIN.EXE

O4 - Startup: Bilhetagem For Windows.lnk = C:\TARITRON BACKUP\TARITRON WINDOWS\Bilhetagem.exe

O4 - Startup: CIC.lnk = C:\Tools\Cic\CICClient.exe

O4 - Startup: Taritron For Windows.lnk = C:\TARITRON WINDOWS\TARITRON.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250779872976

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250779240445

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\httpd.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: FileZilla Server - Unknown owner - E:\xampp\FileZillaFTP\FileZilla server.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mercury - Unknown owner - E:\xampp\xampp_service_mercury.exe (file missing)

O23 - Service: MySQL - Unknown owner - E:\xampp\mysql\bin\mysqld.exe (file missing)

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

O24 - Desktop Component 1: (no name) - http://config.privoxy.org/toggle

 

--

End of file - 8380 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Boa noite....

 

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

RUY    2

RUY
Postado

Logfile of random's system information tool 1.06 (written by random/random)

Run by Magali at 2010-03-03 08:47:36

Microsoft Windows XP Professional Service Pack 3

System drive C: has 41 GB (53%) free of 76 GB

Total RAM: 1014 MB (49% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:47:42, on 03/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Tools\4t Tray Minimizer\4T-MIN.EXE

C:\TARITRON BACKUP\TARITRON WINDOWS\Bilhetagem.exe

C:\Tools\Cic\CICClient.exe

\SRV01\Rede\Tools\Intranet\Intranet.exe

C:\TARITRON WINDOWS\Taritron.exe

C:\TARITRON WINDOWS\TELE_14A\TELE_14A.EXE

C:\TARITRON WINDOWS\TELE_211\TELE_211.EXE

C:\TARITRON WINDOWS\Tele_23A\Tele_23A.EXE

C:\TARITRON WINDOWS\TELE_25\TELE_25.EXE

C:\Desenvolv\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

E:\Magali.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://correiomapa.agricultura.gov.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.51.24.22:8118

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O4 - .DEFAULT User Startup: Bilhetagem For Windows.lnk = C:\TARITRON WINDOWS\Bilhetagem.exe (User 'Default user')

O4 - .DEFAULT User Startup: Taritron For Windows.lnk = C:\TARITRON WINDOWS\TARITRON.exe (User 'Default user')

O4 - Startup: 4T-MIN.lnk = C:\Tools\4t Tray Minimizer\4T-MIN.EXE

O4 - Startup: Bilhetagem For Windows.lnk = C:\TARITRON BACKUP\TARITRON WINDOWS\Bilhetagem.exe

O4 - Startup: CIC.lnk = C:\Tools\Cic\CICClient.exe

O4 - Startup: Taritron For Windows.lnk = C:\TARITRON WINDOWS\TARITRON.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Temp\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250779872976

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250779240445

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\httpd.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: FileZilla Server - Unknown owner - E:\xampp\FileZillaFTP\FileZilla server.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mercury - Unknown owner - E:\xampp\xampp_service_mercury.exe (file missing)

O23 - Service: MySQL - Unknown owner - E:\xampp\mysql\bin\mysqld.exe (file missing)

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

O24 - Desktop Component 1: (no name) - http://config.privoxy.org/toggle

 

--

End of file - 8412 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-22 155648]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-22 126976]

"ccApp"=C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe [2008-08-14 115560]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

""=1 []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

C:\Documents and Settings\Magali\Meus documentos\Menu Iniciar\Programas\Inicializar

4T-MIN.lnk - C:\Tools\4t Tray Minimizer\4T-MIN.EXE

Bilhetagem For Windows.lnk - C:\TARITRON BACKUP\TARITRON WINDOWS\Bilhetagem.exe

CIC.lnk - C:\Tools\Cic\CICClient.exe

Taritron For Windows.lnk - C:\TARITRON WINDOWS\TARITRON.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2005-02-22 348160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableStatusMessages"=0

"DisableTaskMgr"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149

"NoDriveAutoRun"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoResolveSearch"=

"NoDriveAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Tools\Cic\CICClient.exe"="C:\Tools\Cic\CICClient.exe:*:Enabled:CICClient"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"

"C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"

"C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\UltraVNC\vncviewer.exe"="C:\Arquivos de programas\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"

"C:\Apache2\bin\Apache.exe"="C:\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"C:\Arquivos de programas\VertrigoServ\Apache\bin\v_apache.exe"="C:\Arquivos de programas\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"

"C:\Arquivos de programas\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Arquivos de programas\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"

"C:\Documents and Settings\Magali\Configurações locais\Temp\RarSFX0\orbitnet.exe"="C:\Documents and Settings\Magali\Configurações locais\Temp\RarSFX0\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"

"E:\xampp\mysql\bin\mysqld.exe"="E:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"

"E:\xampp\apache\bin\httpd.exe"="E:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"

"E:\aplicativos\xampp\apache\bin\httpd.exe"="E:\aplicativos\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"

"E:\aplicativos\xampp\mysql\bin\mysqld.exe"="E:\aplicativos\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Arquivos de programas\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2010-03-03 08:47:36 ----D---- C:\rsit

 

======List of files/folders modified in the last 1 months======

 

2010-03-03 08:47:34 ----D---- C:\WINDOWS\Prefetch

2010-03-03 08:47:22 ----D---- C:\Desenvolv

2010-03-03 08:45:48 ----D---- C:\TARITRON WINDOWS

2010-03-03 08:17:22 ----D---- C:\WINDOWS\temp

2010-03-02 12:09:24 ----D---- C:\Tools

2010-03-02 12:07:56 ----A---- C:\WINDOWS\Taritron.ini

2010-03-02 12:07:04 ----A---- C:\WINDOWS\TaritronPos.ini

2010-03-02 11:05:10 ----AD---- C:\WINDOWS\system32\drivers

2010-03-01 18:41:45 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-01 11:59:30 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-03-01 09:40:20 ----A---- C:\WINDOWS\Bilhetagem.INI

2010-03-01 09:35:55 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-23 16:47:01 ----HD---- C:\Temp

2010-02-23 16:47:01 ----D---- C:\WINDOWS\system32

2010-02-12 17:02:26 ----A---- C:\WINDOWS\BILHETE_POS.INI

2010-02-11 09:33:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\pdf995

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-10-13 279600]

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-10-13 43824]

R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []

R2 Proteq;Proteq; C:\WINDOWS\system32\drivers\Proteq.sys [1997-11-05 10848]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-22 807742]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

R3 NAVENG;NAVENG; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20100302.050\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20100302.050\NAVEX15.SYS []

R3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

R3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-02-05 392832]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-08-02 14336]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 catchme;catchme; \??\C:\DOCUME~1\Magali\CONFIG~1\Temp\catchme.sys []

S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]

S3 portio;TPM Service; C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-09-22 14695]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-10-13 319664]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ccEvtMgr;Symantec Event Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]

R2 ccSetMgr;Symantec Settings Manager; C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-12-08 53800]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 SmcService;Symantec Management Client; C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 1795400]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]

R2 WinVNC4;VNC Server Version 4; C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]

S2 Apache2.2;Apache2.2; E:\xampp\apache\bin\httpd.exe -k runservice []

S2 FileZilla Server;FileZilla Server; E:\xampp\FileZillaFTP\FileZilla server.exe []

S2 Mercury;Mercury; E:\xampp\xampp_service_mercury.exe []

S2 MySQL;MySQL; E:\xampp\mysql\bin\mysqld.exe --defaults-file=E:\xampp\mysql\bin\my.ini MySQL []

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 LiveUpdate;LiveUpdate; C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]

S3 SNAC;Symantec Network Access Control; C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-12-08 320840]

S4 Apache2;Apache2; C:\Apache2\bin\Apache.exe -k runservice []

 

-----------------EOF-----------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...

 

 

Log limpo.

 

Delete o RSIT e a pasta C:\rsit

 

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito