Análise do log HijackThis [Resolvido/Fechado]

Denunciar
-
Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
-
Bom dia, preciso de ajuda para interpretar um log do hijack, alguém pode me ajudar? Segue o log abaixo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:32, on 04/07/2013
Platform: Windows 7 SP1 (WinNT

6.00.3505)
MSIE: Internet Explorer v10.0

(10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Siano Mobile

Silicon\SMS\SmsIRProcess.exe
C:\Users\jp\AppData\Local\Akamai

\netsession_win.exe
C:\Program Files (x86)\IncrediMail\Bin

\IncMail.exe
C:\Program Files (x86)\Apache Software

Foundation\Apache2.2\bin

\ApacheMonitor.exe
C:\Program Files (x86)\ArcSoft

\TotalMedia 3.5\TMMonitor.exe
C:\Users\jp\AppData\Local\Akamai

\netsession_win.exe
C:\Program Files\AVAST Software\Avast

\AvastUI.exe
C:\Program Files (x86)\Common Files

\ArcSoft\Connection Service\Bin

\ACDaemon.exe
C:\Program Files (x86)\Motorola

\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\IncrediMail\Bin

\ImApp.exe
C:\Program Files (x86)\TeamViewer

\Version6\TeamViewer.exe
C:\Program Files (x86)\Windows Media

Player\wmplayer.exe
C:\Program Files (x86)\Internet

Explorer\IELowutil.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Program Files (x86)\Free Download

Manager\fdm.exe
C:\downloads\Software\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.portaldosites.com/?

utm_source=b&utm_medium=cor&from=cor&uid

=SAMSUNGXHD103SI_S23ZJ50Z610565&ts=13685

49134
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

https://www.microsoft.com/fr-fr/?ref=go

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

https://www.nsctotal.com.br/home
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Internet

Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -

{90eee664-34b1-422a-a782-779af65cdf6d} -

(no file)
R3 - URLSearchHook: (no name) -

{ba14329e-9550-4989-b3f2-9732e92d17cc} -

(no file)
R3 - URLSearchHook: (no name) -

{e7cb019e-bf3b-4c48-9673-48c323b18e31} -

(no file)
F2 - REG:system.ini:

UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper

- {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Program

Files\AVAST Software\Avast\avastUI.exe"

/nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:

\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection

Service] C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin

\ACDaemon.exe
O4 - HKCU\..\Run: [Google Update] "C:

\Users\jp\AppData\Local\Google\Update

\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession

Interface] "C:\Users\jp\AppData\Local

\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [IncrediMail] C:

\Program Files (x86)\IncrediMail\bin

\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]

%ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIÇO

LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce:

[mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]

%ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIÇO DE

REDE')
O4 - HKUS\S-1-5-20\..\RunOnce:

[mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO DE

REDE')
O4 - Global Startup: Monitor Apache

Servers.lnk = C:\Program Files

(x86)\Apache Software Foundation

\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: TMMonitor.lnk = C:

\Program Files (x86)\ArcSoft\TotalMedia

3.5\TMMonitor.exe
O8 - Extra context menu item: &Enviar

para o OneNote - res://C:

\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll

/105
O8 - Extra context menu item: Baixar com

o Free Download Manager - file://C:

\Program Files (x86)\Free Download

Manager\dllink.htm
O8 - Extra context menu item: Baixar

tudo com o Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlall.htm
O8 - Extra context menu item: Baixar

vídeo com o Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download

selecionado pelo Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar

para o Microsoft Excel - res://C:

\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/30

00
O10 - Unknown file in Winsock LSP: c:

\program files (x86)\common files

\microsoft shared\windows live

\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:

\program files (x86)\common files

\microsoft shared\windows live

\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-

444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/sh

ockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-

AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusP

lus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-

9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-

4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml -

{807573E5-5146-11D5-A672-00B0D022E945} -

C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon

(ACDaemon) - ArcSoft Inc. - C:\Program

Files (x86)\Common Files\ArcSoft

\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update

Service (AdobeARMservice) - Adobe

Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update

Service (AdobeFlashPlayerUpdateSvc) -

Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%

\system32\Alg.exe,-112 (ALG) - Unknown

owner - C:\Windows\System32\alg.exe

(file missing)
O23 - Service: avast! Antivirus - AVAST

Software - C:\Program Files\AVAST

Software\Avast\AvastSvc.exe
O23 - Service: @%systemroot%

\system32\CISVC.EXE,-1 (CISVC) - Unknown

owner - C:\Windows\system32\CISVC.EXE

(file missing)
O23 - Service: CLHNServiceForPowerDVD -

Unknown owner - C:\Program Files

(x86)\CyberLink\PowerDVD11\Kernel\DMP

\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0

Monitor Service - CyberLink - C:\Program

Files (x86)\CyberLink\PowerDVD11\Common

\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0

Service - CyberLink - C:\Program Files

(x86)\CyberLink\PowerDVD11\Common

\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: DeviceMonitorService -

Nero AG - C:\Program Files

(x86)\Motorola Media Link\Lite

\NServiceEntry.exe
O23 - Service: @%SystemRoot%

\system32\efssvc.dll,-100 (EFS) -

Unknown owner - C:\Windows

\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%

\system32\fxsresm.dll,-118 (Fax) -

Unknown owner - C:\Windows

\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP

server (FileZilla Server) - Unknown

owner - C:\Program Files (x86)\xampp

\FileZillaFTP\FileZillaServer.exe (file

missing)
O23 - Service: Google Update Service

(gupdate) (gupdate) - Google Inc. - C:

\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Serviço do Google Update

(gupdatem) (gupdatem) - Google Inc. -

C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: @%windir%

\system32\inetsrv\iisres.dll,-30007

(IISADMIN) - Unknown owner - C:\Windows

\system32\inetsrv\inetinfo.exe (file

missing)
O23 - Service: @keyiso.dll,-100 (KeyIso)

- Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: MotoHelper Service

(MotoHelper) - Unknown owner - C:

\Program Files (x86)\Motorola

\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC)

- Unknown owner - C:\Windows

\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ)

- Unknown owner - C:\Windows

\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203

(MSMQTriggers) - Unknown owner - C:

\Windows\system32\mqtgsvc.exe (file

missing)
O23 - Service: MySQL - Unknown owner -

C:\Program.exe (file missing)
O23 - Service: MySQL_1 - Unknown owner -

C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:

\Program Files (x86)\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: @%SystemRoot%

\System32\netlogon.dll,-102 (Netlogon) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero

AG - C:\Program Files (x86)\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown

owner - C:\Program Files

(x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: Orolix Device Monitor

(OrolixDeviceMonitor) - Orolix

Desenvolvimento de Software LTDA. - C:

\Program Files (x86)\TIM Communicator

\module\devicemon.exe
O23 - Service: PnkBstrA - Unknown owner

- C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner

- C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%

\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:

\Windows\system32\lsass.exe (file

missing)
O23 - Service: Ralink Registry Writer

(RalinkRegistryWriter) - Ralink

Technology, Corp. - C:\Program Files

(x86)\Encore\Common\RegistryWriter.exe
O23 - Service: Ralink Registry Writer 64

(RalinkRegistryWriter64) - Ralink

Technology, Corp. - C:\Program Files

(x86)\Encore\Common\RegistryWriter64.exe
O23 - Service: @%systemroot%

\system32\Locator.exe,-2 (RpcLocator) -

Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center

Service (SBSDWSCService) - Safer

Networking Ltd. - C:\Program Files

(x86)\Spybot - Search & Destroy

\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype

Technologies S.A. - C:\ProgramData

\Skype\Toolbars\Skype C2C Service

\c2c_service.exe
O23 - Service: Skype Updater

(SkypeUpdate) - Skype Technologies - C:

\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%

\system32\snmptrap.exe,-3 (SNMPTRAP) -

Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%

\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\sppsvc.exe,-101 (sppsvc) -

Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6

(TeamViewer6) - TeamViewer GmbH - C:

\Program Files (x86)\TeamViewer

\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%

\system32\ui0detect.exe,-101 (UI0Detect)

- Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\vaultsvc.dll,-1003 (VaultSvc)

- Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\vds.exe,-100 (vds) - Unknown

owner - C:\Windows\System32\vds.exe

(file missing)
O23 - Service: @%systemroot%

\system32\vssvc.exe,-102 (VSS) - Unknown

owner - C:\Windows\system32\vssvc.exe

(file missing)
O23 - Service: WACService - Wondershare

- C:\Program Files (x86)\Wondershare

\Wondershare Application Center

\WACService.exe
O23 - Service: wampapache - Apache

Software Foundation - c:\wamp\bin

\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown

owner - c:\wamp\bin\mysql

\mysql5.5.16\bin\mysqld.exe
O23 - Service: @%SystemRoot%

\system32\Wat\WatUX.exe,-601

(WatAdminSvc) - Unknown owner - C:

\Windows\system32\Wat\WatAdminSvc.exe

(file missing)
O23 - Service: @%systemroot%

\system32\wbengine.exe,-104 (wbengine) -

Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%

\system32\wbem\wmiapsrv.exe,-110

(wmiApSrv) - Unknown owner - C:\Windows

\system32\wbem\WmiApSrv.exe (file

missing)
O23 - Service: @%PROGRAMFILES%\Windows

Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%

\system32\inetsrv\iisres.dll,-20001

(WMSVC) - Unknown owner - C:\Windows

\system32\inetsrv\wmsvc.exe (file

missing)

End of file - 14258 bytes

6 respostas

Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
2.865
HELLO,


QUAL ERRO É APRESENTADO NO PC ?

EU ACHEI ESTRANHO:

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome


TEM MUITAS CHAVES IGUAIS DO CHROME.

EU RECOMENDO DESINSTALAR O CHROME.

PASSAR O CCLEANER, E INSTALAR NOVAMENTE.


CCLEANER LINK: https://www.ccleaner.com/ccleaner/download/standard


TAMBEM RECOMENDO O USO DO COMBOFIX POIS ESSE PROCESSO É SUSPEITO:

WatAdminSvc) - Unknown owner - C:

\Windows\system32\Wat\WatAdminSvc.exe


COMBOFIX LINK: https://www.bleepingcomputer.com/download/combofix/

TUTORIAL DE COMO USAR:

LINK: https://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix


PAUSE O AVAST ANTES DE USAR O COMBOFIX OK!

DESCULPE A DEMORA!

POSTE O RESULTADO!



Segue o log do combofix.

ComboFix 13-07-09.01 - jp 09/07/2013 9:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3318.1978 [GMT -3:00]
Executando de: c:\users\jp\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\INSTALL.LOG
c:\users\jp\AppData\Local\TempDIR
c:\users\jp\currículo atual .doc
c:\users\jp\npp.5.9.3.Installer.exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (1).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (2).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer.exe
c:\windows\IsUn0816.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-09 to 2013-07-09 ))))))))))))))))))))))))))))
.
.
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-06-28 14:44 . 2013-06-28 14:44 -------- d-----w- c:\program files\COMODO
2013-06-28 14:43 . 2013-06-28 14:47 -------- d-----w- c:\programdata\Comodo
2013-06-28 14:42 . 2013-06-28 14:42 -------- d-----w- c:\programdata\Comodo Downloader
2013-06-19 11:14 . 2013-07-09 11:08 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-06-12 16:37 . 2013-06-12 16:37 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-12 11:40 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:20 . 2013-03-16 21:55 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:20 . 2012-02-10 17:28 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:20 . 2012-02-10 17:28 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 16:37 . 2012-04-07 23:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:37 . 2011-05-24 13:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:03 . 2010-12-26 15:05 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-28 11:38 . 2013-05-28 11:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-28 11:38 . 2013-05-28 11:38 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-28 11:38 . 2013-05-28 11:38 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-28 11:38 . 2013-05-28 11:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-28 11:38 . 2013-05-28 11:38 188320 ----a-w- c:\windows\system32\java.exe
2013-05-28 11:38 . 2011-11-05 18:24 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-15 10:50 . 2011-08-05 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-14 16:33 . 2011-06-11 04:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-05-14 16:33 . 2011-06-11 04:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-05-09 08:59 . 2013-03-16 21:55 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-23 19:50 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-02-10 17:28 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-02-10 17:28 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-02-10 17:28 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-02-10 17:27 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-01-18 20:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-04 11:00 . 2013-05-04 11:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 11:00 . 2012-08-10 12:26 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-04 11:00 . 2011-01-19 15:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 12:06 . 2013-04-30 12:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 12:06 . 2013-04-30 12:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:06 . 2013-04-30 12:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:06 . 2013-04-30 12:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 12:06 . 2013-04-30 12:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 12:06 . 2013-04-30 12:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 12:06 . 2013-04-30 12:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:06 . 2013-04-30 12:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:06 . 2013-04-30 12:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 12:06 . 2013-04-30 12:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 12:06 . 2013-04-30 12:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 12:06 . 2013-04-30 12:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 12:06 . 2013-04-30 12:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 12:06 . 2013-04-30 12:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 12:06 . 2013-04-30 12:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:06 . 2013-04-30 12:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 12:06 . 2013-04-30 12:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 12:06 . 2013-04-30 12:06 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 12:06 . 2013-04-30 12:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 12:06 . 2013-04-30 12:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 12:06 . 2013-04-30 12:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 12:06 . 2013-04-30 12:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 12:06 . 2013-04-30 12:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 12:06 . 2013-04-30 12:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 12:06 . 2013-04-30 12:06 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 12:06 . 2013-04-30 12:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:06 . 2013-04-30 12:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 12:06 . 2013-04-30 12:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 12:06 . 2013-04-30 12:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 12:06 . 2013-04-30 12:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 12:06 . 2013-04-30 12:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 12:06 . 2013-04-30 12:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 12:06 . 2013-04-30 12:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 12:06 . 2013-04-30 12:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 12:06 . 2013-04-30 12:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 12:06 . 2013-04-30 12:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 12:06 . 2013-04-30 12:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 12:06 . 2013-04-30 12:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:06 . 2013-04-30 12:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 12:06 . 2013-04-30 12:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 12:06 . 2013-04-30 12:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 12:06 . 2013-04-30 12:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:06 . 2013-04-30 12:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 12:06 . 2013-04-30 12:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 12:06 . 2013-04-30 12:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 12:06 . 2013-04-30 12:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 12:06 . 2013-04-30 12:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:06 . 2013-04-30 12:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:06 . 2013-04-30 12:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 11:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:06 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-01-12 15:04 . 2013-01-12 15:03 22916830 ----a-w- c:\program files\vlc-2.0.5-win32.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\jp\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2013-04-27 440744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-9-9 41051]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-6-1 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MySQL_1;MySQL_1;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL_1;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL_1 [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys;c:\windows\SYSNATIVE\DRIVERS\STK02NW2.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Serviço de Gerenciamento da Web;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/21 16:58];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 iprip;RIP de Escuta;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files (x86)\TIM Communicator\module\devicemon.exe;c:\program files (x86)\TIM Communicator\module\devicemon.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Encore\Common\RegistryWriter64.exe;c:\program files (x86)\Encore\Common\RegistryWriter64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 WACService;WACService;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys;c:\windows\SYSNATIVE\drivers\smsbda.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-09 03:33 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:37]
.
2012-02-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-06 21:33]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 18:24]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"SmsIrProcess"="c:\program files (x86)\Siano Mobile Silicon\SMS\SmsIrProcess.exe" [2010-06-24 90112]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Baixar com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 189.4.64.87 189.4.64.82
.
.
------- Associação de arquivos/ficheiros -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORFÃOS REMOVIDOS - - - -
.
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TVTray - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL_1]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL_1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-07-09 09:48:52
ComboFix-quarantined-files.txt 2013-07-09 12:48
.
Pré-execução: 615.490.412.544 bytes disponíveis
Pós execução: 614.956.081.152 bytes disponíveis
.
- - End Of File - - 3B0C0660F70DE4108BB36F4337890C87
A36C5E4F47E84449FF07ED3517B43A31
Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
2.865
HELLO,


ARQUIVOS CONTAMINADOS EXCLUIDOS:

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\INSTALL.LOG
c:\users\jp\AppData\Local\TempDIR
c:\users\jp\currículo atual .doc
c:\users\jp\npp.5.9.3.Installer.exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (1).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (2).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer.exe
c:\windows\IsUn0816.exe


- - - - ORFÃOS REMOVIDOS - - - -
.
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TVTray - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.

AGORA PARA TER CERTEZA DE QUE O PC ESTA LIMPO RECOMENDO UM SCANEAMENTO RÁPIDO COM O AVAST.

POSTE O RESULTADO DO SCAN DO AVAST!

E FALE SE O PC ESTA APRESENTANDO ALGUM PROBLEMA:
O scan do Avast diz que nenhum arquivo está contaminado mas alguns arquivos não puderam ser escaneados.
Esses arquivos que não puderam ser escaneados, eu devo excluir ou enviar para quarentena?
Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
2.865
HELLO,

VC NÃO PRECISSA MANDALOS PARA QUARENTENA!

E O PC ESTA NORMAL ?
Eu acabei de reiniciar e aparentemente está tudo normal, ficou até mais rápido, valeu pela força.
Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
2.865
OK!

RESOLVIDO!
Boa tarde... me chamo Elena e baixei o Hijack This porque meu computador esta muito lento o resultado foi o seguinte

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:52, on 17/7/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\IBM\Lotus\Notes\nsd.exe
C:\Arquivos de programas\IBM\Lotus\Notes\ntmulti.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\CorporeRM\RM.Net\RM.Host.Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\IBM\Lotus\Notes\NLNOTES.EXE
C:\Arquivos de programas\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Arquivos de programas\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe
C:\Arquivos de programas\IBM\Lotus\Notes\ntaskldr.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
D:\CorporeRM\RMFluxus\RMFLUXUS.exe
D:\CorporeRM\RM.Net\RM.Host.Client.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Consiste\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Arquivos de programas\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Diagnóstico do Lotus Notes (Lotus Notes Diagnostics) - IBM - C:\Arquivos de programas\IBM\Lotus\Notes\nsd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Arquivos de programas\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: RM.Host.Service - RM Sistemas S.A. - D:\CorporeRM\RM.Net\RM.Host.Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\TmProxy.exe
Posts
1591
Data de inscrição
segunda 4 de outubro de 2010
Status
Contribuinte
Última visita
23 de junho de 2016
2.865
HELLO,ELENA


VC POSSUI SIM ALGUMS ARQUIVOS INFECTADOS:


UM DELES: C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe



RECOMENDO O USO DO COMBO FIX:


COMBOFIX LINK: https://www.bleepingcomputer.com/download/combofix/

TUTORIAL DE COMO USAR:

LINK: https://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

BAIXE O COMBO FIX SALVE NA ARE DE TRABALHO E ANTES DE USAR PAUSE O SEU ANTI VIRUS TREND MICRO.

DEPOIS USE COMBO FIX:


POSTE O RESULTADO DO SCAN AQUI: