Menu
Anterior Seguinte

Análise do log HijackThis

Resolvido/Fechado
pesquisa - 4 jul 2013 às 17:24
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 - 18 jul 2013 às 14:28
Bom dia, preciso de ajuda para interpretar um log do hijack, alguém pode me ajudar? Segue o log abaixo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:32, on 04/07/2013
Platform: Windows 7 SP1 (WinNT

6.00.3505)
MSIE: Internet Explorer v10.0

(10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Siano Mobile

Silicon\SMS\SmsIRProcess.exe
C:\Users\jp\AppData\Local\Akamai

\netsession_win.exe
C:\Program Files (x86)\IncrediMail\Bin

\IncMail.exe
C:\Program Files (x86)\Apache Software

Foundation\Apache2.2\bin

\ApacheMonitor.exe
C:\Program Files (x86)\ArcSoft

\TotalMedia 3.5\TMMonitor.exe
C:\Users\jp\AppData\Local\Akamai

\netsession_win.exe
C:\Program Files\AVAST Software\Avast

\AvastUI.exe
C:\Program Files (x86)\Common Files

\ArcSoft\Connection Service\Bin

\ACDaemon.exe
C:\Program Files (x86)\Motorola

\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\IncrediMail\Bin

\ImApp.exe
C:\Program Files (x86)\TeamViewer

\Version6\TeamViewer.exe
C:\Program Files (x86)\Windows Media

Player\wmplayer.exe
C:\Program Files (x86)\Internet

Explorer\IELowutil.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Program Files (x86)\Free Download

Manager\fdm.exe
C:\downloads\Software\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.portaldosites.com/?

utm_source=b&utm_medium=cor&from=cor&uid

=SAMSUNGXHD103SI_S23ZJ50Z610565&ts=13685

49134
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

https://www.microsoft.com/fr-fr/?ref=go

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

https://www.nsctotal.com.br/home
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Internet

Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -

{90eee664-34b1-422a-a782-779af65cdf6d} -

(no file)
R3 - URLSearchHook: (no name) -

{ba14329e-9550-4989-b3f2-9732e92d17cc} -

(no file)
R3 - URLSearchHook: (no name) -

{e7cb019e-bf3b-4c48-9673-48c323b18e31} -

(no file)
F2 - REG:system.ini:

UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper

- {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Program

Files\AVAST Software\Avast\avastUI.exe"

/nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:

\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection

Service] C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin

\ACDaemon.exe
O4 - HKCU\..\Run: [Google Update] "C:

\Users\jp\AppData\Local\Google\Update

\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession

Interface] "C:\Users\jp\AppData\Local

\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [IncrediMail] C:

\Program Files (x86)\IncrediMail\bin

\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]

%ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIÇO

LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce:

[mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]

%ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIÇO DE

REDE')
O4 - HKUS\S-1-5-20\..\RunOnce:

[mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO DE

REDE')
O4 - Global Startup: Monitor Apache

Servers.lnk = C:\Program Files

(x86)\Apache Software Foundation

\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: TMMonitor.lnk = C:

\Program Files (x86)\ArcSoft\TotalMedia

3.5\TMMonitor.exe
O8 - Extra context menu item: &Enviar

para o OneNote - res://C:

\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll

/105
O8 - Extra context menu item: Baixar com

o Free Download Manager - file://C:

\Program Files (x86)\Free Download

Manager\dllink.htm
O8 - Extra context menu item: Baixar

tudo com o Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlall.htm
O8 - Extra context menu item: Baixar

vídeo com o Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download

selecionado pelo Free Download Manager -

file://C:\Program Files (x86)\Free

Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar

para o Microsoft Excel - res://C:

\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/30

00
O10 - Unknown file in Winsock LSP: c:

\program files (x86)\common files

\microsoft shared\windows live

\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:

\program files (x86)\common files

\microsoft shared\windows live

\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-

444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/sh

ockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-

AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusP

lus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-

9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-

4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml -

{807573E5-5146-11D5-A672-00B0D022E945} -

C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon

(ACDaemon) - ArcSoft Inc. - C:\Program

Files (x86)\Common Files\ArcSoft

\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update

Service (AdobeARMservice) - Adobe

Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update

Service (AdobeFlashPlayerUpdateSvc) -

Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%

\system32\Alg.exe,-112 (ALG) - Unknown

owner - C:\Windows\System32\alg.exe

(file missing)
O23 - Service: avast! Antivirus - AVAST

Software - C:\Program Files\AVAST

Software\Avast\AvastSvc.exe
O23 - Service: @%systemroot%

\system32\CISVC.EXE,-1 (CISVC) - Unknown

owner - C:\Windows\system32\CISVC.EXE

(file missing)
O23 - Service: CLHNServiceForPowerDVD -

Unknown owner - C:\Program Files

(x86)\CyberLink\PowerDVD11\Kernel\DMP

\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0

Monitor Service - CyberLink - C:\Program

Files (x86)\CyberLink\PowerDVD11\Common

\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0

Service - CyberLink - C:\Program Files

(x86)\CyberLink\PowerDVD11\Common

\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: DeviceMonitorService -

Nero AG - C:\Program Files

(x86)\Motorola Media Link\Lite

\NServiceEntry.exe
O23 - Service: @%SystemRoot%

\system32\efssvc.dll,-100 (EFS) -

Unknown owner - C:\Windows

\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%

\system32\fxsresm.dll,-118 (Fax) -

Unknown owner - C:\Windows

\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP

server (FileZilla Server) - Unknown

owner - C:\Program Files (x86)\xampp

\FileZillaFTP\FileZillaServer.exe (file

missing)
O23 - Service: Google Update Service

(gupdate) (gupdate) - Google Inc. - C:

\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Serviço do Google Update

(gupdatem) (gupdatem) - Google Inc. -

C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: @%windir%

\system32\inetsrv\iisres.dll,-30007

(IISADMIN) - Unknown owner - C:\Windows

\system32\inetsrv\inetinfo.exe (file

missing)
O23 - Service: @keyiso.dll,-100 (KeyIso)

- Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: MotoHelper Service

(MotoHelper) - Unknown owner - C:

\Program Files (x86)\Motorola

\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC)

- Unknown owner - C:\Windows

\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ)

- Unknown owner - C:\Windows

\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203

(MSMQTriggers) - Unknown owner - C:

\Windows\system32\mqtgsvc.exe (file

missing)
O23 - Service: MySQL - Unknown owner -

C:\Program.exe (file missing)
O23 - Service: MySQL_1 - Unknown owner -

C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:

\Program Files (x86)\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: @%SystemRoot%

\System32\netlogon.dll,-102 (Netlogon) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero

AG - C:\Program Files (x86)\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown

owner - C:\Program Files

(x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: Orolix Device Monitor

(OrolixDeviceMonitor) - Orolix

Desenvolvimento de Software LTDA. - C:

\Program Files (x86)\TIM Communicator

\module\devicemon.exe
O23 - Service: PnkBstrA - Unknown owner

- C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner

- C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%

\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:

\Windows\system32\lsass.exe (file

missing)
O23 - Service: Ralink Registry Writer

(RalinkRegistryWriter) - Ralink

Technology, Corp. - C:\Program Files

(x86)\Encore\Common\RegistryWriter.exe
O23 - Service: Ralink Registry Writer 64

(RalinkRegistryWriter64) - Ralink

Technology, Corp. - C:\Program Files

(x86)\Encore\Common\RegistryWriter64.exe
O23 - Service: @%systemroot%

\system32\Locator.exe,-2 (RpcLocator) -

Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center

Service (SBSDWSCService) - Safer

Networking Ltd. - C:\Program Files

(x86)\Spybot - Search & Destroy

\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype

Technologies S.A. - C:\ProgramData

\Skype\Toolbars\Skype C2C Service

\c2c_service.exe
O23 - Service: Skype Updater

(SkypeUpdate) - Skype Technologies - C:

\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%

\system32\snmptrap.exe,-3 (SNMPTRAP) -

Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%

\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\sppsvc.exe,-101 (sppsvc) -

Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6

(TeamViewer6) - TeamViewer GmbH - C:

\Program Files (x86)\TeamViewer

\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%

\system32\ui0detect.exe,-101 (UI0Detect)

- Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\vaultsvc.dll,-1003 (VaultSvc)

- Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%

\system32\vds.exe,-100 (vds) - Unknown

owner - C:\Windows\System32\vds.exe

(file missing)
O23 - Service: @%systemroot%

\system32\vssvc.exe,-102 (VSS) - Unknown

owner - C:\Windows\system32\vssvc.exe

(file missing)
O23 - Service: WACService - Wondershare

- C:\Program Files (x86)\Wondershare

\Wondershare Application Center

\WACService.exe
O23 - Service: wampapache - Apache

Software Foundation - c:\wamp\bin

\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown

owner - c:\wamp\bin\mysql

\mysql5.5.16\bin\mysqld.exe
O23 - Service: @%SystemRoot%

\system32\Wat\WatUX.exe,-601

(WatAdminSvc) - Unknown owner - C:

\Windows\system32\Wat\WatAdminSvc.exe

(file missing)
O23 - Service: @%systemroot%

\system32\wbengine.exe,-104 (wbengine) -

Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%

\system32\wbem\wmiapsrv.exe,-110

(wmiApSrv) - Unknown owner - C:\Windows

\system32\wbem\WmiApSrv.exe (file

missing)
O23 - Service: @%PROGRAMFILES%\Windows

Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%

\system32\inetsrv\iisres.dll,-20001

(WMSVC) - Unknown owner - C:\Windows

\system32\inetsrv\wmsvc.exe (file

missing)

End of file - 14258 bytes

6 Respostas

Resposta 1 / 6
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
8 jul 2013 às 16:24
HELLO,


QUAL ERRO É APRESENTADO NO PC ?

EU ACHEI ESTRANHO:

\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome


TEM MUITAS CHAVES IGUAIS DO CHROME.

EU RECOMENDO DESINSTALAR O CHROME.

PASSAR O CCLEANER, E INSTALAR NOVAMENTE.


CCLEANER LINK: https://www.ccleaner.com/ccleaner/download/standard


TAMBEM RECOMENDO O USO DO COMBOFIX POIS ESSE PROCESSO É SUSPEITO:

WatAdminSvc) - Unknown owner - C:

\Windows\system32\Wat\WatAdminSvc.exe


COMBOFIX LINK: https://www.bleepingcomputer.com/download/combofix/

TUTORIAL DE COMO USAR:

LINK: https://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix


PAUSE O AVAST ANTES DE USAR O COMBOFIX OK!

DESCULPE A DEMORA!

POSTE O RESULTADO!



0
Resposta 2 / 6
pesquisa
9 jul 2013 às 11:11
Segue o log do combofix.

ComboFix 13-07-09.01 - jp 09/07/2013 9:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3318.1978 [GMT -3:00]
Executando de: c:\users\jp\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\INSTALL.LOG
c:\users\jp\AppData\Local\TempDIR
c:\users\jp\currículo atual .doc
c:\users\jp\npp.5.9.3.Installer.exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (1).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (2).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer.exe
c:\windows\IsUn0816.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-09 to 2013-07-09 ))))))))))))))))))))))))))))
.
.
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-09 12:44 . 2013-07-09 12:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-06-28 14:44 . 2013-06-28 14:44 -------- d-----w- c:\program files\COMODO
2013-06-28 14:43 . 2013-06-28 14:47 -------- d-----w- c:\programdata\Comodo
2013-06-28 14:42 . 2013-06-28 14:42 -------- d-----w- c:\programdata\Comodo Downloader
2013-06-19 11:14 . 2013-07-09 11:08 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-06-12 16:37 . 2013-06-12 16:37 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-12 11:40 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 22:20 . 2013-03-16 21:55 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:20 . 2012-02-10 17:28 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:20 . 2012-02-10 17:28 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 16:37 . 2012-04-07 23:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:37 . 2011-05-24 13:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:03 . 2010-12-26 15:05 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-28 11:38 . 2013-05-28 11:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-28 11:38 . 2013-05-28 11:38 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-28 11:38 . 2013-05-28 11:38 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-28 11:38 . 2013-05-28 11:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-28 11:38 . 2013-05-28 11:38 188320 ----a-w- c:\windows\system32\java.exe
2013-05-28 11:38 . 2011-11-05 18:24 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-15 10:50 . 2011-08-05 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-14 16:33 . 2011-06-11 04:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-05-14 16:33 . 2011-06-11 04:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-05-09 08:59 . 2013-03-16 21:55 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-23 19:50 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-02-10 17:28 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-02-10 17:28 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-02-10 17:28 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-02-10 17:27 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-01-18 20:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-04 11:00 . 2013-05-04 11:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 11:00 . 2012-08-10 12:26 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-04 11:00 . 2011-01-19 15:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 12:06 . 2013-04-30 12:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 12:06 . 2013-04-30 12:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:06 . 2013-04-30 12:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:06 . 2013-04-30 12:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 12:06 . 2013-04-30 12:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 12:06 . 2013-04-30 12:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 12:06 . 2013-04-30 12:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:06 . 2013-04-30 12:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:06 . 2013-04-30 12:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 12:06 . 2013-04-30 12:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 12:06 . 2013-04-30 12:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 12:06 . 2013-04-30 12:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 12:06 . 2013-04-30 12:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 12:06 . 2013-04-30 12:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 12:06 . 2013-04-30 12:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:06 . 2013-04-30 12:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 12:06 . 2013-04-30 12:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 12:06 . 2013-04-30 12:06 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 12:06 . 2013-04-30 12:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 12:06 . 2013-04-30 12:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 12:06 . 2013-04-30 12:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 12:06 . 2013-04-30 12:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 12:06 . 2013-04-30 12:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 12:06 . 2013-04-30 12:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 12:06 . 2013-04-30 12:06 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 12:06 . 2013-04-30 12:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:06 . 2013-04-30 12:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 12:06 . 2013-04-30 12:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 12:06 . 2013-04-30 12:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 12:06 . 2013-04-30 12:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 12:06 . 2013-04-30 12:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 12:06 . 2013-04-30 12:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 12:06 . 2013-04-30 12:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 12:06 . 2013-04-30 12:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 12:06 . 2013-04-30 12:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 12:06 . 2013-04-30 12:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 12:06 . 2013-04-30 12:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 12:06 . 2013-04-30 12:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:06 . 2013-04-30 12:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 12:06 . 2013-04-30 12:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 12:06 . 2013-04-30 12:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 12:06 . 2013-04-30 12:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:06 . 2013-04-30 12:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 12:06 . 2013-04-30 12:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 12:06 . 2013-04-30 12:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 12:06 . 2013-04-30 12:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 12:06 . 2013-04-30 12:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:06 . 2013-04-30 12:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:06 . 2013-04-30 12:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 11:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:06 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-01-12 15:04 . 2013-01-12 15:03 22916830 ----a-w- c:\program files\vlc-2.0.5-win32.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\jp\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2013-04-27 440744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-9-9 41051]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-6-1 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MySQL_1;MySQL_1;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL_1;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL_1 [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys;c:\windows\SYSNATIVE\DRIVERS\STK02NW2.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Serviço de Gerenciamento da Web;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/21 16:58];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 iprip;RIP de Escuta;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files (x86)\TIM Communicator\module\devicemon.exe;c:\program files (x86)\TIM Communicator\module\devicemon.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Encore\Common\RegistryWriter64.exe;c:\program files (x86)\Encore\Common\RegistryWriter64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 WACService;WACService;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys;c:\windows\SYSNATIVE\drivers\smsbda.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-09 03:33 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:37]
.
2012-02-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-06 21:33]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 18:24]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\jp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"SmsIrProcess"="c:\program files (x86)\Siano Mobile Silicon\SMS\SmsIrProcess.exe" [2010-06-24 90112]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Baixar com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 189.4.64.87 189.4.64.82
.
.
------- Associação de arquivos/ficheiros -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORFÃOS REMOVIDOS - - - -
.
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TVTray - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL_1]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL_1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-07-09 09:48:52
ComboFix-quarantined-files.txt 2013-07-09 12:48
.
Pré-execução: 615.490.412.544 bytes disponíveis
Pós execução: 614.956.081.152 bytes disponíveis
.
- - End Of File - - 3B0C0660F70DE4108BB36F4337890C87
A36C5E4F47E84449FF07ED3517B43A31
0
Resposta 3 / 6
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
9 jul 2013 às 14:23
HELLO,


ARQUIVOS CONTAMINADOS EXCLUIDOS:

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\INSTALL.LOG
c:\users\jp\AppData\Local\TempDIR
c:\users\jp\currículo atual .doc
c:\users\jp\npp.5.9.3.Installer.exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (1).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer (2).exe
c:\users\jp\xampp-win32-1.7.7-VC9-installer.exe
c:\windows\IsUn0816.exe


- - - - ORFÃOS REMOVIDOS - - - -
.
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-TVTray - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.

AGORA PARA TER CERTEZA DE QUE O PC ESTA LIMPO RECOMENDO UM SCANEAMENTO RÁPIDO COM O AVAST.

POSTE O RESULTADO DO SCAN DO AVAST!

E FALE SE O PC ESTA APRESENTANDO ALGUM PROBLEMA:
0
Resposta 4 / 6
pesquisa
9 jul 2013 às 16:41
O scan do Avast diz que nenhum arquivo está contaminado mas alguns arquivos não puderam ser escaneados.
0
Resposta 5 / 6
pesquisa
9 jul 2013 às 16:44
Esses arquivos que não puderam ser escaneados, eu devo excluir ou enviar para quarentena?
0
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
9 jul 2013 às 16:57
HELLO,

VC NÃO PRECISSA MANDALOS PARA QUARENTENA!

E O PC ESTA NORMAL ?
0
pesquisa
9 jul 2013 às 17:12
Eu acabei de reiniciar e aparentemente está tudo normal, ficou até mais rápido, valeu pela força.
0
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
9 jul 2013 às 17:13
OK!

RESOLVIDO!
0
Resposta 6 / 6
Elena
17 jul 2013 às 15:59
Boa tarde... me chamo Elena e baixei o Hijack This porque meu computador esta muito lento o resultado foi o seguinte

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:52, on 17/7/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\IBM\Lotus\Notes\nsd.exe
C:\Arquivos de programas\IBM\Lotus\Notes\ntmulti.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\CorporeRM\RM.Net\RM.Host.Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\IBM\Lotus\Notes\NLNOTES.EXE
C:\Arquivos de programas\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Arquivos de programas\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe
C:\Arquivos de programas\IBM\Lotus\Notes\ntaskldr.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
D:\CorporeRM\RMFluxus\RMFLUXUS.exe
D:\CorporeRM\RM.Net\RM.Host.Client.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Consiste\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Arquivos de programas\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Diagnóstico do Lotus Notes (Lotus Notes Diagnostics) - IBM - C:\Arquivos de programas\IBM\Lotus\Notes\nsd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Arquivos de programas\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: RM.Host.Service - RM Sistemas S.A. - D:\CorporeRM\RM.Net\RM.Host.Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\TmProxy.exe
0
JESUS CRISTO Posts 1591 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
18 jul 2013 às 14:28
HELLO,ELENA


VC POSSUI SIM ALGUMS ARQUIVOS INFECTADOS:


UM DELES: C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe



RECOMENDO O USO DO COMBO FIX:


COMBOFIX LINK: https://www.bleepingcomputer.com/download/combofix/

TUTORIAL DE COMO USAR:

LINK: https://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

BAIXE O COMBO FIX SALVE NA ARE DE TRABALHO E ANTES DE USAR PAUSE O SEU ANTI VIRUS TREND MICRO.

DEPOIS USE COMBO FIX:


POSTE O RESULTADO DO SCAN AQUI:
0

Conversas semelhantes

Analise de log Hijackthis
guch4n -
JOSEFILHOXT -

17 Respostas
ANÁLISE DE LOG do hijackthis!
CrisBonow -
Fernando couto -

3 Respostas
log do hijackthis
thiyagi -
usuário anônimo -

1 Respostas
Analisar meu log do hijackthis
RobertoPaes -
JESUS CRISTO -

1 Respostas
HijackThis
Lilian_Munhoz -
Lilian_Munhoz -

22 Respostas

Assine nossa newsletter!
Assine nossa newsletter!
Junte-se à comunidade