Ir para conteúdo

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

ritieler

  • Postagens

    14
  • Desde

  • Última visita

Últimos Visitantes

719 visualizações
  1. ritieler

    meu servidor foi infectado com .no_more_ransom

    Segue Corretamenre. Desculpe pela falha. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 17/10/2018 Hora da análise: 23:26 Arquivo de registro: 476d8ce8-d27d-11e8-92bf-000c293be2f4.json -Informação do software- Versão: 3.6.1.2711 Versão de componentes: 1.0.463 Versão do pacote de definições: 1.0.7407 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows Server 2008 R2 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: \ -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 766628 Ameaças detectadas: 0 Ameaças em quarentena: 0 Tempo decorrido: 11 min, 9 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end)
  2. ritieler

    meu servidor foi infectado com .no_more_ransom

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 15/10/2018 Hora da análise: 23:21 Arquivo de registro: 23c1b650-d0ea-11e8-9f03-000c293be2f4.json -Informação do software- Versão: 3.6.1.2711 Versão de componentes: 1.0.463 Versão do pacote de definições: 1.0.7369 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows Server 2008 R2 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: \ -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 743163 Ameaças detectadas: 5 Ameaças em quarentena: 5 Tempo decorrido: 7 min, 8 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 2 Ransom.Rapid.E, HKU\S-1-5-21-1130571546-4274047757-2541913076-1123\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN|ENCRYPTER_074, Quarentena, [6606], [486005],1.0.7369 Ransom.Rapid.E, HKU\S-1-5-21-1130571546-4274047757-2541913076-1123\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN|USERINFO, Quarentena, [6606], [486006],1.0.7369 Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 3 Ransom.Rapid.E, C:\USERS\ALMOX\APPDATA\ROAMING\RECOVERY.TXT, Quarentena, [6606], [486006],1.0.7369 Ransom.Rapid.E, C:\USERS\ADMINISTRADOR\APPDATA\ROAMING\Microsoft\Windows\Recent\recovery.txt.lnk, Quarentena, [6606], [486006],1.0.7369 RiskWare.Tool.HCK, C:\USERS\ADMINISTRADOR\DOWNLOADS\WRAR391 - KEY.EXE, Quarentena, [7795], [65942],1.0.7369 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Segue também o HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:42:16, on 15/10/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19137) Boot mode: Normal Running processes: D:\nQuestorEmp\nServerApp.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/HardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office16\URLREDIR.DLL O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - S-1-5-21-1130571546-4274047757-2541913076-1115 Startup: Enviar para o OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE (User 'compras') O4 - S-1-5-21-1130571546-4274047757-2541913076-1123 Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (User 'almox') O4 - S-1-5-21-1130571546-4274047757-2541913076-1123 User Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (User 'almox') O4 - S-1-5-21-1130571546-4274047757-2541913076-1128 Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (User 'luis') O4 - S-1-5-21-1130571546-4274047757-2541913076-1128 User Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (User 'luis') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O10 - Broken Internet access because of LSP provider 'c:\users\administrador\Windows\system32\nlaapi.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://runonce.msn.com O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM) O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rodomunk.intranet O17 - HKLM\System\CCS\Services\Tcpip\..\{57B339F0-75D4-41E5-A754-B34FAFA7B5B2}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rodomunk.intranet O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rodomunk.intranet O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%systemroot%\system32\dfssvc.exe,-101 (Dfs) - Unknown owner - C:\Windows\system32\dfssvc.exe (file missing) O23 - Service: @dfsrress.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSRs.exe (file missing) O23 - Service: @%systemroot%\system32\dns.exe,-49157 (DNS) - Unknown owner - C:\Windows\system32\dns.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Security\ehttpsrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @%SystemRoot%\System32\ismserv.exe,-1 (IsmServ) - Unknown owner - C:\Windows\System32\ismserv.exe (file missing) O23 - Service: @%SystemRoot%\System32\kdcsvc.dll,-1 (kdc) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ntdsmsg.dll,-1 (NTDS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: DSM SA Connection Service (Server Administrator) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Alias Manager and Ticket Service (VGAuthService) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe O23 - Service: VMware Tools (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 9795 bytes
  3. ritieler

    meu servidor foi infectado com .no_more_ransom

    Sim eu sei só não consegui desinstalar. Temos tudo licenciado faz um tempo já
  4. ritieler

    meu servidor foi infectado com .no_more_ransom

    ~ ZHPCleaner v2018.10.9.181 by Nicolas Coolman (2018/10/09) ~ Run by administrador (Administrator) (09/10/2018 09:01:32) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Administrador\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Administrador\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 2008R2, 64-bit Service Pack 1 (Build 7601) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (1) ~ The hosts file is legitimate (21) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (1) ---\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. (Register) ---\ Summary of the elements found (1) https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico ---\ Other deletions. (26) ~ Registry Keys Tracing deleted (26) ~ Remove the old reports ZHPCleaner. (0) ---\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\ Statistics ~ Items scanned : 749 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn12s ---\ Reports (2) ZHPCleaner-[S]-09102018-08_57_00.txt ZHPCleaner-[R]-09102018-09_01_44.txt
  5. Olá tenho um servidor Windows server 2008 R2 com usuarios conectados com ts tenho ad configurado. Porem um usuario recebeu um email e acabou travando alguns arquivos dele apenas e gostaria de saber oque fazer também pois nao quero refazer o servidor todo. Fiz todo o processo pedido nas regras e esta aqui o log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:28:42, on 06/10/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19137) Boot mode: Normal Running processes: C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/HardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office16\URLREDIR.DLL O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O10 - Broken Internet access because of LSP provider 'c:\users\administrador\Windows\system32\nlaapi.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://runonce.msn.com O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM) O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rodomunk.intranet O17 - HKLM\System\CCS\Services\Tcpip\..\{57B339F0-75D4-41E5-A754-B34FAFA7B5B2}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rodomunk.intranet O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rodomunk.intranet O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%systemroot%\system32\dfssvc.exe,-101 (Dfs) - Unknown owner - C:\Windows\system32\dfssvc.exe (file missing) O23 - Service: @dfsrress.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSRs.exe (file missing) O23 - Service: @%systemroot%\system32\dns.exe,-49157 (DNS) - Unknown owner - C:\Windows\system32\dns.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Security\ehttpsrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @%SystemRoot%\System32\ismserv.exe,-1 (IsmServ) - Unknown owner - C:\Windows\System32\ismserv.exe (file missing) O23 - Service: @%SystemRoot%\System32\kdcsvc.dll,-1 (kdc) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ntdsmsg.dll,-1 (NTDS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: DSM SA Connection Service (Server Administrator) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_connsvc64.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Alias Manager and Ticket Service (VGAuthService) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe O23 - Service: VMware Tools (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 8758 bytes
×