Versão Imprimível
Revivendo o topico para deixar uma informação importante:
Evite que a aplicação Combofix***** seja renomeada, caso que acontece frequentemente com quem usa gerenciadores de downloads.
Na maioria das vezes o próprio software alerta que o executável não deve ser renomeado apagando o arquivo e indicando a ser baixado novamente, mas já aconteceu de essa proteção falhar e corromper o sistema operacional da maquina.
Isso vem acontecendo no Win 7 64 bits!
sempre que eu passo combofix, o windows se desliga sabe, da aquele erro de tela azul e tenho que reiniciar, agora tentei dnv, deu isso e quando ligo deu erro no windows :S
ola desculpe mas não consigo efetuar o download do combofix diretamente dos links postados... alguem poderia ajudar com um link direto de download seguro do mesmo?
a proposito fui hackado 2 vezes nas ultimas semanas e resolvi levar a outro nivel... onde entrei em contato direto com a cip e exigi os logs do meu char.
Eles não atenderam minha solicitação, e me informaram que somente com intervenção policial eles dariam as informações... e eu o fiz...
Bom se alguem ja sofreu com o mesmo espero que corram atras dos seus direitos porque o cybercrime de hack nao tem leis especificas para ser enquadrado...mas o crime de furto é citado no codigo penal e isso é cabivel de pena ao responsavel e empresa responsavel que negou auxilio se tornando assim auxiliadora do mesmo.
Fico no aguardo pelo link.
Att,
Jean
veja se tá tudo certo :y
Citação:
ComboFix 12-01-09.06 - PC 09/01/2012 23:36:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1535.702 [GMT -2:00]
Executando de: c:\documents and settings\PC\Desktop\ComboFix*****
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\PC\Dados de aplicativos\vso_ts_preview.xml
c:\windows\system32\uninstall*****
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))
.
.
2012-01-10 01:27 . 2012-01-10 01:28 -------- d-----w- c:\windows\system32\NtmsData
2012-01-09 23:59 . 2012-01-09 23:59 -------- d-----w- c:\windows\LastGood
2012-01-09 23:59 . 2009-10-22 15:54 37392 ----a-w- c:\windows\system32\drivers\46637192.sys
2012-01-09 23:59 . 2009-10-10 01:31 315408 ----a-w- c:\windows\system32\drivers\4663719.sys
2012-01-09 23:59 . 2009-09-25 19:59 128016 ----a-w- c:\windows\system32\drivers\46637191.sys
2012-01-07 01:34 . 2012-01-07 01:34 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Tibia******
2012-01-05 14:09 . 2009-06-25 15:20 1446264 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2011-12-23 18:31 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2011-12-23 18:31 . 2011-12-23 18:31 -------- d-----w- C:\04a543259663f17af8ec578e45
2011-12-23 18:31 . 2011-12-23 20:14 -------- d-----w- c:\windows\SxsCaPendDel
2011-12-23 00:09 . 2011-12-23 00:09 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi
2011-12-19 09:58 . 2011-11-04 19:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-19 09:58 . 2011-11-04 19:13 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-19 09:58 . 2011-11-04 19:13 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-19 09:57 . 2011-11-04 19:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-19 09:57 . 2011-11-04 19:13 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-19 09:57 . 2011-11-04 19:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-19 09:56 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-12-19 09:56 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-19 09:56 . 2011-12-19 09:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-19 09:54 . 2011-12-19 09:54 -------- d-----w- c:\windows\ie8updates
2011-12-19 09:53 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-12-19 09:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2011-12-14 16:02 . 2011-12-15 00:42 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\TibiaME
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-04 21:57 . 2011-05-13 15:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 17:24 . 2011-12-06 00:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2008-04-14 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 01:21 . 2011-11-08 01:21 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-04 19:13 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl*****
2011-10-26 10:49 . 2008-04-13 19:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa*****
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-11-09 12:14 . 2011-03-24 16:16 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\arquivos de programas\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\arquivos de programas\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Pa nda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\arquivos de programas\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Pa nda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\arquivos de programas\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor*****" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck*****" [2007-03-01 153136]
"HDAudDeck"="c:\arquivos de programas\VIAudioi\HDADeck\HDeck*****" [2006-07-04 679936]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor*****" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"WinSys2"="c:\windows\system32\winsys2*****" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"PSUNMain"="c:\arquivos de programas\Panda Security\Panda Cloud Antivirus\PSUNMain*****" [2011-04-28 439616]
"PlusService"="c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusService*****" [2011-09-20 801792]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched*****" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui*****" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON*****"="c:\windows\system32\CTFMON***** " [2008-04-14 15360]
.
c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\
setup_9.0.0.722_09.01.2012_04-18.lnk - c:\documents and settings\PC\Desktop\Virus Removal Tool\setup_9.0.0.722_09.01.2012_04-18\startup***** [2012-1-9 72208]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 18:18 1955208 ----a-w- c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui*****
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr*****
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 01:14 1242448 ----a-w- c:\arquivos de programas\Steam\Steam*****
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag*****"=
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE*****"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime*****"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java*****"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01*****"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp*****"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp*****"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw*****"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox*****"=
"c:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom*****"=
"c:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx*****"=
"c:\\Arquivos de programas\\Steam\\Steam*****"=
"c:\\Arquivos de programas\\Steam\\steamapps\\yea\\counter-strike source\\hl2*****"=
.
R0 46637192;46637192 Boot Guard Driver;c:\windows\system32\drivers\46637192.sys [9/1/2012 21:59 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/11/2011 23:21 717296]
R1 46637191;46637191;c:\windows\system32\drivers\4663 7191.sys [9/1/2012 21:59 128016]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKN C.sys [28/4/2011 09:57 129992]
R1 setup_9.0.0.722_09.01.2012_04-18drv;setup_9.0.0.722_09.01.2012_04-18drv;c:\windows\system32\drivers\4663719.sys [9/1/2012 21:59 315408]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x32.sys [11/1/2011 16:13 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2***** [15/8/2011 16:18 1361288]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice***** [5/12/2011 22:21 652872]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\arquivos de programas\Panda Security\Panda Cloud Antivirus\PSANHost***** [28/4/2011 09:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSIN Aflt.sys [1/8/2011 09:23 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSIN File.sys [28/4/2011 09:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSIN Proc.sys [28/4/2011 09:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSIN Prot.sys [28/4/2011 09:57 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [5/12/2011 22:21 20464]
S0 uyrmjrj;uyrmjrj;c:\windows\system32\drivers\uhgy.s ys --> c:\windows\system32\drivers\uhgy.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw***** [18/3/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate***** [13/2/2011 15:52 136176]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate***** [13/2/2011 15:52 136176]
S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [22/9/2010 11:53 26752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
S3 usbet;ET USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [17/3/2011 13:13 165504]
S3 uti1odkx;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti1odkx.sy s --> c:\windows\system32\Drivers\uti1odkx.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400***** [18/3/2010 13:16 753504]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - 46637191
*NewlyCreated* - 46637192
*NewlyCreated* - NTMSSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-07-22 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\arquivos de programas\Easeware\DriverEasy\DriverEasy***** [2010-09-22 23:29]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate***** [2011-02-13 17:51]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate***** [2011-02-13 17:51]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL*****/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
FF - ProfilePath - c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\rwok11tn.defa ult\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=00000002&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz*****
MSConfigStartUp-DAEMON Tools Lite - c:\arquivos de programas\DAEMON Tools Lite\daemon*****
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\arquivos de programas\VIAudioi\HDADeck\HDeck***** 1????????????????????????????????????????????????? ???
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b cserver]
"ImagePath"="c:\arquivos de programas\Traffic Shaper XP Server\bcserver.service"
.
Tempo para conclusão: 2012-01-09 23:50:04
ComboFix-quarantined-files.txt 2012-01-10 01:50
.
Pré-execução: 6 pasta(s) 44.480.237.568 bytes disponíveis
Pós execução: 9 pasta(s) 44.809.338.880 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG*****
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FAF636D5356DEA7223989D4CBCD175B4
quando apareceu isso ae os meu drives sumiram da seta que fica pra cima na barra de ferramenta, sera que eles foram apagados?
me ajudem pfpf
ComboFix 12-04-01.01 - Gabriel 02/04/2012 18:28:18.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2038.1243 [GMT -3:00]
Executando de: c:\users\Gabriel\Desktop\ComboFix*****
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.3.27\bh\incred ibar.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incrediba r.crx
c:\program files\Incredibar.com\incredibar\1.5.3.27\incrediba rApp.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incrediba rEng.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incrediba rsrv*****
c:\program files\Incredibar.com\incredibar\1.5.3.27\inCRediba rtlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall *****
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))
.
.
2012-04-02 21:41 . 2012-04-02 21:46 -------- d-----w- c:\users\Gabriel\AppData\Local\temp
2012-04-02 21:41 . 2012-04-02 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 21:35 . 2012-04-02 21:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C98EB72-E68D-469A-9B1B-1A8BE9F9198A}\offreg.dll
2012-04-01 04:43 . 2012-04-01 04:43 -------- d-----w- c:\users\Gabriel\AppData\Roaming\Malwarebytes
2012-04-01 04:43 . 2012-04-01 04:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 04:42 . 2012-04-01 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 04:42 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 04:17 . 2012-04-01 04:17 -------- d-----w- c:\users\Gabriel\AppData\Roaming\Device Doctor
2012-04-01 04:17 . 2012-04-01 04:17 -------- d-----w- c:\program files\Device Doctor
2012-03-25 14:05 . 2012-03-25 14:14 -------- d-----w- c:\users\Gabriel\AppData\Local\Facebook
2012-03-24 16:16 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C98EB72-E68D-469A-9B1B-1A8BE9F9198A}\mpengine.dll
2012-03-09 10:37 . 2012-03-09 10:38 -------- d-----w- c:\program files\Application Updater
2012-03-09 10:37 . 2012-03-09 10:37 -------- d-----w- c:\program files\IObit Toolbar
2012-03-09 10:37 . 2012-03-09 10:37 -------- d-----w- c:\program files\Common Files\Spigot
2012-03-09 00:06 . 2012-03-09 00:09 -------- d-----w- c:\users\Gabriel\AppData\Local\Smartbar
2012-03-08 23:40 . 2012-03-08 23:40 -------- d-----w- c:\users\Gabriel\AppData\Local\Messenger_Plus_Live
2012-03-08 23:30 . 2012-03-08 23:30 -------- d-----w- c:\program files\BrowserCompanion
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-03 14:14 . 2011-07-30 17:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 12:18 . 2011-08-06 19:42 237072 ------w- c:\windows\system32\MpSigStub*****
2012-01-20 16:14 . 2012-02-22 04:48 17280 ----a-w- c:\windows\system32\roboot*****
2012-01-14 01:24 . 2012-01-14 01:24 40960 ----a-r- c:\users\Gabriel\AppData\Roaming\Microsoft\Install er\{3B20796C-2D94-46E9-93B5-AEBBF0F286E0}\NewShortcut1_3B20796C2D9446E993B5AEB BF0F286E0*****
2011-10-05 17:55 . 2011-10-05 18:17 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2011-10-14 18:05 . 2011-07-30 17:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-18 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd6 2ccb9e983d\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-10-27 09:27 225584 ----a-w- c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 12:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2011-10-05 17:54 2660016 ----a-w- c:\program files\SpeedBit Video Downloader\TBU6A\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam*****" [2011-05-13 1756232]
"HW_OPENEYE_OUC_VIVO INTERNET"="c:\program files\VIVO INTERNET\UpdateDog\ouc*****" [2009-07-27 110592]
"Browser Infrastructure Helper"="c:\users\Gabriel\AppData\Local\Smartbar\A pplication\Smartbar*****" [2012-02-27 19272]
"Facebook Update"="c:\users\Gabriel\AppData\Local\Facebook\U pdate\FacebookUpdate*****" [2012-03-25 137536]
"Device Doctor"="c:\program files\Device Doctor\DDLauncher*****" [2012-01-02 80016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt*****" [2011-03-04 281768]
"IgfxTray"="c:\windows\system32\igfxtray*****" [2010-06-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd*****" [2010-06-07 173592]
"Persistence"="c:\windows\system32\igfxpers*** **" [2010-06-07 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh*****" [2009-08-27 1557800]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService*****" [2011-05-26 800768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched*****" [2012-01-18 254696]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper*****" [2011-10-27 192816]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings*****" [2012-03-05 934752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw***** [2010-03-18 130384]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate***** [2011-09-12 136176]
R2 HWDeviceService*****;HWDeviceService*****;c:\progr amdata\DatacardService\HWDeviceService***** [2010-11-16 264704]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc***** [2011-07-07 195336]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate***** [2011-09-12 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost***** [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched***** [2011-08-07 136360]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater***** [2012-03-05 748440]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort***** [2011-06-15 249648]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DR IVERS\ew_jucdcacm.sys [2011-01-30 90112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\sys tem32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2010-10-05 113632]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-754999048-1050224656-1296450024-1000Core.job
- c:\users\Gabriel\AppData\Local\Facebook\Update\Fac ebookUpdate***** [2012-03-25 14:07]
.
2012-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-754999048-1050224656-1296450024-1000UA.job
- c:\users\Gabriel\AppData\Local\Facebook\Update\Fac ebookUpdate***** [2012-03-25 14:07]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate***** [2011-10-05 03:28]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate***** [2011-10-05 03:28]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-754999048-1050224656-1296450024-1000Core.job
- c:\users\Gabriel\AppData\Local\Google\Update\Googl eUpdate***** [2011-08-06 20:07]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-754999048-1050224656-1296450024-1000UA.job
- c:\users\Gabriel\AppData\Local\Google\Update\Googl eUpdate***** [2011-08-06 20:07]
.
2012-04-01 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro***** [2012-02-22 16:14]
.
2012-02-22 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro***** [2012-02-22 16:14]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://home.speedbit.com/?aff=115
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL*****/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\P rofiles\6ipkt301.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.BabylonToolbar_i.id - 2a6ec011000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 2a6ec011000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQpsf9L2m&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2a6ec011000000000000000000000000
FF - user.js: extensions.incredibar_i.hardId - 2a6ec011000000000000000000000000
FF - user.js: extensions.incredibar_i.instlDay - 15395
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.274:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.upn2 - 6PQpsf9L2m
FF - user.js: extensions.incredibar_i.upn2n - 92542434503513526
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.did - 10604
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall *****
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\A kamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-754999048-1050224656-1296450024-1000_Classes\CLSID\{2e75c003-bd5b-4b7e-be27-cb51412a1f03}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000112
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-754999048-1050224656-1296450024-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,99,35,3b,f9,dd,9d,95,7f,81,70,f 5,e1,60,ae,dd,ae,13,73,60,ae,
a1,20,ac,4d,04,c4,0a,2a,e5,28,3b,e8,39,16,51,71,a8 ,c1,df,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-04-02 18:50:59
ComboFix-quarantined-files.txt 2012-04-02 21:50
.
Pré-execução: 168.917.229.568 bytes disponíveis
Pós execução: 169.368.633.344 bytes disponíveis
.
- - End Of File - - 805482B28C81CFD26355375AC9AB6D5A
olha ai tbm se ta tudo certo!!!
e olha depois disso tudo que fiz oque faço com a o combofix? eu abro ele?
e ele ta instalado no meu pc? omg ajuda ai plx '',''
ComboFix 12-04-03.02 - henrique 03/04/2012 16:27:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2038.888 [GMT -3:00]
Executando de: c:\users\henrique\Desktop\ComboFix*****
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\windows\isRS-000.tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-03 to 2012-04-03 ))))))))))))))))))))))))))))
.
.
2012-04-03 19:33 . 2012-04-03 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 18:58 . 2012-04-03 18:58 -------- d-----w- c:\program files\FastStone Photo Resizer
2012-04-02 21:11 . 2012-04-03 18:50 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-02 15:09 . 2012-04-03 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-02 15:09 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 08:10 . 2012-04-02 08:10 -------- d-----w- c:\program files\Ignis Bot
2012-04-01 05:43 . 2012-04-01 05:43 -------- d-----w- C:\$AVG
2012-03-27 22:59 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-27 22:59 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-27 22:59 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-27 22:59 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost*****
2012-03-27 22:59 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-26 15:32 . 2012-03-26 15:32 -------- d-----w- c:\program files\Ventrilo
2012-03-19 01:23 . 2012-03-19 01:23 -------- d-----w- c:\program files\DsNET Corp
2012-03-17 06:46 . 2012-03-17 06:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-15 23:31 . 2012-03-15 23:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-15 12:54 . 2009-09-23 14:50 398336 ----a-w- c:\windows\system32\TVWizudlg*****
2012-03-15 12:54 . 2009-09-23 14:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2012-03-15 12:54 . 2012-03-15 12:54 -------- d-----w- c:\windows\system32\Lang
2012-03-15 12:54 . 2012-03-15 12:54 -------- d-----w- c:\program files\Intel
2012-03-15 09:52 . 2012-03-15 09:52 -------- d-----w- c:\windows\system32\x64
2012-03-15 09:52 . 2009-09-23 22:30 1002008 ----a-w- c:\windows\system32\igxpun*****
2012-03-15 09:48 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-15 09:48 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 09:48 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 09:48 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-03-15 09:48 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 09:48 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 09:48 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst*****
2012-03-15 09:48 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-03-15 06:07 . 2012-03-15 06:07 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-15 06:07 . 2011-05-13 18:27 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-15 05:49 . 2012-03-15 05:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-15 05:32 . 2012-03-15 05:32 -------- d-----w- c:\windows\PCHEALTH
2012-03-15 05:30 . 2012-03-15 05:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-15 05:27 . 2012-03-15 06:15 -------- d-----w- c:\program files\Windows Live
2012-03-15 05:26 . 2012-03-15 05:26 -------- d-----w- c:\program files\Microsoft
2012-03-15 05:24 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 05:24 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-03-15 05:24 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-03-15 05:24 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-03-15 05:23 . 2012-03-15 05:23 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-15 05:21 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-03-15 05:21 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-03-15 05:20 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-15 05:20 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2012-03-15 05:20 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-15 05:19 . 2012-03-15 05:19 -------- d-----w- c:\program files\Common Files\Windows Live
2012-03-15 05:05 . 2012-03-17 03:15 -------- d-----w- c:\program files\AVG Secure Search
2012-03-15 04:48 . 2012-04-03 17:27 -------- d-----w- c:\program files\Tibia
2012-03-15 03:56 . 2012-03-22 00:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-15 03:55 . 2012-03-15 03:55 -------- d-----w- c:\windows\system32\Macromed
2012-03-15 03:28 . 2012-03-17 03:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-15 03:28 . 2012-03-15 03:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-03-15 03:28 . 2012-03-15 03:28 -------- d--h--w- c:\programdata\Common Files
2012-03-15 03:27 . 2012-04-03 14:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-15 03:27 . 2012-03-15 03:35 -------- d-----w- c:\programdata\AVG2012
2012-03-15 03:27 . 2012-03-15 03:27 -------- d-----w- c:\program files\AVG
2012-03-15 03:17 . 2012-03-01 17:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{368703E1-E1A1-4062-A6E5-B92A46C4E2E7}\mpengine.dll
2012-03-15 03:17 . 2012-02-23 13:18 237072 ------w- c:\windows\system32\MpSigStub*****
2012-03-15 03:02 . 2012-04-03 15:37 -------- d-sh--w- c:\windows\Installer
2012-03-15 03:02 . 2012-04-03 14:55 -------- d-----w- c:\programdata\MFAData
2012-03-15 00:53 . 2012-04-03 17:54 -------- d-----w- c:\windows\system32\wbem\Performance
2012-03-15 00:44 . 2012-03-15 00:51 -------- d-----w- c:\windows\Panther
2012-03-15 00:44 . 2012-03-15 00:44 -------- d-----w- C:\Boot
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-15 05:28 . 2011-03-28 21:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2012-03-13 04:38 . 2012-03-15 03:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-17 03:15 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray*****" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot*****" [2012-03-17 982880]
"IgfxTray"="c:\windows\system32\igfxtray*****" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd*****" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers*** **" [2009-09-23 150552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui*****" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx***** /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw***** [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc***** [2011-04-01 183560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc***** [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent***** [2011-10-12 4433248]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2012\avgwdsvc***** [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice***** [2012-01-13 652360]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\pro gram files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater***** [2012-03-17 918880]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ AVGIDSShim.Sys [2011-10-04 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-12-10 20464]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://br.ask.com/?l=dis&o=15383
TCP: DhcpNameServer = 10.0.0.253
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\henrique\AppData\Roaming\Mozilla\Firefox\ Profiles\gzl7bdhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-80639591-2760752691-2457315551-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-80639591-2760752691-2457315551-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-04-03 16:55:45
ComboFix-quarantined-files.txt 2012-04-03 19:55
.
Pré-execução: 295.169.003.520 bytes disponíveis
Pós execução: 295.393.406.976 bytes disponíveis
.
- - End Of File - - 99E3CB06EA68C0866D2A2C4C8003538D
Aqui foi muito bem vindo.
Ótimo! Achei muita coisa nele. hihi
O avast! realmente não deu conta...
Parabéns, muito bem explicado, facinho, facinho =P
Aproveitando que o tópico já foi revidido. :assovia:
Então, eu tenho o Norton Security Scan no meu PC, e acho ele muito bom. Esses dias eu fui comparar ele com o Avast! (Sim, eu tenho os dois na máquina) e vi que com o Norton detecta muito mais erros. Enfim.
Baixarei o MBAM daqui a alguns minutos e farei tudo certinho, só estou receoso quanto ao Combofix. Li os comentários do Louco Brutal e do HiJackThis e fiquei preocupado. Meu Windows é o 7 - 64 bits - e quando li sobre o erro, fiquei realmente preocupado, mas quero ter minha máquina livre de arquivos mal-intencionados.
Como proceder agora?
ComboFix 12-05-04.03 - Ultimate 04/05/2012 18:50:48.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.8190.6194 [GMT -3:00]
Executando de: c:\users\Ultimate\Desktop\ComboFix*****
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\users\Ultimate\AppData\Roaming\Desktopicon
c:\users\Ultimate\AppData\Roaming\Desktopicon\eBay .ico
c:\users\Ultimate\AppData\Roaming\Desktopicon\unin st*****
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-04 to 2012-05-04 ))))))))))))))))))))))))))))
.
.
2012-05-04 21:56 . 2012-05-04 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 21:35 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C9F0255-DD80-466C-B90A-E7711974EE12}\mpengine.dll
2012-05-01 02:31 . 2012-05-01 02:31 -------- d-----w- c:\program files (x86)\Gabest
2012-05-01 00:13 . 2012-05-01 00:13 -------- d-----w- c:\users\Ultimate\AppData\Roaming\Malwarebytes
2012-05-01 00:12 . 2012-05-01 00:12 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 00:12 . 2012-05-01 00:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 00:12 . 2012-04-04 18:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 00:28 . 2012-04-29 00:28 -------- d-----w- c:\program files (x86)\AP Tuner
2012-04-29 00:08 . 2012-04-29 00:08 -------- d-----w- c:\program files (x86)\Digital Guitar Tuner 2.3
2012-04-11 01:55 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl*****
2012-04-11 01:55 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa*****
2012-04-11 01:55 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl*****
2012-04-11 01:50 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 01:50 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 01:50 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 01:50 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 01:50 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 01:50 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 01:50 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-23 13:18 . 2011-08-24 10:12 279656 ------w- c:\windows\system32\MpSigStub*****
2012-02-17 06:38 . 2012-03-14 12:00 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 12:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 12:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 12:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 12:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 15:09 . 2012-02-14 15:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 12:07 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 12:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-06 23:35 . 2012-02-06 23:35 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype*****" [2009-02-02 23975720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar*****" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite*****" [2011-08-02 4910912]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite*****" [2011-08-04 966712]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent*****" [2011-08-25 639864]
"ares"="c:\program files (x86)\Ares\Ares*****" [2010-10-27 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl*****" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM*****" [2010-11-16 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI*****" [2011-11-28 3744552]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched*****" [2011-08-24 273528]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant*****" [2010-03-09 15872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync*****" [2010-03-13 91520]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv*****" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language*****" [2007-12-14 50472]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier*****" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask*****" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper*****" [2011-08-19 421736]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent*****" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched*****" [2011-04-08 254696]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt*****" [2008-07-22 77824]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2*****" [2009-11-18 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI*****\Core-Static\CLIStart*****" [2011-12-06 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08***** [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw***** [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw***** [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate***** [2011-08-24 136176]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI*****\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\ DrvAgent64.SYS [2012-02-06 21712]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate***** [2011-08-24 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE***** [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC*** ** [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc***** [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\aced rv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx***** [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI*****\Fuel\Fuel.Service***** [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI*****\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc***** [2010-03-25 490280]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate***** [2011-08-24 12:02]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate***** [2011-08-24 12:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat*****" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.jdownloader.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos*****/200
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL*****/3000
TCP: DhcpNameServer = 189.4.64.83 189.4.64.88 192.168.0.1
FF - ProfilePath - c:\users\Ultimate\AppData\Roaming\Mozilla\Firefox\ Profiles\y0rm6lu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-eBay Icon - c:\users\Ultimate\AppData\Roaming\Desktopicon\unin st*****
AddRemove-Network Addon Mod - d:\documentos\SimCity 4\Plugins\Network Addon Mod\uninst*****
AddRemove-Network Widening Mod - d:\documentos\SimCity 4\Plugins\Network Addon Mod\Network Widening Mod\uninst*****
AddRemove-RealHighway Mod - d:\documentos\SimCity 4\Plugins\Network Addon Mod\Real Highway Mod\uninst*****
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1206671620-3733117359-1805512461-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="d:\\Documentos\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="d:\\Documentos\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="d:\\Documentos\\Sports Interactive\\Football Manager 2011"
"SaveDir"="d:\\Documentos\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="d:\\Documentos\\Sports Interactive\\Football Manager 2011\\games\\carreira.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f6b
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="84-F9B5-2113"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000007
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000002
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000007
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000003
"TopFormationFeatureNum"=dword:00000001
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1206671620-3733117359-1805512461-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\FM Genie Scout 12\\games"
"ShortlistDir"="c:\\FM Genie Scout 12\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\FM Genie Scout 12"
"SaveDir"="c:\\FM Genie Scout 12\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"="d:\\Documentos\\Sports Interactive\\Football Manager 2012\\games\\real.fm"
"Language"="Portuguese"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fed
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000ca
"UniqueID"="84-F9B5-2113"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000008
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000009
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000009
"GameLoadedCounter"=dword:00000011
.
[HKEY_USERS\S-1-5-21-1206671620-3733117359-1805512461-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10c*****,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUt il10c*****"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc*****
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService*****
c:\program files (x86)\Bonjour\mDNSResponder*****
.
************************************************** ************************
.
Tempo para conclusão: 2012-05-04 19:02:44 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-05-04 22:02
.
Pré-execução: 17.041.915.904 bytes disponíveis
Pós execução: 16.578.637.824 bytes disponíveis
.
- - End Of File - - 2273E7C54994740D778381633310E380
caraio, deixei fazendo e fui na academia e porra, levei um cagaço, pc reiniciado, com o log e nenhum programa abria :'(, agora ta susa, eu acho