API tools faq
paste
Advertisement
Guest User

combofix

a guest
Mar 24th, 2012
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.61 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-03-22.01 - AVERTCOM 24/03/2012 21:22:00.2.2 - x86
  2. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.2047.1141 [GMT -3:00]
  3. Executando de: c:\users\AVERTCOM\Desktop\ComboFix.exe
  4. AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
  5. FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
  6. SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
  7. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9. .
  10. ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. C:\CFLog
  14. c:\cflog\CrashLog_20120310.txt
  15. c:\cflog\CrashLog_20120314.txt
  16. c:\cflog\CrashLog_20120316.txt
  17. c:\cflog\CrashLog_20120317.txt
  18. c:\cflog\CrashLog_20120322.txt
  19. c:\windows\security\Database\tmp.edb
  20. .
  21. .
  22. (((((((((((((((( Arquivos/Ficheiros criados de 2012-02-25 to 2012-03-25 ))))))))))))))))))))))))))))
  23. .
  24. .
  25. 2012-03-25 00:28 . 2012-03-25 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
  26. 2012-03-24 12:39 . 2012-03-24 12:39 14664 ----a-w- c:\windows\stinger.sys
  27. 2012-03-24 12:38 . 2012-03-24 12:51 -------- d-----w- c:\program files\stinger
  28. 2012-03-24 12:20 . 2012-03-24 12:20 -------- d-----w- c:\program files\Sophos
  29. 2012-03-24 08:53 . 2012-03-24 08:53 -------- d-----w- c:\program files\HitmanPro
  30. 2012-03-24 08:53 . 2012-03-24 08:54 -------- d-----w- c:\programdata\HitmanPro
  31. 2012-03-23 09:02 . 2012-03-23 09:02 -------- d-----w- c:\programdata\Martau
  32. 2012-03-23 09:02 . 2012-03-23 09:02 -------- d-----w- c:\program files\Total Uninstall 5
  33. 2012-03-23 06:59 . 2012-03-23 06:59 -------- d-----w- c:\program files\Universal Extractor
  34. 2012-03-22 18:34 . 2012-03-22 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
  35. 2012-03-22 02:07 . 2012-03-22 02:07 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Apps
  36. 2012-03-21 07:03 . 2012-03-21 07:03 -------- d-----w- c:\program files\Common Files\Adobe
  37. 2012-03-21 07:03 . 2012-03-21 07:03 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Adobe
  38. 2012-03-21 06:33 . 2012-03-21 06:33 -------- d-----w- c:\program files\Foxit Software
  39. 2012-03-21 06:10 . 2012-03-21 06:10 -------- d-----w- c:\program files\Emsisoft HiJackFree
  40. 2012-03-21 04:58 . 2012-03-21 04:58 20995 ----a-w- c:\windows\cscmondump.bin
  41. 2012-03-20 07:36 . 2012-03-20 07:36 -------- d-----w- C:\CCE_Quarantine
  42. 2012-03-20 06:39 . 2012-03-21 06:03 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Process Hacker 2
  43. 2012-03-20 06:35 . 2012-03-20 06:35 -------- d-----w- c:\program files\Process Hacker 2
  44. 2012-03-20 01:43 . 2012-03-20 01:43 -------- d-----w- c:\programdata\Protexis
  45. 2012-03-20 01:43 . 2012-03-20 01:43 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Corel
  46. 2012-03-20 01:36 . 2012-03-23 09:27 -------- d-----w- c:\programdata\Corel
  47. 2012-03-20 00:51 . 2012-03-20 00:51 -------- d-----r- C:\Sandbox
  48. 2012-03-18 21:37 . 2012-03-24 02:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware
  49. 2012-03-18 19:46 . 2012-03-18 20:24 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Apple Computer
  50. 2012-03-18 19:46 . 2012-03-18 20:07 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Apple Computer
  51. 2012-03-18 19:45 . 2012-03-18 19:45 -------- d-----w- c:\programdata\Apple Computer
  52. 2012-03-18 19:45 . 2012-03-18 19:45 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Apple
  53. 2012-03-18 19:45 . 2012-03-18 19:45 -------- d-----w- c:\programdata\Apple
  54. 2012-03-17 10:03 . 2012-03-17 10:56 -------- d-----w- c:\programdata\AVAST Software
  55. 2012-03-17 03:46 . 2012-03-17 03:57 -------- d-----w- c:\users\AVERTCOM\AppData\Local\WinAVI
  56. 2012-03-17 03:46 . 2012-03-17 03:46 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\WinAVI
  57. 2012-03-17 03:32 . 2012-03-17 03:32 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Ashampoo
  58. 2012-03-17 03:32 . 2012-03-17 03:32 -------- d-----w- c:\users\AVERTCOM\AppData\Local\ashampoo
  59. 2012-03-17 02:17 . 2012-03-24 07:08 -------- d-----w- c:\users\UpdatusUser
  60. 2012-03-17 02:15 . 2012-03-24 18:53 -------- d-----w- c:\programdata\NVIDIA
  61. 2012-03-17 02:15 . 2012-02-29 20:53 645440 ----a-w- c:\windows\system32\nvvsvc.exe
  62. 2012-03-17 02:15 . 2012-02-29 20:53 62272 ----a-w- c:\windows\system32\nvshext.dll
  63. 2012-03-17 02:15 . 2012-02-29 20:53 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
  64. 2012-03-17 02:15 . 2012-02-29 20:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
  65. 2012-03-17 02:15 . 2012-02-29 20:55 2719040 ----a-w- c:\windows\system32\nvsvc.dll
  66. 2012-03-17 02:15 . 2012-02-29 20:53 108352 ----a-w- c:\windows\system32\nvmctray.dll
  67. 2012-03-17 02:14 . 2012-03-17 02:14 -------- d-----w- c:\programdata\NVIDIA Corporation
  68. 2012-03-16 11:08 . 2012-02-08 01:13 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
  69. 2012-03-15 08:31 . 2012-03-23 19:49 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\AIMP3
  70. 2012-03-15 08:31 . 2012-03-15 08:31 -------- d-----w- c:\program files\AIMP3
  71. 2012-03-15 06:37 . 2012-03-20 01:49 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Comodo
  72. 2012-03-15 03:29 . 2011-12-19 17:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
  73. 2012-03-15 03:29 . 2011-12-19 17:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
  74. 2012-03-14 23:37 . 2011-03-31 11:36 204384 ----a-w- c:\windows\system32\drivers\diskpt.sys
  75. 2012-03-14 23:37 . 2012-03-14 23:37 -------- d-----w- c:\program files\Shadow Defender
  76. 2012-03-14 03:53 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
  77. 2012-03-14 03:53 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
  78. 2012-03-14 03:29 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
  79. 2012-03-14 03:06 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
  80. 2012-03-14 02:27 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
  81. 2012-03-14 02:27 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
  82. 2012-03-14 02:27 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
  83. 2012-03-14 02:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
  84. 2012-03-14 02:27 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
  85. 2012-03-14 02:27 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
  86. 2012-03-13 04:32 . 2012-03-13 04:49 -------- d-----w- c:\programdata\Comodo
  87. 2012-03-13 04:32 . 2012-03-21 04:57 -------- d-----w- c:\program files\COMODO
  88. 2012-03-11 13:49 . 2012-03-11 13:49 -------- d-----w- c:\program files\eRightSoft
  89. 2012-03-09 03:40 . 2012-03-21 03:25 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\XnView
  90. 2012-03-09 03:38 . 2012-03-10 22:57 -------- d-----w- c:\program files\XnView
  91. 2012-03-08 05:50 . 2012-03-14 23:56 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Shadow Defender
  92. 2012-03-07 02:44 . 2012-03-18 20:45 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Opera
  93. 2012-03-07 02:04 . 2012-03-07 02:04 -------- d-----w- c:\program files\PowerISO
  94. 2012-03-06 20:53 . 2012-03-06 20:53 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\HyperCam
  95. 2012-03-06 20:34 . 2012-03-06 20:34 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Solveig Multimedia
  96. 2012-03-06 20:29 . 2012-03-06 20:29 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
  97. 2012-03-06 20:29 . 2012-03-06 20:31 -------- d-----w- c:\program files\HyperCam 3
  98. 2012-03-06 17:41 . 2012-03-06 17:58 -------- d-----w- C:\Fraps
  99. 2012-03-06 08:32 . 2012-03-06 08:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  100. 2012-03-06 06:05 . 2012-03-06 06:05 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\AnvSoft
  101. 2012-03-06 05:11 . 2012-03-06 05:11 -------- d-----w- c:\program files\FreeTime
  102. 2012-03-04 05:56 . 2012-03-18 08:08 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\NVIDIA
  103. 2012-03-04 05:55 . 2012-03-15 06:15 -------- dc----w- c:\windows\system32\DRVSTORE
  104. 2012-03-03 12:07 . 2012-03-03 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  105. 2012-03-03 12:07 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
  106. 2012-03-03 08:48 . 2012-03-03 09:06 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\DVDVideoSoft
  107. 2012-03-03 07:39 . 2012-03-22 07:55 -------- d-----w- C:\VritualRoot
  108. 2012-03-01 23:33 . 2012-03-01 23:33 -------- d-----w- c:\programdata\ashampoo
  109. 2012-03-01 08:53 . 2012-03-24 02:05 -------- d-----w- c:\program files\JDownloader
  110. 2012-03-01 08:40 . 2012-03-01 08:42 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Mipony
  111. 2012-02-29 16:26 . 2012-02-29 16:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
  112. 2012-02-28 09:41 . 2012-02-28 09:41 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\Auslogics
  113. 2012-02-27 23:12 . 2012-02-27 23:12 -------- d-----w- c:\users\AVERTCOM\AppData\Local\TechSmith
  114. 2012-02-27 23:11 . 2012-02-27 23:11 -------- d-----w- c:\windows\system32\QuickTime
  115. 2012-02-27 23:10 . 2012-02-27 23:10 -------- d-----w- c:\program files\QuickTime
  116. 2012-02-27 23:10 . 2012-02-27 23:10 -------- d-----w- c:\program files\Common Files\TechSmith Shared
  117. 2012-02-27 23:10 . 2012-02-27 23:10 -------- d-----w- c:\programdata\TechSmith
  118. 2012-02-27 23:10 . 2012-02-27 23:10 -------- d-----w- c:\program files\TechSmith
  119. 2012-02-27 20:37 . 2012-02-27 20:37 -------- d-----w- c:\users\AVERTCOM\AppData\Local\Audiggle_LTD
  120. 2012-02-27 19:51 . 2012-02-27 19:51 -------- d-----w- c:\users\AVERTCOM\AppData\Local\ElevatedDiagnostics
  121. 2012-02-26 18:07 . 2012-03-24 06:38 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\DMCache
  122. 2012-02-26 18:07 . 2012-03-15 01:51 -------- d-----w- c:\users\AVERTCOM\AppData\Roaming\IDM
  123. 2012-02-26 18:06 . 2012-03-17 09:58 -------- d-----w- c:\program files\Internet Download Manager
  124. 2012-02-26 17:21 . 2012-02-26 17:21 -------- d-----w- c:\programdata\DivX
  125. 2012-02-26 16:27 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D581C363-7ADC-4C5C-B379-B70BE092623D}\mpengine.dll
  126. .
  127. .
  128. .
  129. ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
  130. .
  131. 2012-03-11 21:13 . 2011-12-19 21:59 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
  132. 2012-03-11 21:13 . 2012-01-18 00:00 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
  133. 2012-03-11 21:13 . 2011-12-19 21:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
  134. 2012-03-11 21:13 . 2011-12-19 21:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
  135. 2012-03-11 21:13 . 2011-12-19 21:58 301224 ----a-w- c:\windows\system32\guard32.dll
  136. 2012-02-23 17:24 . 2012-02-21 13:01 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
  137. 2012-02-18 18:44 . 2012-02-18 18:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
  138. 2012-02-18 18:44 . 2012-02-18 18:44 1060864 ----a-w- c:\windows\system32\mfc71.dll
  139. 2012-02-16 10:25 . 2012-02-16 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
  140. 2012-02-16 10:25 . 2012-02-16 10:25 161792 ----a-w- c:\windows\system32\msls31.dll
  141. 2012-02-16 10:25 . 2012-02-16 10:25 1127424 ----a-w- c:\windows\system32\wininet.dll
  142. 2012-02-16 10:24 . 2012-02-16 10:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
  143. 2012-02-16 10:24 . 2012-02-16 10:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
  144. 2012-02-16 10:24 . 2012-02-16 10:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
  145. 2012-02-16 10:24 . 2012-02-16 10:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
  146. 2012-02-16 10:24 . 2012-02-16 10:24 63488 ----a-w- c:\windows\system32\tdc.ocx
  147. 2012-02-16 10:24 . 2012-02-16 10:24 367104 ----a-w- c:\windows\system32\html.iec
  148. 2012-02-16 10:24 . 2012-02-16 10:24 74752 ----a-w- c:\windows\system32\iesetup.dll
  149. 2012-02-16 10:24 . 2012-02-16 10:24 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
  150. 2012-02-16 10:24 . 2012-02-16 10:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
  151. 2012-02-16 10:24 . 2012-02-16 10:24 152064 ----a-w- c:\windows\system32\wextract.exe
  152. 2012-02-16 10:24 . 2012-02-16 10:24 150528 ----a-w- c:\windows\system32\iexpress.exe
  153. 2012-02-16 10:24 . 2012-02-16 10:24 420864 ----a-w- c:\windows\system32\vbscript.dll
  154. 2012-02-16 10:24 . 2012-02-16 10:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
  155. 2012-02-16 10:24 . 2012-02-16 10:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
  156. 2012-02-16 10:24 . 2012-02-16 10:24 11776 ----a-w- c:\windows\system32\mshta.exe
  157. 2012-02-16 10:24 . 2012-02-16 10:24 101888 ----a-w- c:\windows\system32\admparse.dll
  158. 2012-02-16 10:24 . 2012-02-16 10:24 35840 ----a-w- c:\windows\system32\imgutil.dll
  159. 2012-02-16 10:24 . 2012-02-16 10:24 1798656 ----a-w- c:\windows\system32\jscript9.dll
  160. 2012-02-16 03:22 . 2012-02-14 05:04 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
  161. 2012-02-16 03:22 . 2012-02-14 05:04 567696 ----a-w- c:\windows\system32\deployJava1.dll
  162. 2012-02-15 04:26 . 2011-03-28 20:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
  163. 2012-02-09 06:06 . 2012-02-09 06:06 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys
  164. 2012-02-03 22:27 . 2012-02-03 22:27 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
  165. 2012-01-29 08:10 . 2012-02-20 00:38 237072 ------w- c:\windows\system32\MpSigStub.exe
  166. 2012-01-18 15:41 . 2012-01-18 15:41 252016 ----a-w- c:\windows\system32\vmnc.dll
  167. 2012-01-04 08:58 . 2012-02-16 06:39 442880 ----a-w- c:\windows\system32\ntshrui.dll
  168. 2011-12-30 05:27 . 2012-02-16 06:42 478720 ----a-w- c:\windows\system32\timedate.cpl
  169. 2011-12-27 02:25 . 2011-12-27 02:25 114488 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
  170. 2012-03-13 04:38 . 2012-03-23 01:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  171. .
  172. .
  173. (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
  174. .
  175. .
  176. *Nota* entradas vazias e legítimas por padrão não são apresentadas.
  177. REGEDIT4
  178. .
  179. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
  180. @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
  181. [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
  182. 2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
  183. .
  184. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  185. "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
  186. "KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2012-03-08 432952]
  187. "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
  188. "Shadow Defender Daemon"="c:\program files\Shadow Defender\DefenderDaemon.exe" [2011-02-21 253483]
  189. .
  190. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  191. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  192. "ConsentPromptBehaviorUser"= 3 (0x3)
  193. "EnableLUA"= 0 (0x0)
  194. "EnableUIADesktopToggle"= 0 (0x0)
  195. "PromptOnSecureDesktop"= 0 (0x0)
  196. .
  197. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  198. "AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
  199. .
  200. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  201. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  202. .
  203. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
  204. 2012-03-06 21:39 574296 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
  205. .
  206. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
  207. 2009-02-26 20:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
  208. .
  209. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
  210. 2011-10-17 14:13 11430504 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
  211. .
  212. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  213. 2012-01-17 13:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
  214. .
  215. R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
  216. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  217. R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
  218. R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
  219. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  220. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
  221. R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
  222. R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
  223. R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1343400]
  224. R3 XDva392;XDva392; [x]
  225. R3 XDva393;XDva393; [x]
  226. S0 diskpt;diskpt;c:\windows\SYSTEM32\drivers\diskpt.sys [2011-03-31 204384]
  227. S0 fyfore;fyfore; [x]
  228. S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
  229. S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 19600]
  230. S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
  231. S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
  232. S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
  233. S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
  234. S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2012-03-12 407288]
  235. S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
  236. S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
  237. S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
  238. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
  239. S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 173880]
  240. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
  241. S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
  242. S3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
  243. S4 KProcessHacker2;KProcessHacker2;c:\program files\Process Hacker 2\kprocesshacker.sys [2011-08-25 33352]
  244. .
  245. .
  246. --- =Outros Serviços/Drivers Na Memória ---
  247. .
  248. *NewlyCreated* - 17554097
  249. *NewlyCreated* - FYFORE
  250. *Deregistered* - 17554097
  251. *Deregistered* - nsak_717F6CD4
  252. .
  253. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  254. LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
  255. .
  256. .
  257. ------- Scan Suplementar -------
  258. .
  259. uStart Page = hxxp://www.google.com.br/
  260. IE: Baixar com Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
  261. IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  262. IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm
  263. IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm
  264. IE: Free YouTube Download - c:\users\AVERTCOM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
  265. TCP: DhcpNameServer = 10.1.1.1
  266. FF - ProfilePath - c:\users\AVERTCOM\AppData\Roaming\Mozilla\Firefox\Profiles\mu32zzqz.default\
  267. FF - prefs.js: browser.startup.homepage - www.google.com.br
  268. FF - prefs.js: network.proxy.type - 0
  269. .
  270. .
  271. --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
  272. .
  273. [HKEY_USERS\S-1-5-21-3635735338-2964006992-2461654254-1000\Software\Foxit Software\Foxit PhantomPDF 5.0\Preferences\History\LastOpen\2\Panels]
  274. @DACL=(02 0000)
  275. "BottomHeight"=dword:00000000
  276. "LeftWidth"=dword:00000000
  277. .
  278. [HKEY_USERS\S-1-5-21-3635735338-2964006992-2461654254-1000\Software\Foxit Software\Foxit PhantomPDF 5.0\Preferences\History\LastOpen\3\Panels]
  279. @DACL=(02 0000)
  280. "BottomHeight"=dword:00000000
  281. "LeftWidth"=dword:00000000
  282. .
  283. [HKEY_USERS\S-1-5-21-3635735338-2964006992-2461654254-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2643102368\GroupState]
  284. @DACL=(02 0000)
  285. ".ListView"=dword:00000002
  286. .
  287. [HKEY_USERS\S-1-5-21-3635735338-2964006992-2461654254-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2643102368\SoundEvents]
  288. @DACL=(02 0000)
  289. .
  290. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\244F2594A1C5BE83C8321BE8EF772EC0\SourceList\Media]
  291. @DACL=(02 0000)
  292. "102"=";"
  293. .
  294. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\4A3FC9E53BDA08038AFB79A682437085\SourceList\Media]
  295. @DACL=(02 0000)
  296. "100"=";"
  297. .
  298. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7D9BBE18C3713E234B7741C9D80E574E\SourceList\Media]
  299. @DACL=(02 0000)
  300. "100"=";"
  301. .
  302. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\93BE2EC28C544D23A89955923CF8B199\SourceList\Media]
  303. @DACL=(02 0000)
  304. "100"=";"
  305. .
  306. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\DDED13BD59FB7E139A7B450865C1FE3F\SourceList\Media]
  307. @DACL=(02 0000)
  308. "103"=";"
  309. .
  310. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\E7CFEDD816C011D3FA6C45412FADDF10\SourceList\Media]
  311. @DACL=(02 0000)
  312. "102"=";"
  313. .
  314. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ABBA98267B7B3547A5F9F1F43352DA9\SourceList\Media]
  315. @DACL=(02 0000)
  316. "MediaPackage"="\\drivers geforce-atualizações-crossfire-keys\\"
  317. "1"="ACTIVE BOOT;"
  318. .
  319. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5C1093C35543A0E32A41B090A305076A\SourceList\Media]
  320. @DACL=(02 0000)
  321. "1"=";1"
  322. .
  323. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]
  324. @DACL=(02 0000)
  325. "DiskPrompt"="[1]"
  326. "1"=";1"
  327. .
  328. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75751A024EA428C3791168C348FA6EAA\SourceList\Media]
  329. @DACL=(02 0000)
  330. "1"=";1"
  331. .
  332. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
  333. @DACL=(02 0000)
  334. "DiskPrompt"="[1]"
  335. "1"=";1"
  336. .
  337. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  338. @Denied: (Full) (Everyone)
  339. .
  340. --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
  341. .
  342. - - - - - - - > 'winlogon.exe'(760)
  343. c:\windows\System32\guard32.dll
  344. .
  345. - - - - - - - > 'lsass.exe'(704)
  346. c:\windows\system32\guard32.dll
  347. .
  348. - - - - - - - > 'Explorer.exe'(2872)
  349. c:\windows\system32\guard32.dll
  350. .
  351. Tempo para conclusão: 2012-03-24 21:31:35
  352. ComboFix-quarantined-files.txt 2012-03-25 00:31
  353. ComboFix2.txt 2012-03-07 07:52
  354. .
  355. Pré-execução: 33.770.717.184 bytes disponíveis
  356. Pós execução: 33.974.312.960 bytes disponíveis
  357. .
  358. - - End Of File - - 646D0B4B8C8FE7EC48D33D2D76058B54
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!