Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 12-03-22.01 - Gean 23/03/2012 16:33:16.2.4 - x64
- Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6056.3911 [GMT -3:00]
- Executando de: d:\gean\Programas\Combo Fix\ComboFix.exe
- AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
- FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
- SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- .
- .
- (((((((((((((((( Arquivos/Ficheiros criados de 2012-02-23 to 2012-03-23 ))))))))))))))))))))))))))))
- .
- .
- 2012-03-23 19:40 . 2012-03-23 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2012-03-23 18:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65AC9B8F-4EA8-40E6-B45F-7CD7FE3C2B7B}\mpengine.dll
- 2012-03-23 15:00 . 2012-03-23 15:00 -------- d-----w- c:\program files (x86)\Common Files\Java
- 2012-03-23 15:00 . 2012-03-23 15:00 -------- d-----w- c:\program files (x86)\Java
- 2012-03-23 01:34 . 2012-03-23 01:34 -------- d-----w- c:\users\Gean\AppData\Local\Stardock
- 2012-03-23 00:42 . 2012-03-23 15:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
- 2012-03-23 00:42 . 2012-03-23 15:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
- 2012-03-23 00:27 . 2012-03-23 14:49 -------- d-----w- C:\preload
- 2012-03-22 20:40 . 2012-03-22 22:25 -------- d-----w- c:\users\Gean\AppData\Roaming\GlarySoft
- 2012-03-22 20:33 . 2012-03-22 20:33 -------- d-----w- c:\program files (x86)\Glary Utilities
- 2012-03-22 14:53 . 2012-03-22 14:53 -------- d-----w- c:\users\Gean\AppData\Roaming\Malwarebytes
- 2012-03-22 14:53 . 2012-03-22 14:53 -------- d-----w- c:\programdata\Malwarebytes
- 2012-03-22 14:09 . 2012-03-22 14:09 -------- d-----w- c:\users\Gean\AppData\Local\ElevatedDiagnostics
- 2012-03-22 12:07 . 2011-04-12 21:18 252712 ----a-w- c:\windows\ETDUninst.dll
- 2012-03-22 12:05 . 2012-03-13 04:38 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
- 2012-03-21 21:31 . 2010-11-20 13:25 390656 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\winlogon.exe
- 2012-03-21 21:31 . 2009-07-14 01:39 80384 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\winver.exe
- 2012-03-21 21:31 . 2009-07-14 01:14 79872 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\winver.exe
- 2012-03-21 21:31 . 2009-07-14 01:41 65536 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\sppuinotify.dll
- 2012-03-21 21:31 . 2010-11-20 13:25 349696 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\slui.exe
- 2012-03-21 21:31 . 2009-07-14 01:41 381952 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\sppcommdlg.dll
- 2012-03-21 21:31 . 2010-11-20 13:27 419840 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\systemcpl.dll
- 2012-03-21 21:30 . 2010-11-20 13:27 1008128 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\user32.dll
- 2012-03-21 21:30 . 2009-07-14 01:16 118784 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\sppwmi.dll
- 2012-03-21 21:30 . 2010-11-20 12:21 14336 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\slwga.dll
- 2012-03-21 21:30 . 2009-07-14 01:41 142336 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\sppwmi.dll
- 2012-03-21 21:30 . 2010-11-20 13:27 15360 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\slwga.dll
- 2012-03-21 21:30 . 2009-06-10 21:38 113629 ----a-w- c:\programdata\Microsoft\Windows\SXS\32\slmgr.vbs
- 2012-03-21 21:30 . 2009-06-10 20:59 113629 ----a-w- c:\programdata\Microsoft\Windows\SXS\64\slmgr.vbs
- 2012-03-21 21:29 . 2012-03-21 21:29 2169856 --sha-w- c:\windows\system32\hale.exe
- 2012-03-21 06:00 . 2012-03-21 06:00 -------- d-----w- c:\windows\SysWow64\Wat
- 2012-03-21 06:00 . 2012-03-21 06:00 -------- d-----w- c:\windows\system32\Wat
- 2012-03-20 19:54 . 2012-03-22 12:07 -------- d-----w- c:\windows\system32\appmgmt
- 2012-03-20 14:31 . 2012-03-20 14:31 -------- d-----w- c:\program files\Windows Journal
- 2012-03-20 14:31 . 2012-03-20 14:31 -------- d-----w- c:\windows\ehome
- 2012-03-20 14:31 . 2012-03-20 14:31 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
- 2012-03-20 14:31 . 2012-03-20 14:31 -------- d-----w- c:\windows\RemotePackages
- 2012-03-20 14:30 . 2012-03-23 00:25 -------- d-----r- c:\users\Public\Recorded TV
- 2012-03-20 14:30 . 2012-03-20 14:30 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
- 2012-03-18 04:05 . 2012-03-13 04:36 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
- 2012-03-18 04:05 . 2012-03-13 04:36 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
- 2012-03-16 22:38 . 2012-03-20 19:53 -------- d-----w- c:\program files (x86)\CounterStrikev47
- 2012-03-15 12:42 . 2012-03-15 12:42 -------- d-----w- c:\users\Gean\AppData\Local\bdch
- 2012-03-15 02:22 . 2012-03-15 02:22 -------- d-----w- c:\users\Gean\AppData\Roaming\YoudaGames
- 2012-03-15 00:33 . 2012-03-15 00:36 -------- d-----w- c:\program files\Common Files\Adobe
- 2012-03-14 23:08 . 2012-03-14 23:50 -------- d-----w- c:\program files (x86)\Counter-Strike
- 2012-03-14 14:42 . 2012-03-14 14:42 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
- 2012-03-14 14:41 . 2012-03-14 14:41 -------- d-----w- c:\windows\PCHEALTH
- 2012-03-14 14:41 . 2012-03-14 14:41 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
- 2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
- 2012-03-14 14:38 . 2012-03-14 14:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
- 2012-03-14 14:38 . 2012-03-20 14:31 -------- d-----w- c:\windows\SHELLNEW
- 2012-03-14 14:38 . 2012-03-14 14:38 -------- d-----r- C:\MSOCache
- 2012-03-14 00:58 . 2012-03-14 00:58 -------- d-----w- c:\windows\system32\Macromed
- 2012-03-14 00:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
- 2012-03-14 00:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
- 2012-03-14 00:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
- 2012-03-13 23:40 . 2012-03-13 23:40 -------- d-----w- c:\program files (x86)\Utherverse Digital Inc
- 2012-03-13 21:37 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
- 2012-03-13 21:37 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
- 2012-03-13 21:37 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
- 2012-03-13 21:33 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
- 2012-03-13 21:33 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
- 2012-03-13 21:33 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
- 2012-03-13 21:33 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
- 2012-03-13 21:33 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
- 2012-03-13 21:33 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
- 2012-03-13 21:33 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
- 2012-03-13 21:33 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
- 2012-03-11 00:46 . 2012-03-12 22:25 -------- d-----w- c:\users\Gean\AppData\Local\Google
- 2012-03-11 00:37 . 2012-03-11 00:39 -------- d-----w- c:\windows\SysWow64\Adobe
- 2012-03-07 11:43 . 2012-03-07 14:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
- 2012-03-07 11:19 . 2012-03-23 15:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
- 2012-03-07 11:18 . 2012-03-15 00:45 -------- d-----w- c:\users\Gean\AppData\Local\Adobe
- 2012-03-05 13:33 . 2012-03-05 13:33 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
- 2012-03-04 23:55 . 2012-03-08 13:41 -------- d-----w- c:\program files (x86)\VDownloader
- 2012-03-04 23:49 . 2012-03-04 23:50 -------- d-----w- C:\Downloads
- 2012-03-04 23:49 . 2012-03-04 23:49 -------- d-----w- c:\users\Gean\AppData\Roaming\ProgSense
- 2012-03-04 23:48 . 2012-03-04 23:52 -------- d-----w- c:\users\Gean\AppData\Roaming\Orbit
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\en
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\ar
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\es
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\fr
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\th
- 2012-03-02 15:34 . 2012-03-02 15:34 -------- d-----w- c:\windows\tr
- 2012-03-02 15:30 . 2012-03-02 15:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\57066c601ccf88901\MeshBetaRemover.exe
- 2012-03-01 22:06 . 2012-03-01 22:06 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
- 2012-03-01 11:46 . 2012-03-22 14:36 -------- d-----w- c:\users\Gean\AppData\Roaming\Media Player Classic
- 2012-03-01 11:34 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
- 2012-03-01 11:34 . 2011-12-18 23:22 4078592 ----a-w- c:\windows\SysWow64\x264vfw.dll
- 2012-03-01 11:34 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
- 2012-03-01 11:34 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
- 2012-03-01 11:34 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
- 2012-03-01 11:34 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
- 2012-03-01 11:34 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
- 2012-03-01 11:34 . 2006-04-02 13:47 630784 ----a-w- c:\windows\SysWow64\vp7vfw.dll
- 2012-03-01 11:34 . 2004-05-18 19:16 39936 ----a-w- c:\windows\SysWow64\huffyuv.dll
- 2012-03-01 11:34 . 2012-02-15 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
- 2012-03-01 11:34 . 2012-03-01 11:34 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
- 2012-02-29 21:24 . 2012-03-13 23:56 -------- d-----w- c:\users\Gean\AppData\Roaming\GarenaPlus
- 2012-02-29 21:24 . 2012-03-13 23:56 -------- d-----w- c:\programdata\GarenaMessenger
- 2012-02-29 21:09 . 2012-02-29 21:09 -------- d-----w- c:\program files (x86)\MSXML 4.0
- 2012-02-26 14:27 . 2012-02-26 14:27 -------- d-----w- c:\users\Gean\AppData\Roaming\Windows Live Writer
- 2012-02-26 14:27 . 2012-02-26 14:27 -------- d-----w- c:\users\Gean\AppData\Local\Windows Live Writer
- 2012-02-25 23:37 . 2012-02-25 23:37 -------- d-----w- c:\users\Gean\AppData\Roaming\FLEXnet
- 2012-02-25 22:57 . 2012-02-25 22:57 -------- d-----w- c:\users\Gean\AppData\Roaming\InstallShield
- 2012-02-25 22:56 . 2012-03-22 13:49 -------- d-----w- C:\ASUS.DAT
- 2012-02-25 22:53 . 2011-03-15 07:32 648808 ----a-w- c:\windows\system32\RtkApi64.dll
- 2012-02-25 22:53 . 2011-03-31 08:49 3048552 ----a-w- c:\windows\system32\RtkAPO64.dll
- 2012-02-25 22:53 . 2011-03-31 08:49 2392168 ----a-w- c:\windows\system32\RtPgEx64.dll
- 2012-02-25 22:53 . 2011-03-02 09:25 1242216 ----a-w- c:\windows\system32\RTCOM64.dll
- 2012-02-25 22:52 . 2011-04-06 07:33 2826984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
- 2012-02-25 22:52 . 2011-03-24 08:03 84584 ----a-w- c:\windows\system32\RCoInst64.dll
- 2012-02-25 22:52 . 2011-04-06 02:15 952320 ----a-w- c:\windows\system32\RCoRes64.dat
- 2012-02-25 22:51 . 2011-02-22 07:52 2075712 ----a-w- c:\windows\system32\FMAPO64.dll
- 2012-02-23 12:06 . 2012-02-23 13:09 -------- d-----w- c:\users\Gean\AppData\Roaming\PlayFirst
- 2012-02-23 12:06 . 2012-02-23 13:09 -------- d-----w- c:\programdata\PlayFirst
- 2012-02-23 11:55 . 2012-02-23 11:55 -------- d-----w- c:\users\Gean\AppData\Local\2DBoy
- 2012-02-23 11:55 . 2012-02-23 11:55 -------- d-----w- c:\programdata\2DBoy
- 2012-02-22 21:03 . 2012-02-23 11:38 -------- d-----w- c:\programdata\Oberon Media
- .
- .
- .
- ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2012-03-23 19:25 . 2012-02-06 14:28 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
- 2012-03-22 11:49 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
- 2012-03-22 11:49 . 2009-07-13 23:51 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
- 2012-03-22 11:47 . 2011-02-18 18:24 349696 ----a-w- c:\windows\system32\slui.exe
- 2012-03-21 21:31 . 2011-02-18 18:23 419840 ----a-w- c:\windows\system32\systemcpl.dll
- 2012-03-21 21:31 . 2011-02-18 18:23 1008128 ----a-w- c:\windows\system32\user32.dll
- 2012-03-21 21:30 . 2009-07-13 23:52 142336 ----a-w- c:\windows\system32\sppwmi.dll
- 2012-03-21 21:30 . 2011-02-18 18:23 15360 ----a-w- c:\windows\system32\slwga.dll
- 2012-03-21 21:29 . 2011-02-18 18:24 389632 ----a-w- c:\windows\system32\winlogon.exe
- 2012-03-21 21:29 . 2009-07-13 23:57 2048 ----a-w- c:\windows\system32\winver.exe
- 2012-03-21 21:29 . 2009-06-10 20:59 107946 ----a-w- c:\windows\system32\slmgr.vbs
- 2012-03-02 15:31 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
- 2012-03-01 22:04 . 2012-01-18 19:16 690872 ----a-w- c:\windows\system32\drivers\avc3.sys
- 2012-02-23 12:18 . 2012-02-18 02:42 279656 ------w- c:\windows\system32\MpSigStub.exe
- 2012-02-18 12:53 . 2012-02-18 12:53 1856058 ----a-w- c:\programdata\1329562271.bdinstall.bin
- 2012-02-18 10:36 . 2012-02-18 10:36 21594 ----a-w- c:\programdata\1329561378.bdinstall.bin
- 2012-02-18 10:34 . 2012-02-18 10:34 21594 ----a-w- c:\programdata\1329561266.bdinstall.bin
- 2012-02-18 10:33 . 2012-02-18 10:33 330231 ----a-w- c:\programdata\1329560463.bdinstall.bin
- 2012-02-18 10:12 . 2012-02-18 10:12 502 ----a-w- c:\programdata\1329559938.bdinstall.bin
- 2012-01-04 10:44 . 2012-02-18 13:37 509952 ----a-w- c:\windows\system32\ntshrui.dll
- 2012-01-04 08:58 . 2012-02-18 13:37 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
- 2011-12-30 06:26 . 2012-02-18 08:11 515584 ----a-w- c:\windows\system32\timedate.cpl
- 2011-12-30 05:27 . 2012-02-18 08:11 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
- 2011-12-28 03:59 . 2012-02-18 07:57 498688 ----a-w- c:\windows\system32\drivers\afd.sys
- .
- .
- ------- Sigcheck -------
- Note: Unsigned files aren't necessarily malware.
- .
- [7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
- [7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
- [-] 2012-03-21 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
- .
- [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
- [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
- [-] 2012-03-21 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
- .
- (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
- .
- .
- *Nota* entradas vazias e legítimas por padrão não são apresentadas.
- REGEDIT4
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-06 741240]
- "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
- "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
- "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
- "HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
- "HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
- "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
- "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
- "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
- "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 0 (0x0)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableLUA"= 0 (0x0)
- "EnableUIADesktopToggle"= 0 (0x0)
- "PromptOnSecureDesktop"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
- "mixer4"=wdmaud.drv
- .
- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
- Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
- "SonicMasterTray"=c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
- "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
- "Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
- "ASUSWebStorage"=c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
- "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
- .
- R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
- R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
- R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
- R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
- R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
- R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
- R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
- R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
- R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
- R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
- R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
- R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
- R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
- R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
- R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
- R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
- R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
- R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
- R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
- R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
- S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
- S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
- S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
- S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
- S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
- S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
- S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
- S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
- S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
- S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
- S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
- S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-01-23 62512]
- S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
- S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
- S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
- S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
- S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-03-01 75384]
- S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
- S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
- .
- .
- Conteúdo da pasta 'Tarefas Agendadas'
- .
- 2012-03-23 c:\windows\Tasks\GlaryInitialize.job
- - c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-22 02:31]
- .
- 2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 22:22]
- .
- 2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 22:22]
- .
- .
- --------- x86-64 -----------
- .
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
- @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
- [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
- 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
- @="{64174815-8D98-4CE6-8646-4C039977D808}"
- [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
- 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
- @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
- [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
- 2012-03-01 22:04 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
- @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
- [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
- 2012-03-01 22:04 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
- @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
- [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
- 2012-03-01 22:04 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
- @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
- [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
- 2012-03-01 22:04 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-01 1066232]
- "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
- "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
- "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
- "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
- "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
- "Chew7Hale"="c:\windows\System32\hale.exe" [2012-03-21 2169856]
- "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
- .
- ------- Scan Suplementar -------
- .
- uLocal Page = c:\windows\system32\blank.htm
- uStart Page = hxxp://home.xwidget.com
- mStart Page = about:blank
- mLocal Page = c:\windows\SysWOW64\blank.htm
- TCP: Interfaces\{BD71480F-25A3-40D6-A6D7-ADCBAA42E431}: NameServer = 200.225.197.34 200.225.197.37
- FF - ProfilePath - c:\users\Gean\AppData\Roaming\Mozilla\Firefox\Profiles\eq93kkw5.default\
- FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
- FF - prefs.js: network.proxy.type - 1
- .
- - - - - ORFÃOS REMOVIDOS - - - -
- .
- Toolbar-Locked - (no file)
- .
- .
- .
- --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
- @Denied: (A) (Everyone)
- "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
- @Denied: (A) (Everyone)
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
- "Key"="ActionsPane3"
- "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- Tempo para conclusão: 2012-03-23 16:42:49
- ComboFix-quarantined-files.txt 2012-03-23 19:42
- ComboFix2.txt 2012-03-22 22:14
- .
- Pré-execução: 119.774.670.848 bytes disponíveis
- Pós execução: 119.489.523.712 bytes disponíveis
- .
- - - End Of File - - 664B21F58E54608B2DB97BF0CBAA6410
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement