Sie sind auf Seite 1von 4

ComboFix 13-12-16.01 - User 17/12/2013 7:47.4.

2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3317.2271 [GMT -2:
00]
Executando de: c:\users\User\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-17 to 2013-12-17 )))))
)))))))))))))))))))))))
.
.
2013-12-17 09:52 . 2013-12-17 09:52
-------d-----wc:\users
\Public\AppData\Local\temp
2013-12-17 09:52 . 2013-12-17 09:52
-------d-----wc:\users
\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2013-12-11 12:41 . 2012-05-23 16:13
71048 ----a-wc:\windows\syste
m32\FlashPlayerCPLApp.cpl
2013-12-11 12:41 . 2012-05-23 16:13
692616 ----a-wc:\windows\syste
m32\FlashPlayerApp.exe
2013-11-12 13:06 . 2013-03-12 11:28
178304 ----a-wc:\windows\syste
m32\drivers\aswVmm.sys
2013-11-12 13:06 . 2013-03-12 11:28
49944 ----a-wc:\windows\syste
m32\drivers\aswRvrt.sys
2013-11-12 13:06 . 2012-05-23 15:54
403440 ----a-wc:\windows\syste
m32\drivers\aswSP.sys
2013-11-12 13:06 . 2012-05-23 15:54
35656 ----a-wc:\windows\syste
m32\drivers\aswFsBlk.sys
2013-11-12 13:06 . 2012-05-23 15:54
79720 ----a-wc:\windows\syste
m32\drivers\aswRdr2.sys
2013-11-12 13:06 . 2012-05-23 15:54
774392 ----a-wc:\windows\syste
m32\drivers\aswSnx.sys
2013-11-12 13:06 . 2012-05-23 15:54
57672 ----a-wc:\windows\syste
m32\drivers\aswTdi.sys
2013-11-12 13:06 . 2012-05-23 15:54
70384 ----a-wc:\windows\syste
m32\drivers\aswMonFlt.sys
2013-11-12 13:06 . 2012-05-23 15:54
43152 ----a-wc:\windows\avast
SS.scr
2013-11-12 13:06 . 2012-05-23 15:54
269216 ----a-wc:\windows\syste
m32\aswBoot.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-11-12 13:06
321752 ----a-wc:\program files\AVAST Software\
Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win
.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [200703-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [201
0-06-09 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-0404 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-12 35
68312]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Off
ice\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10
-28 20504]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\window
s\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.s
ys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmd
fl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [200
9-09-19 123648]
R3 WatAdminSvc;Servio de Tecnologias de Ativao do Windows;c:\windows\system32\Wat\W
atAdminSvc.exe [2012-05-24 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Window
s Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-12 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-12 403440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-12 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-12 703
84]
S2 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe
[2010-10-27 13824]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService

\HPLaserJetService.exe [2010-10-27 145920]


S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Serv
ice.exe [2012-03-19 2666880]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\wi
ndows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009
-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
Pml Driver HPZ12 Net Driver HPZ12
.
Contedo da pasta 'Tarefas Agendadas'
.
2013-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 12
:41]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:01]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:01]
.
.
------- Scan Suplementar ------.
uStart Page = hxxp://www.uol.com.br/
uInternet Settings,ProxyOverride = <local>
TCP: Interfaces\{CBA0B1B2-2D20-48BB-AD6E-1D4DF514A7C7}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fjlall
8s.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110825&tt=0213_6
FF - user.js: extensions.BabylonToolbar_i.babExt FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 249b7d3e00000000000000016c7dd278
FF - user.js: extensions.BabylonToolbar_i.hardId - 249b7d3e00000000000000016c7dd
278
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15714
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.delta.tlbrSrchUrl FF - user.js: extensions.delta.id - 249b7d3e00000000000000016c7dd278
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15918
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.013:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst


FF - user.js: extensions.delta.dfltLng - pt
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4961
FF - user.js: extensions.delta_i.babExt FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para concluso: 2013-12-17 07:55:25
ComboFix-quarantined-files.txt 2013-12-17 09:55
ComboFix2.txt 2013-10-15 11:59
ComboFix3.txt 2013-03-12 11:26
ComboFix4.txt 2012-10-30 10:29
.
Pr-execuo: 272.720.109.568 bytes disponveis
Ps execuo: 273.156.648.960 bytes disponveis
.
- - End Of File - - DB49F86AB7D58C721C5BFA1912980231
A36C5E4F47E84449FF07ED3517B43A31