Combo Fix
If you can't read please download the document
-
Upload
joao-silva -
Category
Documents
-
view
6 -
download
0
Transcript of Combo Fix
ComboFix 15-03-09.01 - copiadora 09/03/2015 15:04:53.2.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.8151.5448 [GMT -3:00]Executando de: c:\users\copiadora\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\FFuN2Savoec:\program files (x86)\FFuN2Savoe\XxUIXv6wpMTiLQ.datc:\program files (x86)\FFuN2Savoe\XxUIXv6wpMTiLQ.tlbc:\program files (x86)\FFuN2Savoe\XxUIXv6wpMTiLQ.x64.dllc:\programdata\2507456840007141716c:\programdata\2507456840007141716\5d394a829d7c8b0eaac58f367a1de930.inic:\programdata\AdPunisherc:\programdata\AdPunisher\AdPunisher.exe..(((((((((((((((( Arquivos/Ficheiros criados de 2015-02-09 to 2015-03-09 ))))))))))))))))))))))))))))..2015-03-09 18:09 . 2015-03-09 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp2015-03-09 17:59 . 2015-03-09 17:59 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-03-09 17:58 . 2015-03-09 17:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2015-03-09 17:58 . 2015-03-09 17:58 -------- d-----w- c:\programdata\Malwarebytes2015-03-09 17:58 . 2014-11-21 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2015-03-09 17:58 . 2014-11-21 09:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2015-03-09 17:58 . 2014-11-21 09:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2015-03-09 11:34 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4B8B0D4-9486-4D69-A75C-264DF9832324}\mpengine.dll2015-03-06 14:49 . 2015-03-06 14:49 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll2015-03-06 14:49 . 2015-03-06 14:49 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll2015-03-06 14:49 . 2015-03-06 14:49 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll2015-03-06 14:49 . 2015-03-06 14:49 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll2015-03-06 11:44 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2015-02-27 11:24 . 2015-02-27 11:24 -------- d-----w- c:\program files (x86)\goopad2015-02-23 11:34 . 2014-09-10 17:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F4F3B7D-CD64-4FDC-A5C0-0B4706AAD582}\gapaengine.dll2015-02-18 18:36 . 2015-02-18 18:36 -------- d-----w- c:\users\copiadora\AppData\Local\Nero2015-02-18 18:13 . 2015-02-18 18:13 -------- d-----w- c:\users\copiadora\AppData\Roaming\ImposePresetTemplates2015-02-13 19:26 . 2015-02-13 19:26 -------- d-----w- c:\users\copiadora\AppData\Roaming\EFI2015-02-13 19:08 . 2015-02-13 19:08 -------- d-----w- c:\users\copiadora\AppData\Local\hotfolder2015-02-13 19:05 . 2015-02-13 19:05 -------- d-----w- c:\programdata\Fiery Remote Scan2015-02-13 19:04 . 2013-08-01 17:11 91784 ----a-w- c:\windows\system32\drivers\aksdf.sys2015-02-13 19:04 . 2015-02-13 19:04 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared2015-02-13 19:03 . 2013-08-01 17:11 4609928 ----a-w- c:\windows\system32\hasplms.exe2015-02-13 19:03 . 2013-08-01 17:11 4609928 ----a-w- c:\windows\system32\aksllmtp.exe2015-02-13 19:03 . 2013-08-01 17:11 140736 ----a-w- c:\windows\system32\drivers\aksfridge.sys2015-02-13 19:03 . 2013-08-01 17:11 331328 ----a-w- c:\windows\system32\drivers\hardlock.sys2015-02-13 19:03 . 2013-08-01 17:11 198088 ----a-w- c:\windows\SysWow64\hlvdd.dll2015-02-13 18:59 . 2015-02-13 18:59 -------- d-----w- c:\programdata\FieryPatchTool2015-02-13 18:57 . 2015-03-09 17:16 -------- d-----w- c:\users\copiadora\AppData\Roaming\CWSLogs2015-02-13 18:29 . 2015-02-13 18:29 -------- d-----w- c:\users\copiadora\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.12015-02-13 18:29 . 2015-02-13 18:29 -------- d-----w- c:\users\copiadora\AppData\Roaming\Adobe Mini Bridge CS52015-02-13 16:53 . 2015-02-13 16:54 -------- d-----w- c:\users\copiadora\AppData\Roaming\GetRightToGo2015-02-13 16:42 . 2015-02-13 16:42 -------- d-----w- c:\programdata\be56ff580000526f2015-02-13 16:32 . 2015-02-13 16:32 -------- d-----w- c:\users\copiadora\AppData\Roaming\ProductData2015-02-13 16:31 . 2015-02-13 16:31 -------- d-----w- c:\users\copiadora\AppData\Roaming\Apple Computer2015-02-13 16:31 . 2015-02-13 16:31 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}2015-02-13 16:31 . 2015-02-13 16:31 -------- d-----w- c:\program files (x86)\Common Files\IObit2015-02-13 16:30 . 2015-02-13 16:31 -------- d-----w- c:\programdata\IObit2015-02-13 16:30 . 2015-02-13 16:31 -------- d-----w- c:\programdata\ProductData2015-02-13 16:30 . 2015-02-13 16:38 -------- d-----w- c:\program files (x86)\IObit2015-02-13 16:30 . 2015-02-13 16:31 -------- d-----w- c:\users\copiadora\AppData\Roaming\IObit2015-02-13 11:10 . 2015-02-13 11:10 -------- d-----w- c:\program files (x86)\DoownSave2015-02-13 11:10 . 2015-02-13 11:10 -------- d-----w- c:\program files (x86)\Image Toolbar beta2015-02-12 19:26 . 2015-02-12 19:26 -------- d-----w- c:\program files (x86)\Fauxbar2015-02-12 19:26 . 2015-02-12 19:26 -------- d-----w- c:\program files (x86)\BeSatSaveFiouRYou2015-02-12 11:10 . 2015-02-12 11:10 -------- d-----w- c:\program files (x86)\ExstraaaCouupoono2015-02-09 12:23 . 2015-02-09 12:23 -------- d-----w- c:\users\copiadora\AppData\Local\Macromedia2015-02-09 10:39 . 2014-09-10 17:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll...((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe2015-02-09 13:11 . 2015-01-31 15:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2015-02-09 13:11 . 2015-01-31 15:07 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2015-02-06 15:53 . 2015-02-06 15:53 520584 ----a-r- c:\users\copiadora\AppData\Roaming\Microsoft\Installer\{7B3A3142-5801-48F2-819B-515818EFE696}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe2015-02-06 15:09 . 2015-02-06 15:09 520584 ----a-r- c:\users\copiadora\AppData\Roaming\Microsoft\Installer\{9D589081-AFC2-4932-9071-AC585AC1EA83}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe2015-02-05 17:00 . 2015-02-05 16:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2015-02-05 16:27 . 2015-02-05 16:27 262144 ----a-w- c:\windows\SysWow64\OdbcJdbcMT.dll2015-02-05 16:27 . 2015-02-05 16:27 274432 ----a-w- c:\windows\SysWow64\IscDbc.dll2015-02-05 16:27 . 2015-02-05 16:27 253952 ----a-w- c:\windows\SysWow64\OdbcJdbc.dll2015-02-05 16:27 . 2015-02-05 16:27 155648 ----a-w- c:\windows\SysWow64\OdbcJdbcSetup.dll2015-02-05 16:17 . 2015-02-05 17:00 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2015-02-05 16:17 . 2015-02-05 17:00 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll2015-02-03 16:26 . 2015-02-03 16:26 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2015-02-03 16:26 . 2015-02-03 16:26 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2015-02-03 16:26 . 2015-02-03 16:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2015-02-03 16:26 . 2015-02-03 16:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2015-02-03 16:26 . 2015-02-03 16:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2015-02-03 16:26 . 2015-02-03 16:26 62464 ----a-w- c:\windows\SysWow64\iesetup.dll2015-02-03 16:26 . 2015-02-03 16:26 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2015-02-03 16:26 . 2015-02-03 16:26 337408 ----a-w- c:\windows\SysWow64\html.iec2015-02-03 16:26 . 2015-02-03 16:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2015-02-03 16:26 . 2015-02-03 16:26 235008 ----a-w- c:\windows\system32\elshyph.dll2015-02-03 16:26 . 2015-02-03 16:26 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl2015-02-03 16:26 . 2015-02-03 16:26 1888256 ----a-w- c:\windows\SysWow64\wininet.dll2015-02-03 16:26 . 2015-02-03 16:26 182272 ----a-w- c:\windows\SysWow64\msls31.dll2015-02-03 16:26 . 2015-02-03 16:26 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2015-02-03 16:26 . 2015-02-03 16:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2015-02-03 16:26 . 2015-02-03 16:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2015-02-03 16:26 . 2015-02-03 16:26 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2015-02-03 16:26 . 2015-02-03 16:26 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll2015-02-03 16:26 . 2015-02-03 16:26 501248 ----a-w- c:\windows\SysWow64\vbscript.dll2015-02-03 16:26 . 2015-02-03 16:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2015-02-03 16:26 . 2015-02-03 16:26 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2015-02-03 16:26 . 2015-02-03 16:26 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll2015-02-03 16:26 . 2015-02-03 16:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2015-02-03 16:26 . 2015-02-03 16:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2015-02-03 16:26 . 2015-02-03 16:26 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2015-02-03 16:26 . 2015-02-03 16:26 139264 ----a-w- c:\windows\SysWow64\wextract.exe2015-02-03 16:26 . 2015-02-03 16:26 13312 ----a-w- c:\windows\SysWow64\mshta.exe2015-02-03 16:26 . 2015-02-03 16:26 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe2015-02-03 16:26 . 2015-02-03 16:26 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2015-02-03 16:26 . 2015-02-03 16:26 942592 ----a-w- c:\windows\system32\jsIntl.dll2015-02-03 16:26 . 2015-02-03 16:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2015-02-03 16:26 . 2015-02-03 16:26 54784 ----a-w- c:\windows\system32\jsproxy.dll2015-02-03 16:26 . 2015-02-03 16:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2015-02-03 16:26 . 2015-02-03 16:26 2885120 ----a-w- c:\windows\system32\iertutil.dll2015-02-03 16:26 . 2015-02-03 16:26 247808 ----a-w- c:\windows\system32\msls31.dll2015-02-03 16:26 . 2015-02-03 16:26 2358272 ----a-w- c:\windows\system32\wininet.dll2015-02-03 16:26 . 2015-02-03 16:26 199680 ----a-w- c:\windows\system32\msrating.dll2015-02-03 16:26 . 2015-02-03 16:26 1548288 ----a-w- c:\windows\system32\urlmon.dll2015-02-03 16:26 . 2015-02-03 16:26 13312 ----a-w- c:\windows\system32\msfeedssync.exe2015-02-03 16:26 . 2015-02-03 16:26 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2015-02-03 16:26 . 2015-02-03 16:26 92160 ----a-w- c:\windows\system32\mshtmled.dll2015-02-03 16:26 . 2015-02-03 16:26 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2015-02-03 16:26 . 2015-02-03 16:26 814080 ----a-w- c:\windows\system32\jscript9diag.dll2015-02-03 16:26 . 2015-02-03 16:26 81408 ----a-w- c:\windows\system32\icardie.dll2015-02-03 16:26 . 2015-02-03 16:26 800768 ----a-w- c:\windows\system32\msfeeds.dll2015-02-03 16:26 . 2015-02-03 16:26 800768 ----a-w- c:\windows\system32\ieapfltr.dll2015-02-03 16:26 . 2015-02-03 16:26 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2015-02-03 16:26 . 2015-02-03 16:26 77312 ----a-w- c:\windows\system32\tdc.ocx2015-02-03 16:26 . 2015-02-03 16:26 718848 ----a-w- c:\windows\system32\ie4uinit.exe2015-02-03 16:26 . 2015-02-03 16:26 66560 ----a-w- c:\windows\system32\iesetup.dll2015-02-03 16:26 . 2015-02-03 16:26 633856 ----a-w- c:\windows\system32\ieui.dll2015-02-03 16:26 . 2015-02-03 16:26 62464 ----a-w- c:\windows\system32\pngfilt.dll2015-02-03 16:26 . 2015-02-03 16:26 616104 ----a-w- c:\windows\system32\ieapfltr.dat2015-02-03 16:26 . 2015-02-03 16:26 6039552 ----a-w- c:\windows\system32\jscript9.dll2015-02-03 16:26 . 2015-02-03 16:26 580096 ----a-w- c:\windows\system32\vbscript.dll2015-02-03 16:26 . 2015-02-03 16:26 490496 ----a-w- c:\windows\system32\dxtmsft.dll2015-02-03 16:26 . 2015-02-03 16:26 48640 ----a-w- c:\windows\system32\mshtmler.dll2015-02-03 16:26 . 2015-02-03 16:26 413696 ----a-w- c:\windows\system32\html.iec2015-02-03 16:26 . 2015-02-03 16:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2015-02-03 16:26 . 2015-02-03 16:26 389296 ----a-w- c:\windows\system32\iedkcs32.dll2015-02-03 16:26 . 2015-02-03 16:26 34304 ----a-w- c:\windows\system32\iernonce.dll2015-02-03 16:26 . 2015-02-03 16:26 316928 ----a-w- c:\windows\system32\dxtrans.dll2015-02-03 16:26 . 2015-02-03 16:26 30208 ----a-w- c:\windows\system32\licmgr10.dll2015-02-03 16:26 . 2015-02-03 16:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb2015-02-03 16:26 . 2015-02-03 16:26 25059840 ----a-w- c:\windows\system32\mshtml.dll2015-02-03 16:26 . 2015-02-03 16:26 243200 ----a-w- c:\windows\system32\webcheck.dll2015-02-03 16:26 . 2015-02-03 16:26 235520 ----a-w- c:\windows\system32\url.dll2015-02-03 16:26 . 2015-02-03 16:26 2125312 ----a-w- c:\windows\system32\inetcpl.cpl2015-02-03 16:26 . 2015-02-03 16:26 167424 ----a-w- c:\windows\system32\iexpress.exe2015-02-03 16:26 . 2015-02-03 16:26 147968 ----a-w- c:\windows\system32\occache.dll2015-02-03 16:26 . 2015-02-03 16:26 144384 ----a-w- c:\windows\system32\ieUnatt.exe2015-02-03 16:26 . 2015-02-03 16:26 14412800 ----a-w- c:\windows\system32\ieframe.dll2015-02-03 16:26 . 2015-02-03 16:26 143872 ----a-w- c:\windows\system32\wextract.exe2015-02-03 16:26 . 2015-02-03 16:26 13824 ----a-w- c:\windows\system32\mshta.exe2015-02-03 16:26 . 2015-02-03 16:26 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll2015-02-03 16:26 . 2015-02-03 16:26 114688 ----a-w- c:\windows\system32\ieetwcollector.exe2015-02-03 16:26 . 2015-02-03 16:26 105984 ----a-w- c:\windows\system32\iesysprep.dll2015-02-03 16:26 . 2015-02-03 16:26 101376 ----a-w- c:\windows\system32\inseng.dll2015-02-03 16:26 . 2015-02-03 16:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2015-02-03 16:26 . 2015-02-03 16:26 88064 ----a-w- c:\windows\system32\MshtmlDac.dll2015-02-03 16:26 . 2015-02-03 16:26 774144 ----a-w- c:\windows\system32\jscript.dll2015-02-03 16:26 . 2015-02-03 16:26 48128 ----a-w- c:\windows\system32\imgutil.dll2015-02-03 16:26 . 2015-02-03 16:26 135680 ----a-w- c:\windows\system32\iepeers.dll2015-02-03 16:25 . 2015-02-03 16:25 424448 ----a-w- c:\windows\system32\KernelBase.dll2015-02-03 16:25 . 2015-02-03 16:25 362496 ----a-w- c:\windows\system32\wow64win.dll2015-02-03 16:25 . 2015-02-03 16:25 338432 ----a-w- c:\windows\system32\conhost.exe2015-02-03 16:25 . 2015-02-03 16:25 243712 ----a-w- c:\windows\system32\wow64.dll2015-02-03 16:25 . 2015-02-03 16:25 215040 ----a-w- c:\windows\system32\winsrv.dll..(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legtimas por padro no so apresentadas. REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DIMDescargando la actualizacin...1338924290338"="c:\program files (x86)\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" [2012-02-23 179576]"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-12-05 493960]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]"FRSSysTrayIcon"="c:\program files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe" [2014-09-11 57344].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336].c:\users\copiadora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CorelDraw Graphics Suit X6 Keygen, Serial Number Download.lnk - c:\programdata\{c5dda460-6b49-9a61-c5dd-da4606b49181}\CorelDraw Graphics Suit X6 Keygen, Serial Number Download.exe --startup=1 [2015-1-31 1170808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 863788fa;goopad;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R3 ATICDSDr;ATICDSDr;c:\users\COPIAD~1\AppData\Local\Temp\ATICDSDr.sys;c:\users\COPIAD~1\AppData\Local\Temp\ATICDSDr.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]R3 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R4 ClaraUpdater;ClaraUpdater;c:\program files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe;c:\program files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [x]R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]R4 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]S1 crfilterdrv;crfilterdrv;c:\windows\system32\drivers\crfilterdrv.sys;c:\windows\SYSNATIVE\drivers\crfilterdrv.sys [x]S1 gosaferdrv;gosaferdrv;c:\windows\system32\drivers\gosaferdrv.sys;c:\windows\SYSNATIVE\drivers\gosaferdrv.sys [x]S1 mosfilterdrv;mosfilterdrv;c:\windows\system32\drivers\mosfilterdrv.sys;c:\windows\SYSNATIVE\drivers\mosfilterdrv.sys [x]S1 pofilterdrv;pofilterdrv;c:\windows\system32\drivers\pofilterdrv.sys;c:\windows\SYSNATIVE\drivers\pofilterdrv.sys [x]S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]S2 EFI ES1000;EFI ES1000;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [x]S2 EFI License Manager;EFI License Manager;c:\program files (x86)\EFI\EFILM\lmgrd.exe;c:\program files (x86)\EFI\EFILM\lmgrd.exe [x]S2 Fiery Data Collector;Fiery Data Collector;c:\program files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe;c:\program files (x86)\Fiery\Applications3\Command WorkStation 5\FDC\FDC.exe [x]S2 Fiery Mailbox Synchronization;Fiery Mailbox Synchronization;c:\program files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe;c:\program files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 ofaApp;ofaApp;c:\program files (x86)\EFI\OFASQ\ofaApp.exe;c:\program files (x86)\EFI\OFASQ\ofaApp.exe [x]S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 NisSrv;Inspeo de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- =Outros Servios/Drivers Na Memria ---.*NewlyCreated* - MBAMPROTECTOR*NewlyCreated* - MBAMWEBACCESSCONTROL.Contedo da pasta 'Tarefas Agendadas'.2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31 13:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288].------- Scan Suplementar -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.hotmail.com/mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422978601&from=cor&uid=TOSHIBAXDT01ACA100_Z2OV10JPSXXZ2OV10JPSX&q={searchTerms}mStart Page = hxxp://websearch.look-for-it.info/?pid=20473&r=2015/02/05&hid=12305399020999534896&lg=EN&cc=BR&unqvl=82mLocal Page = c:\windows\SysWOW64\blank.htmmSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422978601&from=cor&uid=TOSHIBAXDT01ACA100_Z2OV10JPSXXZ2OV10JPSX&q={searchTerms}uInternet Settings,ProxyOverride = IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Anexar para um PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Converter destino do link em um PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\copiadora\AppData\Roaming\Mozilla\Firefox\Profiles\bcjzsxqd.default\FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=20473&r=2015/02/05&hid=12305399020999534896&lg=EN&cc=BR&unqvl=82&l=1&q=FF - prefs.js: browser.search.selectedEngine - WebSearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://websearch.look-for-it.info/?pid=20473&r=2015/02/05&hid=12305399020999534896&lg=EN&cc=BR&unqvl=82&l=1&q=.- - - - ORFOS REMOVIDOS - - - -.BHO-{4241818d-92b5-4189-b249-35bb95b2ad67} - c:\program files (x86)\FFuN2Savoe\XxUIXv6wpMTiLQ.dllWow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKLM-Run- - (no file)BHO-{4241818d-92b5-4189-b249-35bb95b2ad67} - c:\program files (x86)\FFuN2Savoe\XxUIXv6wpMTiLQ.x64.dllShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4}_is1 - c:\programdata\AdPunisher\AdPunisher.exe...--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.16".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Tempo para concluso: 2015-03-09 15:11:40ComboFix-quarantined-files.txt 2015-03-09 18:11ComboFix2.txt 2015-02-13 17:05.Pr-execuo: 889.923.899.392 bytes disponveisPs execuo: 889.819.611.136 bytes disponveis.- - End Of File - - 19169D93A9A90B1022C7AE3F067AC712A36C5E4F47E84449FF07ED3517B43A31
