Ir para conteúdo
Fórum Script Brasil

vinno

Membros
  • Total de itens

    1
  • Registro em

  • Última visita

Sobre vinno

vinno's Achievements

0

Reputação

  1. EU AINDA CONTINUO COM PAGINAS ABRINDO SOZINHAS o que FAZER ? ComboFix 15-04-19.01 - Ronald 25/04/2015 20:08:43.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2701 [GMT -4:00] Running from: c:\users\Ronald\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ShopperPro c:\program files (x86)\ShopperPro\config.json c:\program files (x86)\ShopperPro\database1_0_0.json c:\program files (x86)\ShopperPro\FireFox\content\overlay.xul c:\program files (x86)\ShopperPro\FireFox\content\shopperpro_128.png c:\program files (x86)\ShopperPro\FireFox\install.rdf c:\program files (x86)\ShopperPro\JSDriver\1460.0.0.0\config.json c:\program files (x86)\ShopperPro\JSDriver\1460.0.0.0\database1_0_0.json c:\program files (x86)\ShopperPro\manifest.json c:\programdata\ShopperPro c:\programdata\ShopperPro\config.json c:\programdata\ShopperPro\database1_0_0.json c:\programdata\Tbccint c:\programdata\Tbccint\Multi\CT1561552\configutaion.json c:\programdata\Tbccint\Multi\CT1561552\SetupIcon.ico c:\programdata\Tbccint\Multi\CT1561552\UninstallerUI.exe c:\users\Ronald\AppData\Local\Tbccint c:\users\Ronald\AppData\Local\Tbccint\Community Alerts\Alert.dll . . ((((((((((((((((((((((((( Files Created from 2015-03-26 to 2015-04-26 ))))))))))))))))))))))))))))))) . . 2015-04-26 00:16 . 2015-04-26 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-25 05:06 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8196927-181B-405A-9D46-A8A30F65F03B}\mpengine.dll 2015-04-22 01:23 . 2015-04-22 01:23 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software 2015-04-21 23:53 . 2015-04-21 23:53 -------- d-----w- c:\program files (x86)\mp3DirectCut 2015-04-16 20:03 . 2015-04-16 20:03 -------- d-----w- c:\users\Ronald\AppData\Roaming\Dev-Cpp 2015-04-16 20:01 . 2015-04-16 20:01 -------- d-----w- c:\program files (x86)\Dev-Cpp 2015-04-16 03:04 . 2015-04-16 03:04 -------- d-----w- c:\program files\CCleaner 2015-04-15 18:53 . 2015-04-15 18:53 -------- d-s---w- c:\windows\system32\CompatTel 2015-04-15 18:53 . 2015-04-15 18:53 -------- d-----w- c:\windows\system32\appraiser 2015-04-14 22:47 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-04-14 22:45 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys 2015-04-14 22:41 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys 2015-04-14 22:41 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-14 22:41 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-04-14 22:17 . 2015-04-14 22:16 364472 ----a-w- c:\windows\system32\aswBoot.exe 2015-04-14 22:16 . 2015-04-14 22:16 43112 ----a-w- c:\windows\avastSS.scr 2015-04-14 22:15 . 2015-04-14 22:15 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2015-04-14 22:09 . 2015-04-14 22:09 -------- d-----w- c:\programdata\Radio 2015-04-09 10:12 . 2015-04-09 10:13 -------- d-----w- c:\program files (x86)\Scratch 2015-04-08 01:37 . 2015-04-09 02:07 -------- d-----w- c:\programdata\T122078ED 2015-04-06 03:46 . 2015-04-06 03:51 -------- d-----w- c:\program files (x86)\AirDroid 2015-04-04 19:10 . 2015-04-25 19:16 -------- d-----w- c:\program files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9 2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\system32\GWX 2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\SysWow64\GWX 2015-04-03 15:49 . 2015-04-03 15:49 -------- d-----w- c:\program files (x86)\Apoio 2015-04-02 02:43 . 2015-04-04 08:16 -------- d-----w- c:\program files\shopperz 2015-04-02 02:43 . 2015-04-03 17:51 -------- d-----w- c:\program files\PopDeals 2015-03-28 03:16 . 2015-04-08 01:37 -------- d-----w- c:\programdata\NetEngine . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-14 22:42 . 2014-08-28 06:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-14 22:42 . 2014-08-28 06:25 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-14 22:16 . 2014-08-28 06:03 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-04-14 22:16 . 2014-08-28 06:03 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-04-14 22:16 . 2014-08-28 06:03 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-04-14 22:16 . 2014-08-28 06:03 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-04-14 22:16 . 2014-08-28 06:03 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-04-14 22:16 . 2014-08-28 06:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-04-14 22:16 . 2014-08-28 06:03 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-04-14 22:16 . 2014-08-28 06:03 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-04-14 22:16 . 2014-09-23 21:23 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2015-03-24 20:59 . 2014-08-28 06:09 35344 ----a-w- c:\windows\system32\drivers\npf.sys 2015-03-24 20:59 . 2014-08-28 06:09 73728 ----a-w- c:\windows\system32\wltrynt.dll 2015-03-24 20:59 . 2014-08-28 06:09 4659712 ----a-w- c:\windows\system32\bcmttls.dll 2015-03-24 20:59 . 2014-08-28 06:09 445 ----a-w- c:\windows\system32\vcredist_x64.bat 2015-03-24 20:59 . 2014-08-28 06:09 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe 2015-03-24 20:59 . 2014-08-28 06:09 1047552 ----a-w- c:\windows\system32\BCMLogon.dll 2015-03-24 20:59 . 2014-08-28 06:09 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe 2015-03-24 20:59 . 2014-08-28 06:09 446 ----a-w- c:\windows\SysWow64\vcredist_x64.bat 2015-03-24 20:59 . 2014-08-28 06:09 22592 ----a-w- c:\windows\system32\drivers\bcm42rly.sys 2015-03-24 20:59 . 2014-08-28 06:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2015-03-17 04:56 . 2015-04-14 22:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-15 19:34 . 2015-01-07 00:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-02-26 03:25 . 2015-03-11 21:05 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-20 04:41 . 2015-03-11 21:07 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 21:07 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 21:07 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 21:07 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 21:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 21:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 21:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 21:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 21:07 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 21:07 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-13 05:22 . 2015-03-11 21:05 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 21:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 21:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 21:06 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 21:06 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 21:06 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 21:06 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 21:06 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll 2015-02-03 03:31 . 2015-03-11 21:06 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-03 03:31 . 2015-03-11 21:05 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-02-03 03:31 . 2015-03-11 21:05 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-02-03 03:31 . 2015-03-11 21:06 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-02-03 03:31 . 2015-03-11 21:06 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-02-03 03:31 . 2015-03-11 21:06 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-02-03 03:31 . 2015-03-11 21:06 1574400 ----a-w- c:\windows\system32\quartz.dll 2015-02-03 03:31 . 2015-03-11 21:06 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-02-03 03:31 . 2015-03-11 21:06 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-02-03 03:31 . 2015-03-11 21:06 188416 ----a-w- c:\windows\system32\pcasvc.dll 2015-02-03 03:31 . 2015-03-11 21:06 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-02-03 03:31 . 2015-03-11 21:06 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-02-03 03:31 . 2015-03-11 21:06 641024 ----a-w- c:\windows\system32\msscp.dll 2015-02-03 03:31 . 2015-03-11 21:06 325632 ----a-w- c:\windows\system32\msnetobj.dll 2015-02-03 03:31 . 2015-03-11 21:06 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-02-03 03:31 . 2015-03-11 21:06 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-02-03 03:31 . 2015-03-11 21:06 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-03 03:31 . 2015-03-11 21:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-03 03:30 . 2015-03-11 21:06 631808 ----a-w- c:\windows\system32\evr.dll 2015-02-03 03:30 . 2015-03-11 21:06 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-02-03 03:30 . 2015-03-11 21:07 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2015-02-03 03:30 . 2015-03-11 21:06 497664 ----a-w- c:\windows\system32\drmmgrtn.dll 2015-02-03 03:30 . 2015-03-11 21:06 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-03 03:30 . 2015-03-11 21:06 1069056 ----a-w- c:\windows\system32\cryptui.dll 2015-02-03 03:30 . 2015-03-11 21:06 82432 ----a-w- c:\windows\system32\cryptsp.dll 2015-02-03 03:30 . 2015-03-11 21:06 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-02-03 03:30 . 2015-03-11 21:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-03 03:30 . 2015-03-11 21:07 842240 ----a-w- c:\windows\system32\blackbox.dll 2015-02-03 03:30 . 2015-03-11 21:06 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-02-03 03:30 . 2015-03-11 21:06 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-02-03 03:30 . 2015-03-11 21:06 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-02-03 03:30 . 2015-03-11 21:06 32256 ----a-w- c:\windows\system32\appidsvc.dll 2015-02-03 03:30 . 2015-03-11 21:06 58880 ----a-w- c:\windows\system32\appidapi.dll 2015-02-03 03:30 . 2015-03-11 21:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-03 03:30 . 2015-03-11 21:06 9728 ----a-w- c:\windows\system32\pcalua.exe 2015-02-03 03:30 . 2015-03-11 21:06 11264 ----a-w- c:\windows\system32\pcawrk.exe 2015-02-03 03:30 . 2015-03-11 21:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-03 03:30 . 2015-03-11 21:06 126464 ----a-w- c:\windows\system32\audiodg.exe 2015-02-03 03:30 . 2015-03-11 21:06 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-02-03 03:30 . 2015-03-11 21:06 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-02-03 03:30 . 2015-03-11 21:06 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-03 03:29 . 2015-03-11 21:06 8704 ----a-w- c:\windows\system32\pcaevts.dll 2015-02-03 03:28 . 2015-03-11 21:06 2048 ----a-w- c:\windows\system32\mferror.dll 2015-02-03 03:19 . 2015-03-11 21:06 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys 2015-02-03 03:12 . 2015-03-11 21:06 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll 2015-02-03 03:12 . 2015-03-11 21:06 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-02-03 03:12 . 2015-03-11 21:05 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-02-03 03:12 . 2015-03-11 21:05 171520 ----a-w- c:\windows\SysWow64\ubpm.dll 2015-02-03 03:12 . 2015-03-11 21:06 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2015-02-03 03:12 . 2015-03-11 21:06 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll 2015-02-03 03:12 . 2015-03-11 21:06 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2015-02-03 03:12 . 2015-03-11 21:06 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2015-02-03 03:12 . 2015-03-11 21:06 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll 2015-02-03 03:12 . 2015-03-11 21:06 8192 ----a-w- c:\windows\SysWow64\spwmp.dll 2015-02-03 03:12 . 2015-03-11 21:06 504320 ----a-w- c:\windows\SysWow64\msscp.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-14 5512912] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-11 335232] . c:\users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Explorer.lnk - c:\users\Ronald\AppData\Roaming\jjjgu\dllmonitor.exe "c:\users\Ronald\AppData\Roaming\jjjgu\hdeipmok.js" [2015-4-9 168960] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Explorer.lnk - c:\users\Ronald\AppData\Roaming\jjjgu\dllmonitor.exe "c:\users\Ronald\AppData\Roaming\jjjgu\hdeipmok.js" [2015-4-9 168960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "RequireSignedAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 ccnfd_1_10_0_5;ccnfd_1_10_0_5;c:\windows\system32\drivers\ccnfd_1_10_0_5.sys;c:\windows\SYSNATIVE\drivers\ccnfd_1_10_0_5.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 GyFxRYxepe;GyFxRYxepe;c:\programdata\nmcgUEJwgJK\GyFxRYxepe.exe;c:\programdata\nmcgUEJwgJK\GyFxRYxepe.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 Service Mgr InternetProgram;Service Mgr InternetProgram;c:\programdata\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe;c:\programdata\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-16 03:43 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25 22:42] . 2015-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 06:04] . 2015-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 06:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-04-14 22:16 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-28 12343400] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2015-03-24 7138816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-20 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-20 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-20 440600] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://q.search-simple.com/?affID=bl_ad5adb6d-818a-47d9-8046-27de505d4820 mStart Page = https://www.google.com/?trackid=sp-006 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} mSearch Bar = https://www.google.com/?trackid=sp-006 uInternet Settings,ProxyOverride = <-loopback> Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 200.189.88.52 200.189.88.39 201.6.4.116 FF - ProfilePath - c:\users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\zyprb519.default-1428289877863\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://login.lataminternet.com/search.php?q= FF - prefs.js: keyword.URL - hxxp://login.lataminternet.com/search.php?q= FF - user.js: browser.startup.homepage - hxxp://login.lataminternet.com/search.php?q=);user_pref(keyword.URL, http://login.lataminternet.com/search.php?q= . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va025] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va025" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-04-25 20:18:59 ComboFix-quarantined-files.txt 2015-04-26 00:18 . Pre-Run: 294.642.581.504 bytes disponíveis Post-Run: 294.455.619.584 bytes disponíveis . - - End Of File - - 080D6ABFC8C563C0FEBBD984AE710448 A36C5E4F47E84449FF07ED3517B43A31
×
×
  • Criar Novo...