Combo Fix

ComboFix 11-07-20.02 - Carlos Ryve 20/07/2011 15:27:48.2.
2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4084.2605 [GMT -3:00]
Executando de: c:\users\Carlos Ryve\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914
135DA5160}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B
549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E
79}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA3
34E5D1BDD}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CA
F254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restaurao
.
.
((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\Topckit
c:\program files (x86)\Topckit\ObjClsID.dll
c:\program files (x86)\Topckit\Topckit_2010.exe
c:\program files (x86)\Topckit\unins000.dat
c:\program files (x86)\Topckit\unins000.exe
c:\program files (x86)\Topckit\Update.Ini
c:\program files (x86)\Topckit\UpdatePro.exe
c:\programdata\eBay.ico
c:\programdata\fG01602NmPaM01602
c:\programdata\fG01602NmPaM01602\fG01602NmPaM01602
c:\programdata\fG01602NmPaM01602\fG01602NmPaM01602.exe
c:\programdata\QuickStores.ico
c:\users\Carlos Ryve\AppData\Local\Wisdends.dll
c:\users\Carlos Ryve\AppData\Roaming\Adobe\plugs
c:\users\Carlos Ryve\AppData\Roaming\Adobe\plugs\mmc116.exe
c:\users\Carlos Ryve\AppData\Roaming\Adobe\plugs\mmc176555800.txt
c:\users\Carlos Ryve\AppData\Roaming\Adobe\plugs\mmc217.exe
c:\users\Carlos Ryve\AppData\Roaming\Adobe\shed
c:\users\Carlos Ryve\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\Cpafya.exe
c:\windows\necont
c:\windows\SysWow64\azip32.dll
c:\windows\SysWow64\Video159da279Drivers.dll
c:\windows\SysWow64\zip32.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
D:\install.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-20 to 2011-07-20 )))))
)))))))))))))))))))))))
.
.
2011-07-20 17:52 . 2011-07-20 17:52
-------d-----wc:\windo
ws\system32\log
2011-07-20 17:52 . 2011-07-20 17:53
-------d-----wc:\progr
am files (x86)\Trend Micro
2011-07-20 16:56 . 2011-07-20 16:56
-------d-----wc:\windo
ws\Sun
2011-07-20 12:14 . 2011-07-20 12:14

-------d-----wc:\users
\Carlos Ryve\AppData\Local\GMail Drive
2011-07-20 12:13 . 2011-07-20 12:13
-------d-----wc:\windo
ws\SysWow64\ShellExt
2011-07-20 12:12 . 2011-07-20 12:13
-------d-----wc:\windo
ws\system32\ShellExt
2011-07-18 12:47 . 2011-07-18 12:47
-------d-----wc:\users
\Carlos Ryve\AppData\Roaming\Uniblue
2011-07-18 12:47 . 2011-07-18 12:47
-------d-----wc:\progr
am files (x86)\Uniblue
2011-07-18 12:44 . 2011-07-18 15:54
-------d-----wc:\users
\Carlos Ryve\AppData\Local\OpenCandy
2011-07-18 12:44 . 2011-07-18 12:44
-------d-----wc:\progr
am files (x86)\WinSCP
2011-07-18 12:44 . 2011-07-18 12:44
-------d-----wc:\users
\Carlos Ryve\AppData\Roaming\OpenCandy
2011-07-18 11:11 . 2011-06-07 17:10
8873296 ------wc:\programdata\M
icrosoft\Microsoft Antimalware\Definition Updates\{A776C37C-5F5C-444C-9D9F-1272B
D25DF3D}\mpengine.dll
2011-07-14 10:14 . 2011-06-02 06:39
422400 ----a-wc:\windows\syste
m32\KernelBase.dll
2011-07-14 10:14 . 2011-06-02 05:54
272384 ----a-wc:\windows\SysWo
w64\KernelBase.dll
2011-07-14 10:11 . 2011-06-11 02:56
m32\win32k.sys
2011-07-06 18:59 . 2011-07-20 18:33
-------d-----wc:\progr
am files (x86)\Object
2011-07-01 12:21 . 2011-07-01 12:21
-------d-----wc:\progr
am files (x86)\Dokan
2011-07-01 12:21 . 2011-07-01 12:21
-------d-----wc:\progr
am files\KACE
2011-07-01 12:21 . 2011-07-01 12:21
-------d-----wc:\progr
am files (x86)\KACE
2011-06-27 13:33 . 2001-02-09 19:49
w64\craxdrt.dll
2011-06-24 17:16 . 2011-06-24 17:16
0
---ha-wc:\users\Carlos
Ryve\AppData\Local\BITA88F.tmp
2011-06-24 17:14 . 2011-06-24 17:14
0
---ha-wc:\users\Carlos
Ryve\AppData\Local\BITCFFC.tmp
2011-06-22 19:41 . 2011-06-22 19:41
-------d-----wc:\progr
am files (x86)\Apostilas Objetiva
2011-06-22 15:22 . 2011-06-22 15:22
-------d-----wc:\progr
am files (x86)\Takeoff Live
2011-06-21 20:56 . 2010-05-12 15:30
m32\drivers\FlashUSB_x64.sys
2011-06-21 20:45 . 2011-06-21 20:45
-------d-----wC:\LG_US
B
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2011-07-09 10:49 . 2011-02-14 17:13
1284
----a-wc:\users\Carlos
Ryve\advanced_ip_scanner_MAC.bin
2011-06-21 15:27 . 2011-05-30 19:01
w64\FlashPlayerCPLApp.cpl
2011-06-19 17:01 . 2010-05-19 01:29
2378144 ----a-wc:\programdata\M
icrosoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-13 12:06 . 2010-05-24 11:54
w64\drivers\gbpkm.sys
2011-06-07 17:10 . 2010-05-20 10:24
8873296 ------wc:\programdata\M
icrosoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 05:56 . 2011-07-14 10:13
44032 ----a-wc:\windows\apppa
tch\acwow64.dll
2011-05-04 20:54 . 2011-05-04 20:54
m32\drivers\VSPE.sys
2011-05-04 02:51 . 2011-06-16 11:11
m32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 11:11
m32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 11:11
m32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 11:08
m32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 11:08
w64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 11:08
m32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 11:08
m32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 11:08
m32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 11:11
m32\drivers\dfsc.sys
2011-04-26 10:17 . 2011-04-26 10:17
159080 ----a-wc:\programdata\M
icrosoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-25 05:32 . 2011-06-16 11:11
m32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 11:11
m32\drivers\afd.sys
2011-04-24 04:20 . 2011-04-24 04:20
w64\sqlncli10.dll
2011-04-24 03:37 . 2011-04-24 03:37
m32\sqlncli10.dll
2011-04-23 01:29 . 2011-06-17 14:45
m32\jscript9.dll
2011-04-23 01:19 . 2011-06-17 14:45
m32\mshtml.tlb
2011-04-22 23:35 . 2011-06-17 14:45
w64\jscript9.dll
2011-04-22 23:25 . 2011-06-17 14:45
w64\mshtml.tlb
2011-04-22 20:18 . 2011-05-25 10:35
m32\drivers\Diskdump.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-1
7 3872080]
"LG LinkAir"="c:\program files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkA
ir.exe" [2010-04-08 2369384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-
04-23 691656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [201
1-05-16 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.
exe" [2008-10-25 31072]
"Gigaget"="c:\program files (x86)\Giganology\Gigaget\GigagetShell.exe" [2006-0207 495616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2010-01-11 246504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-10-28 618496]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Securit
y Agent\pccntmon.exe" [2011-05-05 1718288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-1
7 3872080]
.
c:\users\Carlos Ryve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start
up\
Psi.lnk - c:\program files (x86)\Psi\Psi.exe [2009-12-2 8456704]
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microso
ft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1
1079584]
PS-Link.lnk - c:\program files (x86)\PS Software\PsLink.exe [2011-6-15 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginBb]
2011-06-13 12:03
1412896 ----a-wc:\program files (x86)\GbPlugin\
gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginCef]
2011-04-18 18:12
496072 ------wc:\program files (x86)\GbPlugin\
gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\dri
vers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages
REG_MULTI_SZ
kerberos msv1_0 schannel wdigest tspkg p
ku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRep
ository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2009-03-03 8960
0]
R2 ByYouservice;ByYou;c:\totvs 11\Microsiga\Protheus\bin\appserver\appserver.exe
[2011-01-06 372736]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.e
xe [2010-07-05 11776]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\progra
m files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-06-13 169760]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\
GoogleUpdate.exe [2010-05-21 136176]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQ
L10_50.SQL2008\MSSQL\Binn\sqlservr.exe [2011-04-24 61916000]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewe
r_Service.exe [2011-01-14 2250616]
R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server
Security Agent\TmXPFlt.sys [2011-03-24 310032]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client S
erver Security Agent\TmPreFlt.sys [2011-03-24 42768]
R2 TOTVSDBACCESS;TOTVSDBAccess 4.2 Server;c:\program files (x86)\Totvs DBAccess\
TotvsDBAccess.exe [2009-06-23 1011712]
R2 Virtual Disk Service;Virtual Disk Service;c:\program files (x86)\KACE\Virtual
Disk Utility\VirtualDiskService.exe [2011-01-19 628816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program fi
les (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [x]
R3 gupdatem;Servio do Google Update (gupdatem);c:\program files (x86)\Google\Upda
te\GoogleUpdate.exe [2010-05-21 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVE
RS\MpNWMon.sys [x]
R3 netw5v64;Driver de adaptador Intel(R) Wireless WiFi Link 5000 Series para Win
dows Vista 64 Bits;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Clien
t\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Mic
rosoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program f
iles (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032
]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program fil
es (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840
]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
R3 vpcuxd;Servio do Stub da Virtualizao por USB;c:\windows\system32\DRIVERS\vpcuxd.
sys [x]
R3 WatAdminSvc;Servio de Tecnologias de Ativao do Windows;c:\windows\system32\Wat\W
atAdminSvc.exe [x]
R4 MSSQLServerADHelper100;Servio Auxiliar do Active Directory do SQL;c:\program f
iles\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Se
rver\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 428384]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft
SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32
\drivers\VSPE.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sy
s [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
[x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86
)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [201105-23 50704]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x
]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DR
IVERS\e1y62x64.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x
]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sy
s [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
S3 NETw5s64;Driver do adaptador Intel(R) Wireless WiFi Link para Windows 7 64 bi
ts;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrv
WFP.sys [x]
S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tsc
omm.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\v
wifimp.sys [x]
.
.
--- =Outros Servios/Drivers Na Memria --.
*NewlyCreated* - TMFILTER
*NewlyCreated* - TMLWF
*NewlyCreated* - TMPREFILTER
*NewlyCreated* - TMTDI
*NewlyCreated* - TMWFP
*NewlyCreated* - VSAPINT
.
Contedo da pasta 'Tarefas Agendadas'
.
2011-07-20 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-07-18 14:22]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 10:32]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 10:32]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99608196-1391190273-138
8575939-1000Core.job
- c:\users\Carlos Ryve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-19

01:57]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99608196-1391190273-138
8575939-1000UA.job
- c:\users\Carlos Ryve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-19
01:57]
.
.
--------- x86-64 ----------.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-11 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 16329760]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 93728]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [20
07-08-29 1238528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-10 487424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 375808]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\x64\3\fppdis3a
.exe" [2010-03-18 755200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 14362
24]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 192.168.0.35:3128
IE: &Download All by Gigaget - c:\program files (x86)\Giganology\Gigaget\getallu
rl.htm
IE: &Download by Gigaget - c:\program files (x86)\Giganology\Gigaget\geturl.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/2
04
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmx
t.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll
/202
IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3
000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Blue
tooth Software\btsendto_ie_ctx.htm
IE: Enviar pgina para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluet
ooth Software\btsendto_ie.htm
IE: LG Link Air Option - c:\program files (x86)\LG Electronics\LG PC Suite IV\Li
nkAir\IEContextMenu.dll/209
IE: LG Link Air Save to Mobile Document Folder - c:\program files (x86)\LG Elect
ronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Link Air Save to Mobile Memo - c:\program files (x86)\LG Electronics\LG P
C Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Link Air Save to Mobile Photo Album - c:\program files (x86)\LG Electroni
cs\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Link Air Set as Mobile Wallpaper - c:\program files (x86)\LG Electronics\
LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br
Trusted Zone: caixa.gov.br\internetbanking
TCP: Interfaces\{6EA032EC-E847-4E8F-9A58-7C939556A2EC}: NameServer = 8.8.8.8,4.4
.4.4
TCP: Interfaces\{730946B7-4772-4327-855F-1BFF47E40405}\4505D2C494E4B4: NameServe
r = 8.8.8.8
TCP: Interfaces\{730946B7-4772-4327-855F-1BFF47E40405}\4505D2C494E4B4F5135354536
334: NameServer = 8.8.8.8
TCP: Interfaces\{730946B7-4772-4327-855F-1BFF47E40405}\75C6F50527F66716C65623: N
ameServer = 8.8.8.8
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.22/webrec.cab
DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - hxxp://br.yappr.com/practice/core/
EduSpeakX.cab
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://200.211.26.28/videos/instal
adores/MICROSIGA/protheus11/totvs11w/setup.ocx
FF - ProfilePath - c:\users\Carlos Ryve\AppData\Roaming\Mozilla\Firefox\Profiles
\jdtvdd2z.default\
FF - prefs.js: network.proxy.ftp - 192.168.0.123
FF - prefs.js: network.proxy.ftp_port - 33
FF - prefs.js: network.proxy.gopher - 192.168.0.123
FF - prefs.js: network.proxy.gopher_port - 33
FF - prefs.js: network.proxy.http - 192.168.0.123
FF - prefs.js: network.proxy.http_port - 33
FF - prefs.js: network.proxy.socks - 192.168.0.123
FF - prefs.js: network.proxy.socks_port - 33
FF - prefs.js: network.proxy.ssl - 192.168.0.123
FF - prefs.js: network.proxy.ssl_port - 33
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x8
6)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program file
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Adicional de Seguranca CAIXA: {87F8774F-B485-47E2-A755-A40A8A5E886D} - %
profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
FF - Ext: Mdulo de Segurana - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C
} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profi
le%\extensions\LogMeInClient@logmein.com
FF - Ext: LG Air Sync: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - c:\program files
(x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA64
7B}
FF - Ext: FaceTheme - Change your Facebook layout!: {EB132DB0-A4CA-11DF-9732-0E2
9E0D72085} - c:\program files (x86)\Object\facetheme
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC094
05} - c:\program files (x86)\Trend Micro\Client Server Security Agent\bho\1009\F
irefoxExtension
FF - Ext: FaceTheme - Change your Facebook layout!: {EB132DB0-A4CA-11DF-9732-0E2
9E0D72085} - c:\program files (x86)\Object\facetheme
.
- - - - ORFOS REMOVIDOS - - - .
Wow6432Node-HKCU-Run-Vnumeti - c:\users\Carlos Ryve\AppData\Local\Wisdends.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninst
aller.exe
AddRemove-{A6546D9D-7890-4A2D-ADDB-29DF0EB1DD4B}_is1 - c:\program files (x86)\To

pckit\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\N3251cdf7\N3251cdf7]
@DACL=(02 0000)
"startday"="9"
"startmonth"="1"
"startyear"="2011"
"expiryday"="9"
"expirymonth"="2"
"expiryyear"="2011"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX
.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B
22C-7E3B4B6AF30F}]
@="IFlashBroker4"
.
22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
Tempo para concluso: 2011-07-20 15:40:35
ComboFix-quarantined-files.txt 2011-07-20 18:40
.
Pr-execuo: 162.029.568 bytes disponveis
Ps execuo: 1.705.689.088 bytes disponveis
.
- - End Of File - - B17C806168CE7286800E2B8D34A78830

Combo Fix

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Combo Fix

Caricato da

Copyright:

Formati disponibili

ComboFix 11-07-20.02 - Carlos Ryve 20/07/2011 15:27:48.2.

2011-07-20 12:14 . 2011-07-20 12:14

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

- c:\users\Carlos Ryve\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-19

AddRemove-{A6546D9D-7890-4A2D-ADDB-29DF0EB1DD4B}_is1 - c:\program files (x86)\To

Potrebbero piacerti anche