Combo Fix

ComboFix 13-04-18.03 - Joelma 18/04/2013 15:56:00.1.
1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2039.1475 [GMT -3:
00]
Executando de: c:\documents and settings\Joelma\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATENAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAO INSTALADO !!
.
.
((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\BrowserCompanion
c:\arquivos de programas\BrowserCompanion\logo.ico
c:\arquivos de programas\BrowserCompanion\terms.lnk.url
c:\arquivos de programas\DealPly
c:\arquivos de programas\DealPly\DealPly.crx
c:\arquivos de programas\DealPly\DealPly.xpi
c:\arquivos de programas\DealPly\DealPlyIE.dll
c:\arquivos de programas\DealPly\DealPlyIE64.dll
c:\arquivos de programas\DealPly\DealPlyUpdate.exe
c:\arquivos de programas\DealPly\DealPlyUpdateRun.exe
c:\arquivos de programas\DealPly\DealPlyUpdateVer.exe
c:\arquivos de programas\DealPly\icon.ico
c:\arquivos de programas\DealPly\uninst.exe
c:\arquivos de programas\LJM1130_M1210_Full_Solution.exe
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\Joelma\Dados de aplicativos\Toolbar4
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-18 to 2013-04-18 )))))
)))))))))))))))))))))))
.
.
2013-04-18 18:50 . 2013-04-18 18:50
-------d-----wc:\windo
ws\LastGood
2013-04-18 18:47 . 2013-04-18 18:50
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\DriverGenius
2013-04-18 18:47 . 2013-04-18 18:47
-------d-----wc:\arqui
vos de programas\Driver-Soft
2013-04-02 16:35 . 2013-04-02 16:35
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\OrolixCommunicator
2013-04-02 16:34 . 2010-06-10 05:12
18816 ----a-wc:\windows\syste
m32\drivers\Olicard160Usb.sys
2013-04-02 16:34 . 2010-04-07 14:23
m32\drivers\Olicard160ser.sys
2013-04-02 16:34 . 2009-12-10 21:25
m32\drivers\olicard160usbnet.sys
2013-04-02 16:34 . 2013-04-02 16:34
-------d-----wc:\arqui
vos de programas\Olivetti
2013-04-02 16:33 . 2013-04-02 16:35
-------d-----wc:\arqui
vos de programas\TIM Communicator
2013-03-28 12:01 . 2013-04-02 14:40
-------d-----wc:\arqui
vos de programas\PokerStars
2013-03-25 11:54 . 2013-03-25 11:54
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\BrowserProtect
2013-03-25 11:52 . 2013-04-18 18:42
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\Tarma Installer
2013-03-25 11:52 . 2013-03-25 11:52
-------d-----wc:\docum
ents and settings\Joelma\Dados de aplicativos\DealPly

2013-03-21 18:38 . 2001-09-06 02:50
5632
----a-wc:\windows\syste
m32\ptpusb.dll
2013-03-21 18:38 . 2004-08-04 03:45
m32\ptpusd.dll
2013-03-21 06:56 . 2011-12-12 20:06
m32\RtNicProp32.dll
2013-03-21 06:56 . 2010-09-23 18:46
m32\RTNUninst32.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2013-03-06 22:33 . 2012-12-27 12:50
m32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-12-27 12:50
m32\drivers\aswSnx.sys
2013-03-06 22:33 . 2012-12-27 12:50
m32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-12-27 12:50
m32\drivers\aswRdr.sys
2013-03-06 22:33 . 2008-01-01 03:21
m32\drivers\aswVmm.sys
2013-03-06 22:33 . 2008-01-01 03:21
m32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2008-01-01 03:21
m32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2012-12-27 12:50
m32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-12-27 12:49
41664 ----a-wc:\windows\avast
SS.scr
2013-03-06 22:32 . 2012-12-27 12:49
m32\aswBoot.exe
2012-08-28 18:10 . 2012-08-28 18:09
3927560 ----a-wc:\arquivos de p
rogramas\ccsetup322.exe
2012-08-20 17:47 . 2012-08-20 17:43
77251480
----a-wc:\arqui
vos de programas\iTunesSetup.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32
121968 ----a-wc:\arquivos de programas\AVAST S
oftware\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [201
0-04-01 357696]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"ANIWZCS2Service"="c:\arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [
2009-08-21 98304]
"D-Link D-Link Wireless G DWA-110"="c:\arquivos de programas\D-Link\D-Link Wirel
ess G DWA-110\AirGCFG.exe" [2009-09-17 1708032]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\
jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
" [2012-12-03 946352]
"HPUsageTrackingLEDM"="c:\arquivos de programas\HP\HP UT LEDM\bin\hppusg.exe" [2
009-10-15 30264]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2013-03-06
4767304]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [1/1/2008 00:21 49248
]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/1/2012 22:12 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/12/2012 09:50 765736
]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/12/2012 09:50 368176]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [17/
1/2012 22:16 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/12/2012 09:50
29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [1/1/2008 00:21
66336]
R2 HP LaserJet Service;HP LaserJet Service;c:\arquivos de programas\HP\HPLaserJe
tService\HPLaserJetService.exe [15/10/2009 11:13 136192]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [28/9/2012 14:01 99
896]
R2 OrolixDeviceMonitor;Orolix Device Monitor;c:\arquivos de programas\TIM Commun
icator\module\devicemon.exe [5/10/2011 09:08 32672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17/1/2012 22:08 1691
480]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [1/1/2008 00:21 164736]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.
sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [28/9/2012 1
4:01 17408]
S3 Olicard160net;Olicard160 USB-NDIS miniport;c:\windows\system32\drivers\olicar

d160usbnet.sys [2/4/2013 13:34 118272]
S3 Olicard160ser;Olicard160 Modem Interface Device for Legacy Serial Communicati
on;c:\windows\system32\drivers\Olicard160ser.sys [2/4/2013 13:34 105344]
S3 OLICARD160USB;Olicard160 HSPA Modem Service;c:\windows\system32\drivers\Olica
rd160Usb.sys [2/4/2013 13:34 18816]
.
Contedo da pasta 'Tarefas Agendadas'
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2008-01-01 03
:35]
.
2013-04-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-27 22
:32]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-12-27 12:51]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-12-27 12:51]
.
2013-04-18 c:\windows\Tasks\User_Feed_Synchronization-{F3717D39-2253-4910-8C26-0
BB8986F0BF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Scan Suplementar ------.
uStart Page = hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntr
Id=248B005345000000
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41516&tid=554&bs=tr
ue&q=
mStart Page = hxxp://searchfunmoods.com/?f=1&a=cmiwbst&cd=2XzuyEtN2Y1L1QzutDtDtC
0F0DtD0FyE0AyE0EyD0DzztAtAtN0D0Tzu0CtAzzzytN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1R1H
1L2W1S1B2Z&cr=1984250763&ir=
mSearch Bar = hxxp://search.certified-toolbar.com?si=41516&tid=554&bs=true&q=
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3
000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORFOS REMOVIDOS - - - .
AddRemove-{18E0918E-1060-48f3-925C-56C82E88551B} - c:\arquivos de programas\HP\D
igital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2013-04-18 16:00
Windows 5.1.2600 Service Pack 2 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...

.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602
_180_ActiveX.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execuo -------------------.
- - - - - - - > 'winlogon.exe'(556)
c:\docume~1\alluse~1\dadosd~1\browse~2\261125~1.80\{c16c1~1\browse~1.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(612)
c:\docume~1\alluse~1\dadosd~1\browse~2\261125~1.80\{c16c1~1\browse~1.dll
.
Tempo para concluso: 2013-04-18 16:02:09
ComboFix-quarantined-files.txt 2013-04-18 19:02
.
Pr-execuo: 8.320.380.928 bytes disponveis
Ps execuo: 8.086.892.544 bytes disponveis
.
- - End Of File - - A2C2B8DF077F7C19AD7E543A26131215

Combo Fix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 13-04-18.03 - Joelma 18/04/2013 15:56:00.1.

ents and settings\Joelma\Dados de aplicativos\DealPly

S3 Olicard160net;Olicard160 USB-NDIS miniport;c:\windows\system32\drivers\olicar

Procurando ficheiros/arquivos ocultos ...

You might also like