Combo Fix

ComboFix 12-05-14.03 - BARRAF01 16/05/2012 13:02:04.1.
4 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.55.1033.18.2991.1540 [GMT -3:00
]
Executando de: c:\users\BARRAF01\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B13
6EB04637}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC
-B2269063014C}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* AV residente est ativo
.
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 )))))
)))))))))))))))))))))))
.
.
2012-05-16 16:14 . 2012-05-16 16:14
-------d-----wc:\users
\Default\AppData\Local\temp
2012-05-16 14:35 . 2012-05-16 14:35
-------d--h--wc:\windo
ws\PIF
2012-05-16 00:45 . 2009-11-23 15:33
40328 ----a-wc:\windows\syste
m32\HIPIS0e011b3.dll
2012-05-15 23:28 . 2011-11-19 14:25
m32\ntkrnlpa.exe
2012-05-15 23:28 . 2011-11-19 14:25
m32\ntoskrnl.exe
2012-05-15 20:48 . 2012-05-15 20:48
-------d-----wc:\windo
ws\Sun
2012-05-15 17:18 . 2012-02-10 05:41
m32\DWrite.dll
2012-05-15 17:18 . 2012-02-10 05:41
m32\d3d10_1core.dll
2012-05-15 17:18 . 2012-02-10 05:41
m32\d3d10warp.dll
2012-05-15 17:18 . 2012-02-10 05:41
m32\d3d10_1.dll
2012-05-15 17:18 . 2012-02-10 05:41
m32\d2d1.dll
2012-05-15 17:13 . 2012-01-25 05:44
m32\rdpwsx.dll
2012-05-15 17:13 . 2012-01-25 05:44
m32\rdpcorekmts.dll
2012-05-15 17:13 . 2012-01-25 05:40
8192
----a-wc:\windows\syste
m32\rdrmemptylst.exe
2012-05-15 17:08 . 2012-02-03 04:01
m32\win32k.sys
2012-05-11 18:52 . 2012-05-11 18:52
-------d-----wc:\progr
am files\Borland
2012-05-11 18:52 . 2001-01-05 15:41
m32\gds32.dll
2012-05-11 18:52 . 2001-01-05 15:42
m32\ibmgr.cpl
2012-05-11 15:21 . 2012-05-11 15:21
-------d-----wc:\progr
am files\Conduit
2012-05-11 15:19 . 2012-05-11 15:19
-------d-----wc:\progr
am files\BitTorrent
2012-05-09 18:27 . 2012-05-09 18:27
-------d-----wc:\windo
ws\ms
2012-05-09 18:18 . 2012-05-09 18:27
ws\system32\CCM
2012-05-09 16:56 . 2012-05-09 18:28
ws\system32\ccmsetup
2012-05-08 14:07 . 2011-04-28 03:29
m32\drivers\bthport.sys
2012-05-08 14:07 . 2011-04-28 03:29
m32\drivers\BTHUSB.SYS
2012-05-07 23:49 . 2009-09-10 05:52
m32\msv1_0.dll
2012-05-07 23:42 . 2009-11-25 15:47
m32\PresentationHostProxy.dll
2012-05-07 23:42 . 2009-11-25 15:47
m32\netfxperf.dll
2012-05-07 23:42 . 2009-11-25 15:47
m32\mscoree.dll
2012-05-07 23:42 . 2009-11-25 15:47
m32\PresentationHost.exe
2012-05-07 23:42 . 2009-11-25 15:47
m32\dfshim.dll
2012-05-07 22:18 . 2011-12-16 08:02
m32\wininet.dll
2012-05-07 22:18 . 2011-12-16 07:58
\Internet Explorer\iedvtool.dll
2012-05-07 22:18 . 2011-12-16 08:03
\Internet Explorer\iexplore.exe
2012-05-07 22:18 . 2011-12-16 07:58
m32\licmgr10.dll
2012-05-07 22:17 . 2011-12-16 07:58
\Internet Explorer\ieproxy.dll
2012-05-07 22:17 . 2011-12-16 06:49
m32\html.iec
2012-05-07 22:17 . 2011-12-16 06:15
m32\mshtml.tlb
2012-05-07 20:26 . 2011-02-19 03:37
m32\atmfd.dll
2012-05-07 20:26 . 2011-02-19 05:32
m32\atmlib.dll
2012-05-07 20:26 . 2011-08-15 04:25
\Internet Explorer\iecompat.dll
2012-05-07 20:26 . 2011-05-24 10:35
m32\umpnpmgr.dll
2012-05-07 20:26 . 2011-11-05 04:30
m32\tzres.dll
2012-05-07 20:25 . 2011-08-27 04:43
m32\oleaut32.dll
2012-05-07 20:25 . 2011-08-27 04:43
m32\oleacc.dll
2012-05-07 20:15 . 2010-10-16 04:34
m32\odbc32.dll
2012-05-07 20:15 . 2010-10-16 04:33
\Common Files\System\ado\msadox.dll
2012-05-07 20:15 . 2010-10-16 04:33
\Common Files\System\ado\msado15.dll
2012-05-07 20:15 . 2010-10-16 04:33
\Common Files\System\ado\msadomd.dll
2012-05-07 20:15 . 2010-10-16 04:33
\Common Files\System\msadc\msadco.dll
2012-05-07 20:14 . 2011-05-03 04:50
--------
d-----w-
c:\windo
--------
d-----w-
c:\windo
393216 ----a-w-
c:\windows\syste
60416
----a-w-
c:\windows\syste
257024 ----a-w-
c:\windows\syste
99176
----a-w-
c:\windows\syste
49472
----a-w-
c:\windows\syste
297808 ----a-w-
c:\windows\syste
295264 ----a-w-
c:\windows\syste
1130824 ----a-w-
c:\windows\syste
981504 ----a-w-
c:\windows\syste
860672 ----a-w-
c:\program files
673048 ----a-w-
c:\program files
44544
----a-w-
c:\windows\syste
163328 ----a-w-
c:\program files
386048 ----a-w-
c:\windows\syste
1638912 ----a-w-
c:\windows\syste
294912 ----a-w-
c:\windows\syste
34304
----a-w-
c:\windows\syste
6144
----a-w-
c:\program files
294912 ----a-w-
c:\windows\syste
2048
----a-w-
c:\windows\syste
571904 ----a-w-
c:\windows\syste
233472 ----a-w-
c:\windows\syste
573440 ----a-w-
c:\windows\syste
372736 ----a-w-
c:\program files
987136 ----a-w-
c:\program files
352256 ----a-w-
c:\program files
208896 ----a-w-
c:\program files
740864 ----a-w-
c:\windows\syste
m32\inetcomm.dll
2012-05-07 20:14 . 2009-09-03 07:04
m32\CertEnroll.dll
2012-05-07 20:14 . 2009-08-19 07:20
m32\winresume.exe
2012-05-07 20:14 . 2009-08-19 07:20
m32\winload.exe
2012-05-07 20:08 . 2011-10-26 04:28
m32\quartz.dll
2012-05-07 20:08 . 2011-10-26 04:28
m32\qdvd.dll
2012-05-07 20:07 . 2011-02-26 05:33
rer.exe
2012-05-07 18:51 . 2010-06-29 04:57
\Windows NT\Accessories\wordpad.exe
2012-05-07 18:51 . 2010-06-29 05:02
m32\ole32.dll
2012-05-07 18:39 . 2009-09-26 05:58
m32\drivers\fvevol.sys
2012-05-07 18:39 . 2011-04-29 02:57
m32\drivers\srv.sys
2012-05-07 18:39 . 2011-04-29 02:57
m32\drivers\srv2.sys
2012-05-07 18:39 . 2011-04-29 02:57
m32\drivers\srvnet.sys
2012-05-07 18:38 . 2011-04-25 02:35
m32\drivers\afd.sys
2012-05-07 18:38 . 2009-12-29 06:55
m32\wintrust.dll
2012-05-07 18:38 . 2011-09-29 15:43
m32\drivers\tcpip.sys
2012-05-07 18:37 . 2010-08-21 05:32
m32\spoolsv.exe
2012-05-07 18:37 . 2011-11-17 05:41
m32\ntdll.dll
2012-05-07 18:34 . 2011-02-18 05:33
m32\prevhost.exe
2012-05-07 18:34 . 2011-02-18 05:36
m32\vbscript.dll
2012-05-07 18:21 . 2011-03-03 05:29
m32\dnsrslvr.dll
2012-05-07 18:21 . 2011-03-03 05:27
m32\dnscacheugc.exe
2012-05-07 18:21 . 2011-02-19 05:33
m32\FntCache.dll
2012-05-07 18:20 . 2011-10-01 04:43
\Common Files\System\wab32.dll
2012-05-07 18:15 . 2010-07-29 06:30
m32\ir32_32.dll
2012-05-07 18:15 . 2010-07-29 06:30
m32\iccvid.dll
2012-05-07 18:15 . 2009-10-28 06:17
m32\winlogon.exe
2012-05-07 18:15 . 2010-08-26 04:39
m32\t2embed.dll
2012-05-07 18:15 . 2010-10-12 04:25
\Windows Mail\wab.exe
2012-05-07 18:15 . 2010-08-04 06:17
m32\msdri.dll
2012-05-07 18:13 . 2011-08-17 04:22
1320960 ----a-w-
c:\windows\syste
442920 ----a-w-
c:\windows\syste
507568 ----a-w-
c:\windows\syste
1328640 ----a-w-
c:\windows\syste
514560 ----a-w-
c:\windows\syste
2614784 ----a-w-
c:\windows\explo
4247040 ----a-w-
c:\program files
1413632 ----a-w-
c:\windows\syste
194488 ----a-w-
c:\windows\syste
311296 ----a-w-
c:\windows\syste
309760 ----a-w-
c:\windows\syste
114176 ----a-w-
c:\windows\syste
338944 ----a-w-
c:\windows\syste
172032 ----a-w-
c:\windows\syste
1285488 ----a-w-
c:\windows\syste
316928 ----a-w-
c:\windows\syste
1288984 ----a-w-
c:\windows\syste
31232
----a-w-
c:\windows\syste
428032 ----a-w-
c:\windows\syste
132608 ----a-w-
c:\windows\syste
28672
----a-w-
c:\windows\syste
802304 ----a-w-
c:\windows\syste
708608 ----a-w-
c:\program files
197632 ----a-w-
c:\windows\syste
82944
----a-w-
c:\windows\syste
285696 ----a-w-
c:\windows\syste
109056 ----a-w-
c:\windows\syste
516096 ----a-w-
c:\program files
417792 ----a-w-
c:\windows\syste
75776
c:\windows\syste
----a-w-
m32\psisrndr.ax
2012-05-07 18:13 . 2011-08-17
m32\psisdecd.dll
2012-05-07 18:13 . 2011-08-17
m32\Mpeg2Data.ax
2012-05-07 18:13 . 2011-08-17
m32\MSDvbNP.ax
2012-05-07 18:13 . 2011-08-17
m32\MSNP.ax
2012-05-07 18:13 . 2012-01-03
m32\timedate.cpl
2012-05-07 18:09 . 2010-11-02
m32\schedsvc.dll
2012-05-07 18:09 . 2010-11-02
m32\wmicmiplugin.dll
2012-05-07 18:09 . 2010-11-02
m32\taskschd.dll
2012-05-07 18:09 . 2010-11-02
m32\taskcomp.dll
2012-05-07 18:09 . 2010-11-02
m32\taskeng.exe
2012-05-07 18:09 . 2010-11-02
m32\schtasks.exe
2012-05-07 18:09 . 2009-08-29
m32\msasn1.dll
2012-05-07 18:07 . 2010-06-19
m32\rtutils.dll
2012-05-07 18:07 . 2010-03-04
\Windows Mail\msoe.dll
2012-05-07 18:07 . 2010-12-18
m32\kerberos.dll
2012-05-07 18:07 . 2011-07-09
m32\drivers\mrxsmb10.sys
2012-05-07 18:07 . 2011-05-04
m32\drivers\mrxsmb20.sys
2012-05-07 18:07 . 2011-05-04
m32\drivers\mrxsmb.sys
2012-05-07 17:51 . 2011-04-27
m32\drivers\dfsc.sys
2012-05-07 17:50 . 2010-03-05
m32\asycfilt.dll
2012-05-07 17:50 . 2010-08-21
m32\comctl32.dll
2012-05-07 17:50 . 2010-08-31
m32\mfc40.dll
2012-05-07 17:50 . 2010-08-31
m32\mfc40u.dll
2012-05-07 17:44 . 2011-05-04
m32\mssrch.dll
2012-05-07 17:44 . 2011-05-04
m32\tquery.dll
2012-05-07 17:44 . 2011-05-04
m32\mssvp.dll
2012-05-07 17:44 . 2011-05-04
m32\mssph.dll
2012-05-07 17:44 . 2011-05-04
m32\SearchIndexer.exe
2012-05-07 17:44 . 2011-05-04
m32\SearchProtocolHost.exe
2012-05-07 17:43 . 2011-05-04
04:26
465408 ----a-w-
c:\windows\syste
04:22
72704
----a-w-
c:\windows\syste
04:22
59904
----a-w-
c:\windows\syste
04:22
204288 ----a-w-
c:\windows\syste
05:44
478208 ----a-w-
c:\windows\syste
04:39
749056 ----a-w-
c:\windows\syste
04:41
351232 ----a-w-
c:\windows\syste
04:40
496128 ----a-w-
c:\windows\syste
04:40
305152 ----a-w-
c:\windows\syste
04:34
192000 ----a-w-
c:\windows\syste
04:34
179712 ----a-w-
c:\windows\syste
06:57
34816
----a-w-
c:\windows\syste
06:23
37376
----a-w-
c:\windows\syste
07:33
1619968 ----a-w-
c:\program files
05:29
541184 ----a-w-
c:\windows\syste
02:26
222720 ----a-w-
c:\windows\syste
02:43
96256
----a-w-
c:\windows\syste
02:43
123392 ----a-w-
c:\windows\syste
02:33
78336
----a-w-
c:\windows\syste
07:42
67584
----a-w-
c:\windows\syste
05:33
530432 ----a-w-
c:\windows\syste
04:32
954752 ----a-w-
c:\windows\syste
04:32
954288 ----a-w-
c:\windows\syste
04:52
1401856 ----a-w-
c:\windows\syste
04:53
1553920 ----a-w-
c:\windows\syste
04:52
666624 ----a-w-
c:\windows\syste
04:52
337408 ----a-w-
c:\windows\syste
04:52
428032 ----a-w-
c:\windows\syste
04:52
164352 ----a-w-
c:\windows\syste
04:52
59392
c:\windows\syste
----a-w-
m32\msscntrs.dll
2012-05-07 17:43 . 2011-05-04 04:52
m32\mssphtb.dll
2012-05-07 17:43 . 2011-05-04 04:52
m32\SearchFilterHost.exe
2012-05-07 17:37 . 2009-10-19 14:10
m32\fontsub.dll
2012-05-07 17:37 . 2011-10-15 05:48
m32\EncDec.dll
2012-05-07 17:37 . 2011-03-12 11:31
m32\XpsPrint.dll
2012-05-07 17:36 . 2012-02-15 05:44
m32\rdpcore.dll
2012-05-07 17:36 . 2012-02-15 04:22
m32\drivers\rdpwd.sys
2012-05-07 17:36 . 2012-02-15 04:22
m32\drivers\tdtcp.sys
2012-05-07 17:34 . 2011-02-24 05:32
m32\XpsGdiConverter.dll
2012-05-07 17:34 . 2011-10-26 04:25
m32\csrsrv.dll
2012-05-07 17:34 . 2009-12-19 09:02
m32\msvidc32.dll
2012-05-07 17:34 . 2009-12-19 09:02
m32\mciavi32.dll
2012-05-07 17:34 . 2009-12-19 09:02
m32\avifil32.dll
2012-05-07 17:34 . 2009-12-19 09:02
m32\tsbyuv.dll
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2012-05-03 03:17 . 2010-06-23 08:08
m32\KevlarSigs.dll
2011-08-12 06:32 . 2012-05-02 14:34
134104 ----a-wc:\program files
\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common F
iles\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-1211 948672]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion
Prevention\FireTray.exe" [2010-02-16 979104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [201002-18 136512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 9

1520]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-2
5 124224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconS
tartup.exe" [2009-11-04 111640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-01 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-01 166424]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.
exe" [2009-11-11 287800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-01-27 12
065056]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-1
8 2221352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4
795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"dontdisplaylockeduserid"= 1 (0x1)
"DefaultLogonDomain"= Andritz.com
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
\S-1-5-21-796845957-790525478-725345543-331515\Scripts\Logon\0\0]
"Script"=axx_ie.bat
.
\S-1-5-21-796845957-790525478-725345543-331515\Scripts\Logon\1\0]
"Script"=LogonAndritzGroup_V3.vbs
.
\S-1-5-21-796845957-790525478-725345543-331515\Scripts\Logon\2\0]
"Script"=axx_ie.bat
.
\S-1-5-21-796845957-790525478-725345543-331515\Scripts\Logon\3\0]
"Script"=ShowJPG.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngi
neService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProtectedS
torage]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [201
0-05-08 229376]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system
32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRep
ository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [20
09-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\
Com4QLBEx.exe [2009-05-05 228408]
.
.
Contedo da pasta 'Tarefas Agendadas'
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 16
:06]
.
.
------- Scan Suplementar ------.
uStart Page = hxxp://www.globo.com/
uInternet Settings,ProxyServer = 172.21.10.40:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Soft
ware\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Softw
are\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.8.1 8.8.8.8 4.2.2.2
FF - ProfilePath - c:\users\BARRAF01\AppData\Roaming\Mozilla\Firefox\Profiles\6r
9jt4he.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
aspx?ctid=CT2849856&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BittorrentBar_PT Customized Web S
earch
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT28
49856&SearchSource=2&q=
.
- - - - ORFOS REMOVIDOS - - - .
URLSearchHooks-{29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGMASTER]
"ImagePath"="system32\drivers\dgmaster.sys"
"FullImagePath"=dword:000001ec
"ImagePathName"=dword:00000038
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgapimon]
"ImagePath"="\??\c:\windows\System32\drivers\dgapimon.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgbusmon]
"ImagePath"="system32\drivers\dgbusmon.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgcotman]
"ImagePath"="\??\c:\windows\System32\drivers\dgcotman.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGDmk]
"ImagePath"="System32\Drivers\DgDmk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DgDmkDisk]
"ImagePath"="System32\Drivers\DgDmkDisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGDT]
"ImagePath"="System32\Drivers\DgDt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGFS]
"ImagePath"="System32\Drivers\DgFs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgfsmon]
"ImagePath"="\??\c:\windows\System32\drivers\dgfsmon.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgkpmail]
"ImagePath"="\??\c:\windows\System32\drivers\dgkpmail.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGLFS]
"ImagePath"="System32\Drivers\DgLfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGMASTER]
-.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgrule]
"ImagePath"="\??\c:\windows\System32\drivers\dgrule.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGScan]
"ImagePath"="\"c:\program files\DGAgent\DgScan.exe\" -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGService]
"ImagePath"="\"c:\program files\DGAgent\DgService.exe\" -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DGTDIMon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dgwfp]
"ImagePath"="system32\drivers\dgwfp.sys"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execuo -------------------.
- - - - - - - > 'Explorer.exe'(8028)
c:\windows\system32\KevlarSigs.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Tempo para concluso: 2012-05-16 13:19:46
ComboFix-quarantined-files.txt 2012-05-16 16:19
.
Pr-execuo: 253.720.162.304 bytes free
Ps execuo: 253.647.945.728 bytes free
.
- - End Of File - - D4846441DF1E1EA2FCF1B65B31FABD9C

Combo Fix

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Combo Fix

Cargado por

Copyright:

Formatos disponibles

ComboFix 12-05-14.03 - BARRAF01 16/05/2012 13:02:04.1.

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 9

También podría gustarte