Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! Combofix

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! Combofix

Unread postby Glaucia » September 25th, 2012, 9:38 am

ComboFix 12-09-24.03 - User 25/09/2012 9:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3006.2449 [GMT -3:00]
Executando de: c:\documents and settings\User\Meus documentos\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-25 to 2012-09-25 ))))))))))))))))))))))))))))
.
.
2012-09-25 11:38 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{1D5C456F-EDB4-42C3-AFA7-4D135B17CDA2}\mpengine.dll
2012-09-24 11:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 20:55 . 2012-09-21 20:55 -------- d-----w- c:\arquivos de programas\BabylonToolbar
2012-09-21 20:43 . 2012-09-06 01:25 813536 ----a-w- c:\arquivos de programas\Mozilla Firefox\sqlite3.dll
2012-09-21 20:42 . 2012-09-21 20:42 -------- d-----w- c:\arquivos de programas\Funmoods
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconD7F16134.exe
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconCF33A0CE.exe
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconF7A21AF7.exe
2012-09-21 16:57 . 2012-09-21 16:58 -------- d-----w- C:\sh4ldr
2012-09-21 16:57 . 2012-09-21 16:57 -------- d-----w- c:\arquivos de programas\Enigma Software Group
2012-09-21 16:56 . 2012-09-21 16:58 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-21 16:56 . 2012-09-21 16:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2012-09-20 20:27 . 2012-09-20 20:28 -------- d-----w- C:\5cadf9a1c5e7ad47238831d6c7
2012-09-20 18:36 . 2012-09-20 18:37 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service
2012-09-18 19:12 . 2012-09-18 19:11 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-18 16:49 . 2012-09-18 16:49 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Wajam
2012-09-18 12:50 . 2012-09-18 12:51 -------- d-----w- C:\9f85faac57309080f83f5b1b246f145e
2012-08-28 18:32 . 2012-08-28 18:34 -------- d-----w- C:\DANFEView
2012-08-28 17:48 . 2012-08-28 17:48 -------- d-----w- C:\WinPcap
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 20:50 . 2012-05-17 11:23 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 20:50 . 2011-09-21 20:06 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 19:10 . 2012-06-22 11:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-18 19:10 . 2012-06-22 11:49 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-18 19:10 . 2011-08-23 21:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 20:04 . 2012-08-22 16:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2008-04-13 21:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-13 21:20 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-13 21:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 20:55 385024 ------w- c:\windows\system32\html.iec
2012-08-21 22:12 . 2012-08-22 20:39 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys
2012-08-21 09:13 . 2011-09-28 16:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-09-28 16:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-09-28 16:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-09-28 16:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-09-28 16:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-09-28 16:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-09-28 16:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-09-28 16:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-09-28 16:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-09-28 16:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 15:36 . 2011-11-14 11:07 2887680 ----a-w- c:\windows\system32\VagalumePluginWMP.dll
2012-07-06 13:58 . 2008-04-13 21:20 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-08-23 18:13 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-13 20:54 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 20:25 . 2012-06-28 20:25 26 ----a-w- C:\tumbs.tmp
2012-09-06 01:26 . 2012-09-20 18:34 266720 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F16D30-AA76-4EBC-8990-7E4FA68C20C4}]
2012-08-21 16:13 1226752 --sh--w- c:\winpvar\PriceGong\Imageclassifier.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 18:54 175912 ----a-w- c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{654BF6E2-6BCC-4BD7-BCB0-BC9F76912AE5}]
2012-09-12 11:32 1005056 ----a-w- c:\docume~1\ALLUSE~1\DADOSD~1\{622D4~1\wmimsg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SpyHunter Security Suite"="c:\arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-08-21 5158848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop]
2011-12-09 12:00 4613624 ----a-w- c:\arquivos de programas\4shared Desktop\desktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2011-12-09 12:00 608760 ----a-w- c:\arquivos de programas\4shared Desktop\checkUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 10:22 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Panel]
2012-08-28 11:36 165376 --sh--w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\StaticUrlList.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 21:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DANFEViewMon]
2012-08-20 17:35 3625472 ----a-w- c:\danfeview\danfemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-25 11:29 136176 ----atw- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 17:39 33628160 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 15:34 57344 ----a-w- c:\arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMab1err]
2010-03-26 19:33 582312 ----a-w- c:\arquivos de programas\Lexmark\ErrorApp\lmab1err.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPSSDMON]
2010-03-26 19:33 753664 ----a-w- c:\arquivos de programas\Lexmark\Monitor\ACJ\LMabMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 20:04 766536 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 20:08 931200 ----a-w- c:\arquivos de programas\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 16:39 966712 ----a-w- c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeSysTray]
2012-08-29 16:42 4894472 ----a-w- c:\arquivos de programas\PSafe\PSafeSysTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 17:28 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunAs]
2012-08-28 11:36 440319 --sh--w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\NBFeatures.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2008-07-08 21:48 204800 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-27 11:24 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-27 11:29 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayHabil]
2011-09-29 18:06 1327104 ----a-w- c:\arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2008-05-16 16:58 94208 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2007-07-18 18:15 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B1577CF0-D755-42E2-B0B9-78721ABCED6E}]
2012-08-28 11:36 59904 ----a-w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\eappgnui.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{EBED2EF8-A1BA-4656-9F8D-7159041B8790}]
2012-08-21 16:13 59904 ----a-w- c:\documents and settings\User\Dados de aplicativos\Skype\shared_httpfe\cmcfg32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Arquivos de programas\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Arquivos de programas\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\java.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\PSafe\\PSRsync.exe"=
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [22/8/2012 13:29 54912]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [22/8/2012 13:29 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [22/8/2012 13:29 23168]
R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [22/8/2012 17:39 64048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/9/2011 13:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/9/2011 13:18 355632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [29/5/2012 08:47 101112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/9/2011 13:18 21256]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [19/9/2012 09:33 399432]
R2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\arquivos de programas\PSafe\PSafeCategoryFinder.exe [22/8/2012 13:27 1074440]
R2 PSafeSVC;PSafeSVC;c:\arquivos de programas\PSafe\PSafesvc.exe [22/8/2012 13:27 1448200]
R2 PSafeWD;PSafeWD;c:\arquivos de programas\PSafe\PSafeWD.exe [22/8/2012 13:27 30472]
R3 esgiguard;esgiguard;c:\arquivos de programas\Enigma Software Group\SpyHunter\esgiguard.sys [6/5/2011 16:57 13904]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/6/2009 16:52 1374464]
S2 gupdate;Serviço do Google Update (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/8/2011 11:13 136176]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/8/2012 13:30 676936]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\arquiv~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [21/8/2012 15:29 763840]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/5/2012 08:23 250288]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/8/2011 11:13 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/8/2012 13:30 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [20/9/2012 15:36 114144]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/10/2011 14:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/10/2011 14:12 8576]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:50]
.
2012-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2012-09-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-03 09:12]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-26 14:13]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-26 14:13]
.
2012-09-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1547161642-1644491937-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
.
2012-09-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1547161642-1644491937-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
uInternet Connection Wizard,ShellNext = hxxp://www.devicedoctor.com/driver.php? ... taWin7.zip
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: &Download All using 4shared Desktop - c:\arquivos de programas\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\arquivos de programas\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\ubqpn0bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110823 ... 7122663&q=
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpu ... =499410315
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpu ... 9410315&q=
FF - user.js: extensions.funmoods.id - 003067122663198E
FF - user.js: extensions.funmoods.instlDay - 15604
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron4');
user_pref('extensions.dealply.installId', 'v24300237901253774356992012092118425533');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '3');
FF - user.js: extensions.BabylonToolbar_i.id - cc76198e000000000000003067122663
FF - user.js: extensions.BabylonToolbar_i.hardId - cc76198e000000000000003067122663
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15604
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-25 09:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(1704)
c:\windows\system32\WININET.dll
c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2012-09-25 09:25:41
ComboFix-quarantined-files.txt 2012-09-25 12:25
ComboFix2.txt 2012-09-24 12:30
.
Pré-execução: 30 pasta(s) 124.071.481.344 bytes disponíveis
Pós execução: 32 pasta(s) 124.043.980.800 bytes disponíveis
.
- - End Of File - - 980CCE347E15C54EE41218A01EE1C9F7
Glaucia
Active Member
 
Posts: 1
Joined: September 25th, 2012, 9:32 am
Advertisement
Register to Remove

Re: Help! Combofix

Unread postby Cypher » September 25th, 2012, 12:23 pm

ComboFix Log posted - no other log.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the Recovery Console installed for XP or access to the Recovery Environment for Vista or Windows 7, is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.
Please follow the instructions, start a new topic and post your logs, include your ComboFix log in the same post.


This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware