ComboFix 14-05-10.01 - Kron 12/05/2014 23:50:42.8.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3519.2715 [GMT -3:00]Executando de: e:\security and antivirus removal\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restaurao..((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\BulletProofSoft.comc:\program files\BulletProofSoft.com\Startup Repair\add.swfc:\program files\BulletProofSoft.com\Startup Repair\Help.chmc:\program files\BulletProofSoft.com\Startup Repair\Main.swfc:\program files\BulletProofSoft.com\Startup Repair\Message.swfc:\program files\BulletProofSoft.com\Startup Repair\StartupRepair.exec:\program files\BulletProofSoft.com\Startup Repair\unins000.datc:\program files\BulletProofSoft.com\Startup Repair\unins000.exec:\programdata\Microsoft\Windows\Start Menu\Programs\BulletProofSoft.comc:\programdata\Microsoft\Windows\Start Menu\Programs\BulletProofSoft.com\Startup Repair For Windows\Help.lnkc:\programdata\Microsoft\Windows\Start Menu\Programs\BulletProofSoft.com\Startup Repair For Windows\Startup Repair.lnkc:\programdata\Microsoft\Windows\Start Menu\Programs\BulletProofSoft.com\Startup Repair For Windows\Uninstall.lnkc:\users\Familia\Desktop\fraps (2).exec:\users\Kron\AppData\Roaming\unwrapped.exec:\windows\isRS-000.tmp..(((((((((((((((( Arquivos/Ficheiros criados de 2014-04-13 to 2014-05-13 ))))))))))))))))))))))))))))..2014-05-13 03:00 . 2014-05-13 03:00 -------- d-----w- c:\users\Kron\AppData\Local\temp2014-05-13 03:00 . 2014-05-13 03:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-05-13 03:00 . 2014-05-13 03:00 -------- d-----w- c:\users\Public\AppData\Local\temp2014-05-13 03:00 . 2014-05-13 03:00 -------- d-----w- c:\users\Familia\AppData\Local\temp2014-05-13 03:00 . 2014-05-13 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-13 02:45 . 2008-07-16 14:18 155648 ----a-w- c:\windows\system32\StartupManager.dll2014-05-13 02:45 . 2007-06-12 01:04 2267368 ----a-w- c:\windows\system32\Flash.ocx2014-05-13 02:45 . 2002-03-04 14:27 1140472 ----a-w- c:\windows\system32\IGUltraGrid20.ocx2014-05-12 21:56 . 2014-05-12 21:57 -------- d-----w- c:\program files\GtaSanAndreas2014-05-12 21:56 . 2014-05-12 21:56 -------- d-----w- c:\program files\Nova pasta2014-05-12 00:49 . 2014-05-12 00:49 -------- d-----w- c:\users\Kron\AppData\Local\PAYDAY 22014-05-10 02:26 . 2014-05-10 02:26 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim2014-05-10 02:24 . 2014-05-13 02:28 -------- d-----w- c:\program files\Enhance Net Extension2014-05-07 01:53 . 2014-05-07 01:53 -------- d-----w- c:\program files\Cheat Engine 6.22014-05-07 01:06 . 2014-05-07 01:06 -------- d-----w- c:\program files\Cheat Engine 6.32014-05-02 23:19 . 2014-05-02 23:29 -------- d-----w- c:\program files\Google2014-05-02 01:38 . 2014-05-02 01:38 -------- d-----w- c:\program files\VirtualDJ2014-04-28 21:53 . 2014-05-02 18:05 -------- d-----w- c:\program files\RaidCall2014-04-28 19:54 . 2014-04-28 19:54 -------- d-----w- c:\users\Familia\AppData\Roaming\Malwarebytes2014-04-28 06:17 . 2014-04-28 06:17 -------- d--h--w- c:\windows\PIF2014-04-28 02:18 . 2014-04-28 02:18 -------- d-----w- c:\users\Kron\AppData\Roaming\Malwarebytes2014-04-28 02:18 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2014-04-28 02:18 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2014-04-28 02:18 . 2014-04-28 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-04-28 02:18 . 2014-04-28 02:18 -------- d-----w- c:\programdata\Malwarebytes2014-04-28 01:12 . 2014-04-28 01:13 -------- d-----w- c:\users\Kron\AppData\Roaming\Screaming Bee2014-04-28 01:12 . 2014-04-28 01:12 -------- d-----w- c:\program files\Common Files\Screaming Bee2014-04-28 01:11 . 2014-04-28 01:13 -------- d-----w- c:\programdata\Screaming Bee2014-04-27 04:16 . 2014-04-28 04:20 -------- d-----w- c:\program files\PCDApp2014-04-27 03:35 . 2014-04-27 03:35 -------- d-----w- c:\programdata\Oracle2014-04-27 03:33 . 2014-04-27 03:33 -------- d-----w- c:\program files\Common Files\Java2014-04-27 03:33 . 2014-04-14 23:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2014-04-26 22:25 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll2014-04-22 01:57 . 2014-05-06 00:43 -------- d-----w- c:\users\Kron\AppData\Roaming\.minecraft2014-04-17 01:00 . 2014-04-17 01:00 -------- d-----w- c:\programdata\REVOLT2014-04-16 05:40 . 2014-04-16 05:40 324096 ----a-w- c:\windows\system32\drivers\sptd.sys2014-04-14 22:03 . 2014-04-14 22:03 -------- d-----w- c:\programdata\GFI...((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-13 02:43 . 2014-04-12 20:22 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin2014-04-30 06:03 . 2013-11-01 23:54 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-04-30 06:03 . 2013-11-01 23:54 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-03-28 21:31 . 2014-03-27 06:25 140176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2014-03-28 21:31 . 2014-03-27 22:32 281848 ----a-w- c:\windows\system32\PnkBstrB.xtr2014-03-28 21:31 . 2013-12-18 21:37 281848 ----a-w- c:\windows\system32\PnkBstrB.exe2014-03-28 16:19 . 2013-12-18 21:37 281848 ----a-w- c:\windows\system32\PnkBstrB.ex02014-03-27 06:25 . 2014-03-27 06:25 138904 ----a-w- c:\users\Kron\AppData\Roaming\PnkBstrK.sys2014-03-27 06:24 . 2013-12-18 21:37 76888 ----a-w- c:\windows\system32\PnkBstrA.exe2014-03-17 13:16 . 2014-03-30 05:47 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68DAB4FF-285F-448A-8222-38E79F454A22}\mpengine.dll2014-03-15 23:59 . 2014-03-15 23:59 3766 ----a-w- c:\windows\system32\ealregsnapshot1.reg2014-03-11 03:14 . 2014-04-12 05:04 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys2014-03-01 17:44 . 2014-02-28 01:41 1552248 ----a-w- c:\windows\system32\setup.exe..(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legtimas por padro no so apresentadas. REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc]@="".R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys [x]R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys [x]R1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys [x]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]R3 apf005;apf005;c:\windows\system32\apf005.sys [2013-12-18 14160]R3 BdApiUtil;BdApiUtil;c:\program files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [x]R3 BdCameraProtect;BdCameraProtect;c:\program files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [x]R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]R3 rtl8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8192U.sys [2009-10-26 1473536]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]R3 X300Audio;X300 Virtual Audio Driver;c:\windows\system32\DRIVERS\X3HAudio_x32.sys [2013-04-22 26312]R3 XDva406;XDva406;c:\windows\system32\XDva406.sys [x]R3 XDva407;XDva407;c:\windows\system32\XDva407.sys [x]S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-19 243128]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-06 1500160]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]..Contedo da pasta 'Tarefas Agendadas'.2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-01 06:03].2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-02 23:19].2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-02 23:19].2014-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492932979-2147850512-4142049672-1001Core.job- c:\users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-06 23:27].2014-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492932979-2147850512-4142049672-1001UA.job- c:\users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-06 23:27].2014-05-13 c:\windows\Tasks\WS-Booster-S-596631634.job- c:\programdata\greatsoft\ws-booster\WS-Booster.exe [2013-02-18 16:52]..------- Scan Suplementar -------.TCP: Interfaces\{53FE5E72-6CD3-48AB-AD37-739345CD7FDC}: NameServer = 8.8.8.8DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cabFF - ProfilePath - c:\users\Kron\AppData\Roaming\Mozilla\Firefox\Profiles\iy0p5m8s.default\.- - - - ORFOS REMOVIDOS - - - -.AddRemove-81275F49-1D1A-A06D-9217-3728BDA3F904 - c:\program files\ViewPassword-soft\Uninstall.exeAddRemove-BulletProofSoft Startup Repair For Windows_is1 - c:\program files\BulletProofSoft.com\Startup Repair\unins000.exe...--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_USERS\S-1-5-21-2492932979-2147850512-4142049672-1000\Software\SecuROM\License information*]"datasecu"=hex:e3,a2,07,5c,2d,da,2c,6c,c9,cd,30,9c,f5,27,87,f7,70,1c,e8,9d,c7, ae,00,e6,c4,c0,5c,7a,f5,64,a7,fb,5b,11,53,c5,25,fc,8a,40,6c,98,e9,22,c7,f1,\"rkeysecu"=hex:ba,6a,e3,89,51,fd,5f,bc,05,38,ea,a8,e2,06,94,aa.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Tempo para concluso: 2014-05-13 00:02:00ComboFix-quarantined-files.txt 2014-05-13 03:01ComboFix2.txt 2014-04-26 07:10ComboFix3.txt 2014-04-21 20:57ComboFix4.txt 2014-04-07 00:58ComboFix5.txt 2014-05-13 02:49.Pr-execuo: 1.909.604.352 bytes disponveisPs execuo: 2.467.979.264 bytes disponveis.- - End Of File - - EE3D58A742320FEEE1FC19544C4EE7C8A36C5E4F47E84449FF07ED3517B43A31