ComboFix 10-07-30.01 - Administrador 30/07/2010 15:29:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2046.1485 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 212 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_K10
-------\Service_k10
(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-28 to 2010-07-30 ))))))))))))))))))))))))))))
.
2010-07-30 02:46 . 2010-07-30 02:57 -------- d-----w- c:\arquivos de programas\CLE
2010-07-29 22:10 . 2010-07-29 22:10 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2010-07-29 22:09 . 2010-07-29 22:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2010-07-29 21:58 . 2010-07-29 21:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2010-07-29 21:57 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 21:57 . 2010-07-29 21:58 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-07-29 21:57 . 2010-07-29 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-07-29 21:57 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 21:09 . 2010-07-29 21:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AntiHijackDAT
2010-07-29 21:09 . 2010-07-29 21:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Save Data
2010-07-29 20:58 . 2010-07-29 20:59 -------- d-----w- C:\LinhaDefensiva
2010-07-28 17:32 . 2010-07-28 17:33 -------- d-----w- C:\4885a2eed288fb49bc
2010-07-26 14:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-26 14:53 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-26 14:53 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-26 14:53 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-26 14:53 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-26 14:53 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-26 14:53 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-26 14:53 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-26 14:53 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-26 14:53 . 2010-07-26 14:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-07-26 03:35 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-25 16:36 . 2010-07-25 16:36 -------- d-----w- c:\arquivos de programas\Windows Sidebar
2010-07-23 16:21 . 2010-07-23 22:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead
2010-07-23 16:20 . 2010-07-23 16:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2010-07-22 02:27 . 2008-11-10 14:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 02:27 . 2006-10-26 22:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 02:26 . 2010-07-27 13:09 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-07-22 02:20 . 2010-07-22 02:20 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 8
2010-07-22 02:19 . 2010-07-28 02:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-07-22 00:07 . 2010-07-22 00:07 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-07-21 23:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-21 23:46 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-21 23:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-20 17:16 . 2010-07-20 17:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nero
2010-07-20 17:09 . 2010-07-20 17:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero
2010-07-20 17:09 . 2010-07-23 16:20 -------- d-----w- c:\arquivos de programas\Nero
2010-07-19 21:43 . 2010-07-19 21:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe Limited
2010-07-19 21:43 . 2010-07-19 21:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2010-07-01 18:56 . 2010-07-01 18:56 501936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Google\Google Toolbar\Update\gtb10.tmp.exe
2010-06-30 19:52 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-30 19:52 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-06-30 19:52 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-06-30 19:52 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 22:55 . 2009-08-26 18:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-28 19:49 . 2001-10-28 18:07 84150 ----a-w- c:\windows\system32\perfc016.dat
2010-07-28 19:49 . 2001-10-28 18:07 480212 ----a-w- c:\windows\system32\perfh016.dat
2010-07-26 14:53 . 2009-08-22 15:53 -------- d-----w- c:\arquivos de programas\Alwil Software
2010-07-26 13:45 . 2010-06-10 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton
2010-07-26 13:42 . 2010-06-10 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller
2010-07-21 20:01 . 2009-08-22 15:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-07-18 14:11 . 2009-09-06 16:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Winamp
2010-07-05 19:10 . 2009-12-24 13:39 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-06-18 22:37 . 2010-06-18 22:37 14592 ----a-w- c:\windows\system32\drivers\ag02.sys
2010-06-18 22:37 . 2010-06-18 22:37 11366 ----a-w- C:\W23225339.reg
2010-06-14 14:31 . 2009-08-22 15:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 11:41 . 2010-06-10 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec
2010-06-05 01:07 . 2010-06-05 01:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Unity
2010-06-02 15:40 . 2009-08-25 00:28 -------- d-----w- c:\arquivos de programas\Google
2010-05-18 03:03 . 2010-05-18 03:03 162304 ----a-w- c:\windows\unrar.dll
2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys
2009-09-13 07:44 . 2009-09-13 05:04 316973608 ------w- c:\arquivos de programas\WindowsXP-KB936929-SP3-x86-PTB.exe
2009-08-26 19:44 . 2009-08-26 19:44 7855400 ----a-w- c:\arquivos de programas\XP-Codec-Pack-2.5.0.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"bluebirds"="c:\documents and settings\Administrador\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-04-21 20:03 94208 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluebirds]
2009-04-29 09:02 270336 ----a-r- c:\documents and settings\Administrador\Bluebirds\BlueBirds.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-12-05 19:04 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 14:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-01-21 17:49 33587200 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 01:56 218032 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 01:56 218032 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 01:56 86960 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 18:39 1090952 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 05:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 05:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 05:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 06:01 32768 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 18:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-01 22:53 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2007-01-05 23:08 204288 ------w- c:\arquivos de programas\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"fsssvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Arquivos de programas\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 ag02;ag02;c:\windows\system32\drivers\ag02.sys [18/6/2010 19:37 14592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/7/2010 11:53 165456]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [22/8/2009 12:32 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/7/2010 11:53 17744]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [22/8/2009 13:08 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [22/8/2009 13:08 2723840]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [16/10/2009 15:30 8192]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/1/2009 11:18 1050112]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys --> c:\windows\system32\drivers\gbpkm.sys [?]
S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [29/1/2010 13:48 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-29 16:48]
2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-29 16:48]
2010-07-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: adsroute.com
Trusted Zone: adsroute.com\ad
Trusted Zone: cliquemidia.com
Trusted Zone: cliquemidia.com\afiliados
Trusted Zone: pcmegarapido.com
Trusted Zone: pcmegarapido.com\www
Trusted Zone: sweetim.com
Trusted Zone: sweetim.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify- GbPluginBb - c:\arquivos de programas\GbPlugin\gbieh.dll
MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe
MSConfigStartUp-AresChatServer - c:\arquivos de programas\Ares\chatServer.exe
MSConfigStartUp-iexplorer - c:\windows\system32\intexplorrer64.exe
MSConfigStartUp-MsnHott - c:\windows\system32\wordssystem32bts.exe
MSConfigStartUp-NBAgent - c:\arquivos de programas\Nero\Nero 10\Nero BackItUp\NBAgent.exe
MSConfigStartUp-Run - c:\windows\system32\sunjavainst32bts.exe
MSConfigStartUp-WinampAgent - c:\arquivos de programas\Winamp\winampa.exe
AddRemove-{E91E8912-769D-42F0-8408-0E329443BABC} - c:\arquivos de programas\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 15:34
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1482476501-776561741-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,a4,59,af,6f,c0,7f,48,ad,2c,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,a4,59,af,6f,c0,7f,48,ad,2c,9c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,a4,59,af,6f,c0,7f,48,ad,2c,9c,\
[HKEY_USERS\S-1-5-21-1482476501-776561741-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(1452)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-07-30 15:36:35 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-07-30 18:36
Pré-execução: 11 pasta(s) 191.918.694.400 bytes disponíveis
Pós execução: 14 pasta(s) 193.465.552.896 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 3C8D3A9354BBF73B8240460A370FBF2E
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:44:18, on 30/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrador\Meus documentos\LZO\Arquivos de Programa HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: ad.adsroute.com
O15 - Trusted Zone: *.adsroute.com
O15 - Trusted Zone: afiliados.cliquemidia.com
O15 - Trusted Zone: *.cliquemidia.com
O15 - Trusted Zone: www.pcmegarapido.com
O15 - Trusted Zone: *.pcmegarapido.com
O15 - Trusted Zone: www.sweetim.com
O15 - Trusted Zone: *.sweetim.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8067 bytes

Leo Fernande...
Novo Membro
Registrado
25 Mensagens
0 Curtidas