Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3006.2449 [GMT -3:00]
Executando de: c:\documents and settings\User\Meus documentos\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-25 to 2012-09-25 ))))))))))))))))))))))))))))
.
.
2012-09-25 11:38 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{1D5C456F-EDB4-42C3-AFA7-4D135B17CDA2}\mpengine.dll
2012-09-24 11:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 20:55 . 2012-09-21 20:55 -------- d-----w- c:\arquivos de programas\BabylonToolbar
2012-09-21 20:43 . 2012-09-06 01:25 813536 ----a-w- c:\arquivos de programas\Mozilla Firefox\sqlite3.dll
2012-09-21 20:42 . 2012-09-21 20:42 -------- d-----w- c:\arquivos de programas\Funmoods
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconD7F16134.exe
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconCF33A0CE.exe
2012-09-21 16:58 . 2012-09-21 16:58 110080 ----a-r- c:\documents and settings\User\Dados de aplicativos\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconF7A21AF7.exe
2012-09-21 16:57 . 2012-09-21 16:58 -------- d-----w- C:\sh4ldr
2012-09-21 16:57 . 2012-09-21 16:57 -------- d-----w- c:\arquivos de programas\Enigma Software Group
2012-09-21 16:56 . 2012-09-21 16:58 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-21 16:56 . 2012-09-21 16:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2012-09-20 20:27 . 2012-09-20 20:28 -------- d-----w- C:\5cadf9a1c5e7ad47238831d6c7
2012-09-20 18:36 . 2012-09-20 18:37 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service
2012-09-18 19:12 . 2012-09-18 19:11 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-18 16:49 . 2012-09-18 16:49 -------- d-----w- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Wajam
2012-09-18 12:50 . 2012-09-18 12:51 -------- d-----w- C:\9f85faac57309080f83f5b1b246f145e
2012-08-28 18:32 . 2012-08-28 18:34 -------- d-----w- C:\DANFEView
2012-08-28 17:48 . 2012-08-28 17:48 -------- d-----w- C:\WinPcap
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 20:50 . 2012-05-17 11:23 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 20:50 . 2011-09-21 20:06 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 19:10 . 2012-06-22 11:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-18 19:10 . 2012-06-22 11:49 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-18 19:10 . 2011-08-23 21:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 20:04 . 2012-08-22 16:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2008-04-13 21:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-13 21:20 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-13 21:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-13 20:55 385024 ------w- c:\windows\system32\html.iec
2012-08-21 22:12 . 2012-08-22 20:39 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys
2012-08-21 09:13 . 2011-09-28 16:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-09-28 16:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-09-28 16:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-09-28 16:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-09-28 16:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-09-28 16:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-09-28 16:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-09-28 16:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-09-28 16:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-09-28 16:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 15:36 . 2011-11-14 11:07 2887680 ----a-w- c:\windows\system32\VagalumePluginWMP.dll
2012-07-06 13:58 . 2008-04-13 21:20 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-08-23 18:13 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-13 20:54 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 20:25 . 2012-06-28 20:25 26 ----a-w- C:\tumbs.tmp
2012-09-06 01:26 . 2012-09-20 18:34 266720 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F16D30-AA76-4EBC-8990-7E4FA68C20C4}]
2012-08-21 16:13 1226752 --sh--w- c:\winpvar\PriceGong\Imageclassifier.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 18:54 175912 ----a-w- c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{654BF6E2-6BCC-4BD7-BCB0-BC9F76912AE5}]
2012-09-12 11:32 1005056 ----a-w- c:\docume~1\ALLUSE~1\DADOSD~1\{622D4~1\wmimsg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\arquivos de programas\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-08-29 16:42 1856264 ----a-w- c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SpyHunter Security Suite"="c:\arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-08-21 5158848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop]
2011-12-09 12:00 4613624 ----a-w- c:\arquivos de programas\4shared Desktop\desktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2011-12-09 12:00 608760 ----a-w- c:\arquivos de programas\4shared Desktop\checkUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 10:22 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Panel]
2012-08-28 11:36 165376 --sh--w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\StaticUrlList.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 21:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DANFEViewMon]
2012-08-20 17:35 3625472 ----a-w- c:\danfeview\danfemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-25 11:29 136176 ----atw- c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 17:39 33628160 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
2006-07-13 15:34 57344 ----a-w- c:\arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMab1err]
2010-03-26 19:33 582312 ----a-w- c:\arquivos de programas\Lexmark\ErrorApp\lmab1err.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPSSDMON]
2010-03-26 19:33 753664 ----a-w- c:\arquivos de programas\Lexmark\Monitor\ACJ\LMabMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 20:04 766536 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 20:08 931200 ----a-w- c:\arquivos de programas\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 16:39 966712 ----a-w- c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeSysTray]
2012-08-29 16:42 4894472 ----a-w- c:\arquivos de programas\PSafe\PSafeSysTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 17:28 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunAs]
2012-08-28 11:36 440319 --sh--w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\NBFeatures.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2008-07-08 21:48 204800 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-27 11:24 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-27 11:29 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayHabil]
2011-09-29 18:06 1327104 ----a-w- c:\arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2008-05-16 16:58 94208 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2007-07-18 18:15 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B1577CF0-D755-42E2-B0B9-78721ABCED6E}]
2012-08-28 11:36 59904 ----a-w- c:\documents and settings\User\Dados de aplicativos\PC Suite\Settings\eappgnui.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{EBED2EF8-A1BA-4656-9F8D-7159041B8790}]
2012-08-21 16:13 59904 ----a-w- c:\documents and settings\User\Dados de aplicativos\Skype\shared_httpfe\cmcfg32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Arquivos de programas\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Arquivos de programas\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\java.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\PSafe\\PSRsync.exe"=
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [22/8/2012 13:29 54912]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [22/8/2012 13:29 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [22/8/2012 13:29 23168]
R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [22/8/2012 17:39 64048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/9/2011 13:18 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/9/2011 13:18 355632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [29/5/2012 08:47 101112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/9/2011 13:18 21256]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [19/9/2012 09:33 399432]
R2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\arquivos de programas\PSafe\PSafeCategoryFinder.exe [22/8/2012 13:27 1074440]
R2 PSafeSVC;PSafeSVC;c:\arquivos de programas\PSafe\PSafesvc.exe [22/8/2012 13:27 1448200]
R2 PSafeWD;PSafeWD;c:\arquivos de programas\PSafe\PSafeWD.exe [22/8/2012 13:27 30472]
R3 esgiguard;esgiguard;c:\arquivos de programas\Enigma Software Group\SpyHunter\esgiguard.sys [6/5/2011 16:57 13904]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/6/2009 16:52 1374464]
S2 gupdate;Serviço do Google Update (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/8/2011 11:13 136176]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/8/2012 13:30 676936]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\arquiv~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [21/8/2012 15:29 763840]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/5/2012 08:23 250288]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/8/2011 11:13 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/8/2012 13:30 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [20/9/2012 15:36 114144]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/10/2011 14:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/10/2011 14:12 8576]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:50]
.
2012-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2012-09-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-03 09:12]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-26 14:13]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-26 14:13]
.
2012-09-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1547161642-1644491937-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
.
2012-09-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1547161642-1644491937-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
uInternet Connection Wizard,ShellNext = hxxp://www.devicedoctor.com/driver.php? ... taWin7.zip
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: &Download All using 4shared Desktop - c:\arquivos de programas\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\arquivos de programas\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\ubqpn0bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110823 ... 7122663&q=
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpu ... =499410315
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpu ... 9410315&q=
FF - user.js: extensions.funmoods.id - 003067122663198E
FF - user.js: extensions.funmoods.instlDay - 15604
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpu ... =499410315
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600286557928282218302012052313411819');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron4');
user_pref('extensions.dealply.installId', 'v24300237901253774356992012092118425533');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '3');
FF - user.js: extensions.BabylonToolbar_i.id - cc76198e000000000000003067122663
FF - user.js: extensions.BabylonToolbar_i.hardId - cc76198e000000000000003067122663
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15604
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-25 09:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(1704)
c:\windows\system32\WININET.dll
c:\arquivos de programas\PSafe\shell\v3.1.1208.29401\PSafeShellExtensionx86.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2012-09-25 09:25:41
ComboFix-quarantined-files.txt 2012-09-25 12:25
ComboFix2.txt 2012-09-24 12:30
.
Pré-execução: 30 pasta(s) 124.071.481.344 bytes disponíveis
Pós execução: 32 pasta(s) 124.043.980.800 bytes disponíveis
.
- - End Of File - - 980CCE347E15C54EE41218A01EE1C9F7