Good morning,
Now its ok, i have a log
ComboFix 10-03-01.03 - Aires 02-03-2010 10:42:41.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.351.2070.18.2047.1119 [GMT 1:00]
Executando de: c:\users\Aires\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4241328082-96073927-3798366556-500
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-02 to 2010-03-02 ))))))))))))))))))))))))))))
.
2010-03-02 09:57 . 2010-03-02 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 22:57 . 2010-02-04 04:45 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\NAVEX15.SYS
2010-03-01 22:57 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\NAVEX32A.DLL
2010-03-01 22:57 . 2010-02-04 04:45 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\NAVENG.SYS
2010-03-01 22:57 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\NAVENG32.DLL
2010-03-01 22:57 . 2010-01-31 13:35 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\CCERASER.DLL
2010-03-01 22:57 . 2010-01-31 13:35 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\ECMSVR32.DLL
2010-03-01 22:57 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\EECTRL.SYS
2010-03-01 22:57 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100301.016\ERASER.SYS
2010-02-28 11:14 . 2010-02-28 11:15 -------- d-----w- c:\program files\trend micro
2010-02-28 11:14 . 2010-02-28 11:15 -------- d-----w- C:\rsit
2010-02-27 21:40 . 2010-02-27 22:05 -------- d-----w- c:\users\Aires\AppData\Local\bfexplorer.net
2010-02-27 21:30 . 2010-02-27 21:30 -------- d-----w- c:\program files\BeloSoft
2010-02-26 22:35 . 2010-02-26 22:35 -------- d-----w- c:\program files\City Interactive
2010-02-25 23:23 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\Scxpx86.dll
2010-02-25 23:23 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSvix86.sys
2010-02-25 23:23 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSXpx86.sys
2010-02-25 23:23 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSxpx86.dll
2010-02-25 23:23 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSviA64.sys
2010-02-24 11:33 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-20 00:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-20 00:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-20 00:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-20 00:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-20 00:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-15 22:06 . 2010-02-15 22:06 -------- d-----w- c:\program files\Common Files\Java
2010-02-15 22:05 . 2010-02-15 22:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 22:04 . 2010-02-15 22:04 -------- d-----w- c:\program files\Java
2010-02-15 04:04 . 2010-03-02 09:36 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-13 23:00 . 2010-02-13 23:00 388096 ----a-r- c:\users\Aires\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-13 23:00 . 2010-02-13 23:00 -------- d-----w- c:\program files\TrendMicro
2010-02-13 16:37 . 2010-02-13 17:23 -------- d-----w- c:\users\Aires\AppData\Roaming\ScanSpyware
2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHRules.dll
2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHEngine.dll
2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys
2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys
2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\bbRGen.dll
2010-02-10 05:25 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 05:25 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 05:25 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 05:25 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 05:25 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 05:25 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 05:24 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 05:24 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 05:24 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 05:24 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 05:24 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 05:24 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 05:24 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 05:24 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 05:24 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 05:24 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 05:24 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 12:27 . 2010-02-08 12:27 -------- d-----w- c:\programdata\TamoSoft
2010-02-07 22:51 . 2010-02-07 22:51 -------- d-----w- c:\program files\InCode Solutions
2010-02-03 23:27 . 2010-02-03 23:27 -------- d-----w- c:\program files\CCleaner
2010-02-01 10:56 . 2009-08-29 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\NAVENG.SYS
2010-02-01 10:56 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\NAVENG32.DLL
2010-02-01 10:56 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\NAVEX32A.DLL
2010-02-01 10:56 . 2009-08-29 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\NAVEX15.SYS
2010-02-01 10:56 . 2010-01-31 13:35 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\CCERASER.DLL
2010-02-01 10:56 . 2010-01-31 13:35 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\ECMSVR32.DLL
2010-02-01 10:56 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\EECTRL.SYS
2010-02-01 10:56 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100131.022\ERASER.SYS
2010-01-31 13:19 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-01-31 13:17 . 2010-01-31 13:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-31 13:17 . 2010-01-31 13:17 -------- d-----w- c:\program files\Symantec
2010-01-31 13:17 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-01-31 13:17 . 2009-08-26 22:13 900464 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-01-31 13:17 . 2009-09-01 08:48 893296 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-01-31 13:16 . 2010-02-01 10:46 -------- d-----w- c:\windows\system32\drivers\NIS
2010-01-31 13:16 . 2010-01-31 13:16 -------- d-----w- c:\program files\Norton Internet Security
2010-01-31 13:16 . 2010-01-31 13:16 -------- d-----w- c:\program files\NortonInstaller
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 09:34 . 2009-06-20 04:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-02 01:00 . 2009-06-19 21:09 80899 ----a-w- c:\users\Aires\AppData\Roaming\nvModes.dat
2010-03-01 16:10 . 2009-06-20 04:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 16:04 . 2009-10-16 04:53 7592 ----a-w- c:\users\Aires\AppData\Local\d3d9caps.dat
2010-02-27 20:52 . 2007-04-21 06:27 769938 ----a-w- c:\windows\system32\perfh00A.dat
2010-02-27 20:52 . 2007-04-21 06:27 172952 ----a-w- c:\windows\system32\perfc00A.dat
2010-02-27 20:52 . 2007-04-21 06:21 764516 ----a-w- c:\windows\system32\prfh0816.dat
2010-02-27 20:52 . 2007-04-21 06:21 169798 ----a-w- c:\windows\system32\prfc0816.dat
2010-02-24 23:20 . 2009-10-01 03:46 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-24 23:19 . 2009-10-01 03:46 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-19 16:30 . 2009-07-24 15:40 -------- d-----w- c:\programdata\Microsoft Help
2010-02-12 18:03 . 2009-10-01 22:38 -------- d-----w- c:\users\Aires\AppData\Roaming\IObit
2010-02-08 15:50 . 2009-06-19 20:39 99864 ----a-w- c:\users\Aires\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-31 13:17 . 2009-06-20 04:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-31 13:17 . 2010-01-31 13:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-31 13:17 . 2010-01-31 13:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-31 13:16 . 2009-09-23 15:34 -------- d-----w- c:\programdata\Norton
2010-01-31 13:16 . 2009-09-23 15:34 -------- d-----w- c:\programdata\NortonInstaller
2010-01-29 02:35 . 2010-01-29 02:35 141983 ----a-r- c:\users\Aires\AppData\Roaming\Microsoft\Installer\{DCFD9DF7-EA14-48D8-AE76-AF1B84CCB53F}\_6FEFF9B68218417F98F549.exe
2010-01-29 02:35 . 2010-01-29 02:35 141983 ----a-r- c:\users\Aires\AppData\Roaming\Microsoft\Installer\{DCFD9DF7-EA14-48D8-AE76-AF1B84CCB53F}\_2104B0CE0326AC2EA9037E.exe
2010-01-29 02:35 . 2010-01-29 02:35 141983 ----a-r- c:\users\Aires\AppData\Roaming\Microsoft\Installer\{DCFD9DF7-EA14-48D8-AE76-AF1B84CCB53F}\_19E642B52BCC876F6CA0D5.exe
2010-01-29 02:35 . 2010-01-29 02:35 -------- d-----w- c:\users\Aires\AppData\Roaming\BetFairAndSquare
2010-01-29 02:35 . 2010-01-29 02:35 -------- d-----w- c:\program files\BetFairAndSquare Exchange Simulator
2010-01-29 02:32 . 2009-07-24 15:44 -------- d-----w- c:\program files\Microsoft.NET
2010-01-29 02:31 . 2010-01-29 02:27 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-27 10:21 . 2010-01-27 10:20 -------- d-----w- c:\program files\Betting Assistant
2010-01-27 10:21 . 2010-01-27 10:21 -------- d-----w- c:\users\Aires\AppData\Roaming\Betting Assistant
2010-01-25 22:34 . 2010-01-25 22:34 -------- d-----w- c:\program files\Chat Republic Games
2010-01-18 18:24 . 2010-01-18 18:01 -------- d-----w- c:\users\Aires\AppData\Roaming\SmartVoip
2010-01-18 17:59 . 2010-01-18 17:59 -------- d-----w- c:\program files\SmartVoip.com
2010-01-16 19:39 . 2009-10-28 15:57 -------- d-----w- c:\users\Aires\AppData\Roaming\Tropico 3
2010-01-16 18:02 . 2010-01-16 17:56 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-01-16 17:59 . 2009-06-20 10:11 -------- d-----w- c:\program files\Innovative Solutions
2010-01-16 17:56 . 2009-06-20 10:12 -------- d-----w- c:\programdata\Innovative Solutions
2010-01-16 15:31 . 2010-01-16 15:31 164352 --sh--w- c:\windows\system32\SC.dll
2010-01-16 14:47 . 2010-01-16 14:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-15 22:37 . 2009-10-01 22:38 -------- d-----w- c:\program files\IObit
2010-01-11 15:23 . 2010-01-11 15:23 -------- d-----w- c:\users\Aires\AppData\Roaming\Microgaming
2010-01-09 03:56 . 2009-06-26 00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 11:49 . 2010-01-08 11:49 -------- d-----w- c:\program files\bfbotmanager.com4
2010-01-08 11:48 . 2010-01-08 11:48 -------- d-----w- c:\program files\bfbotmanager.com3
2010-01-08 09:00 . 2009-06-26 00:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-06-26 00:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-26 00:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:48 . 2010-01-06 15:48 -------- d-----w- c:\program files\bfbotmanager.com2
2010-01-02 10:59 . 2010-01-02 10:20 -------- d-----w- c:\program files\bfbotmanager.com
2009-12-21 08:04 . 2009-12-21 08:04 547576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 13:01 . 2010-01-22 09:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-22 09:17 834048 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-19 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1d,8c,e8,20,c7,69,ca,01
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [20-06-2009 05:58 209408]
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [31-01-2010 20:30 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [31-01-2010 20:30 172592]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [11-02-2010 19:44 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [31-01-2010 20:30 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSvix86.sys [26-02-2010 00:23 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [31-01-2010 20:30 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [31-01-2010 20:30 340016]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26-06-2009 01:27 236368]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [31-01-2010 20:30 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02-02-2010 20:40 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [26-06-2009 01:27 19160]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [08-10-2009 20:35 721904]
S2 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;c:\program files\Betting Assistant\AUClient.exe -PermissionManagerRun --> c:\program files\Betting Assistant\AUClient.exe -PermissionManagerRun [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-03-02 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Aires.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-26 15:07]
2010-02-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for Aires.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-26 15:07]
2010-01-16 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2009-09-27 21:31]
.
.
------- Scan Suplementar -------
.
uStart Page =
hxxp://www.lockerz.com/uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aires\AppData\Roaming\Mozilla\Firefox\Profiles\8b69k7lc.Aires\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Aires\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-02 10:57
Windows 6.0.6002 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
C:\ADSM_PData_0150
Varredura completada com sucesso
arquivos/ficheiros ocultos: 1
**************************************************************************
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gruss Software Ltd: Betting Assistant update permissions manager. 30256.]
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'Explorer.exe'(5828)
c:\program files\SetPoint\GameHook.dll
c:\program files\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\ASUS\ASUS Direct Console\MSNHOOK.DLL
.
Tempo para conclusão: 2010-03-02 11:06:55
ComboFix-quarantined-files.txt 2010-03-02 10:06
Pré-execução: 91.337.199.616 bytes livres
Pós execução: 91.311.632.384 bytes livres
- - End Of File - - 5F18371F93E69F221E71615355654668