ComboFix 09-11-15.01 - usuario 14/11/2009 22:45.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.652 [GMT -2:00]
Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* AV residente está ativo
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbhelper.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-15 to 2009-11-15 ))))))))))))))))))))))))))))
.
2009-11-06 01:10 . 2009-11-06 01:10 91648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll
2009-11-06 01:03 . 2009-11-06 01:03 -------- d-----w- c:\arquivos de programas\SpeedBit Toolbar
2009-11-06 00:55 . 2009-11-06 00:52 251392 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Temp\dapop.dll
2009-11-06 00:55 . 2009-11-06 00:55 3317784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-11-06 00:52 . 2009-11-14 20:32 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-11-06 00:52 . 2009-11-06 00:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-11-06 00:52 . 2009-11-06 01:03 -------- d-----w- c:\arquivos de programas\DAP
2009-11-06 00:52 . 2009-11-06 01:02 -------- d-----w- c:\arquivos de programas\SpeedBit Video Downloader
2009-11-01 20:19 . 2009-11-01 20:19 -------- d-----w- c:\arquivos de programas\WinPcap
2009-10-27 00:38 . 2009-10-27 00:37 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-27 00:37 . 2009-10-27 00:51 -------- d-----w- c:\documents and settings\usuario\.housecall6.6
2009-10-26 01:32 . 2009-10-26 01:32 -------- d-----w- c:\temp\installtemped
2009-10-26 01:32 . 2009-10-26 01:32 -------- d-----w- C:\Temp
2009-10-24 23:15 . 2009-10-24 23:16 -------- d-----w- C:\!KillBox
2009-10-20 22:59 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-10-20 22:59 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-10-20 22:59 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-10-20 22:59 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-10-20 22:59 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-10-20 00:26 . 2009-10-20 00:26 -------- d-----w- c:\windows\l2schemas
2009-10-20 00:26 . 2009-10-20 00:26 -------- d-----w- c:\windows\system32\bits
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\arquivos de programas\MSBuild
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-10-18 21:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-18 21:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-18 21:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-18 21:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-18 21:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-18 21:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-18 21:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-18 21:19 . 2009-10-18 21:19 -------- d-----w- C:\357990c6e19be66f345fde91b3b5
2009-10-18 21:16 . 2009-10-18 21:16 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-10-18 21:12 . 2009-10-18 21:13 -------- d-----w- C:\LinhaDefensiva
2009-10-18 21:04 . 2009-10-18 21:04 -------- d-----w- C:\MSNCleaner
2009-10-18 19:33 . 2004-08-04 01:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes
2009-10-18 16:14 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-10-18 16:14 . 2009-10-18 16:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-10-18 16:14 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 15:57 . 2008-06-19 19:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-18 15:53 . 2009-10-18 15:53 -------- d-----w- c:\arquivos de programas\Panda Security
2009-10-18 15:31 . 2009-10-18 15:31 -------- d-----w- c:\arquivos de programas\AxBx
2009-10-18 15:23 . 2009-10-18 15:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 15:13 . 2009-10-18 15:14 344576 --sh--w- c:\documents and settings\All Users\Dados de aplicativos\orkuthreat.exe
2009-10-18 15:12 . 2009-10-18 15:15 351 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll
2009-10-18 15:11 . 2009-10-18 15:13 763 ----a-w- c:\windows\apsou.vbs
2009-10-17 17:16 . 2009-10-17 17:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-sh--w- c:\documents and settings\usuario\IECompatCache
2009-10-17 13:26 . 2009-10-17 13:26 -------- d-sh--w- c:\documents and settings\usuario\PrivacIE
2009-10-17 13:22 . 2009-10-17 13:22 -------- d-sh--w- c:\documents and settings\usuario\IETldCache
2009-10-17 13:18 . 2009-10-18 06:00 -------- d-----w- c:\windows\ie8updates
2009-10-17 13:15 . 2009-10-17 13:16 -------- dc-h--w- c:\windows\ie8
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 20:52 . 2009-09-27 05:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Free Download Manager
2009-11-14 20:36 . 2001-10-28 18:07 80198 ----a-w- c:\windows\system32\perfc016.dat
2009-11-14 20:36 . 2001-10-28 18:07 471376 ----a-w- c:\windows\system32\perfh016.dat
2009-11-14 17:24 . 2009-09-27 04:53 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\uTorrent
2009-11-14 05:17 . 2009-09-26 22:44 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Skype
2009-11-13 18:06 . 2009-09-26 22:45 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\skypePM
2009-11-13 00:50 . 2007-10-06 00:44 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\BSplayer Pro
2009-10-23 21:13 . 2009-10-11 02:38 -------- d-----w- c:\arquivos de programas\McAfee
2009-10-23 01:18 . 2009-09-27 05:50 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-10-18 20:06 . 2009-10-05 02:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-10-17 13:24 . 2007-09-01 02:36 -------- d-----w- c:\arquivos de programas\iTunes
2009-10-15 23:19 . 2009-10-09 01:36 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HPAppData
2009-10-15 01:41 . 2009-10-15 01:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2009-10-15 01:37 . 2009-10-15 01:37 -------- d-----w- c:\arquivos de programas\Autodesk
2009-10-13 22:04 . 2009-10-13 22:04 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-10-12 16:27 . 2002-02-15 16:13 -------- d-----w- c:\arquivos de programas\Warcraft III
2009-10-12 15:41 . 2008-08-09 18:12 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Vso
2009-10-12 15:41 . 2007-08-11 14:49 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-10-12 15:38 . 2009-09-27 02:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\IObit
2009-10-11 05:40 . 2009-09-27 02:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee
2009-10-11 02:39 . 2009-10-11 02:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee
2009-10-11 02:39 . 2009-10-11 02:38 -------- d-----w- c:\arquivos de programas\McAfee.com
2009-10-09 01:29 . 2009-10-09 01:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG
2009-10-09 01:28 . 2009-10-09 01:22 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HP
2009-10-09 01:28 . 2009-10-09 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP
2009-10-09 01:22 . 2009-10-08 23:45 168001 ----a-w- c:\windows\hpoins28.dat
2009-10-09 01:21 . 2009-10-09 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant
2009-10-09 01:17 . 2009-10-09 01:15 -------- d-----w- c:\arquivos de programas\HP
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard
2009-10-09 01:17 . 2009-10-09 01:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP
2009-10-04 22:40 . 2009-10-04 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton
2009-10-04 22:39 . 2009-10-04 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec
2009-10-04 22:39 . 2009-10-04 22:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller
2009-10-04 00:28 . 2009-09-27 04:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-09-29 16:27 . 2007-08-11 14:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-27 05:50 . 2009-09-27 05:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-09-27 04:55 . 2009-09-27 04:55 -------- d-----w- c:\arquivos de programas\uTorrent
2009-09-27 02:37 . 2009-09-27 02:37 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-09-27 02:33 . 2009-09-27 02:33 -------- d-----w- c:\arquivos de programas\IObit
2009-09-27 02:33 . 2009-09-27 02:33 -------- d-----w- c:\arquivos de programas\CCleaner
2009-09-27 01:42 . 2007-08-11 14:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-26 22:45 . 2009-09-26 22:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-26 22:44 . 2009-09-26 22:42 -------- d-----r- c:\arquivos de programas\Skype
2009-09-26 22:42 . 2009-09-26 22:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2009-09-26 22:42 . 2009-09-26 22:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-09-26 22:27 . 2009-09-26 22:26 287 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\uninst2.bat
2009-09-26 22:27 . 2009-09-26 22:27 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstWMP\unins000.exe
2009-09-26 22:27 . 2009-09-26 22:27 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstWA\unins000.exe
2009-09-26 22:26 . 2009-09-26 22:26 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstITW\unins000.exe
2009-09-26 22:26 . 2009-09-26 22:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2009-09-26 22:26 . 2009-09-26 22:26 -------- d-----w- c:\arquivos de programas\Last.fm
2009-09-26 20:14 . 2009-09-26 20:14 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-09-26 20:13 . 2009-09-26 20:10 -------- d-----w- c:\arquivos de programas\Microsoft
2009-09-26 20:13 . 2009-09-26 20:13 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector
2009-09-26 20:13 . 2009-09-26 20:09 -------- d-----w- c:\arquivos de programas\Windows Live
2009-09-26 20:13 . 2009-09-26 20:13 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework
2009-09-26 20:12 . 2009-09-26 20:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-09-26 20:10 . 2009-09-26 20:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-09-26 19:21 . 2009-09-26 19:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-09-26 12:42 . 2009-09-25 21:33 -------- d-----w- c:\arquivos de programas\Oi Velox
2009-09-16 12:22 . 2009-10-11 02:40 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 12:22 . 2009-10-11 02:40 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 12:22 . 2009-10-11 02:40 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 12:22 . 2009-07-08 16:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 12:22 . 2009-10-11 02:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:19 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:57 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:15 . 2004-08-04 02:45 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_23.06.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 17:09 . 2009-08-06 21:24 44768 c:\windows\system32\wups2.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 35552 c:\windows\system32\wups.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 53472 c:\windows\system32\wuauclt.exe
+ 2007-11-06 20:22 . 2007-11-06 20:22 68224 c:\windows\system32\WanPacket.dll
+ 2009-11-04 00:55 . 2009-08-06 21:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-04 00:55 . 2009-08-06 21:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-11-06 20:19 . 2007-11-06 20:19 53299 c:\windows\system32\pthreadVC.dll
+ 2001-10-28 18:07 . 2009-11-14 20:36 68292 c:\windows\system32\perfc009.dat
- 2001-10-28 18:07 . 2009-10-31 21:28 68292 c:\windows\system32\perfc009.dat
+ 2007-11-06 20:22 . 2007-11-06 20:22 88696 c:\windows\system32\Packet.dll
+ 2007-11-06 20:22 . 2007-11-06 20:22 34064 c:\windows\system32\drivers\npf.sys
+ 2007-08-11 13:00 . 2009-08-06 21:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 02:45 . 2009-08-06 21:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2007-08-11 13:07 . 2009-10-31 21:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-01 02:15 . 2009-11-14 20:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-11 13:07 . 2009-11-14 20:59 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 13:07 . 2009-10-31 21:22 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 13:07 . 2009-10-31 21:22 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2007-08-11 13:07 . 2009-11-14 20:59 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2004-08-04 02:45 . 2009-08-06 21:24 96480 c:\windows\system32\cdm.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 209632 c:\windows\system32\wuweb.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 327896 c:\windows\system32\wucltui.dll
+ 2007-08-11 13:00 . 2009-08-06 21:23 575704 c:\windows\system32\wuapi.dll
+ 2007-11-06 20:23 . 2007-11-06 20:23 240248 c:\windows\system32\wpcap.dll
- 2001-10-28 18:07 . 2009-10-31 21:28 435396 c:\windows\system32\perfh009.dat
+ 2001-10-28 18:07 . 2009-11-14 20:36 435396 c:\windows\system32\perfh009.dat
+ 2007-08-11 09:48 . 2009-11-12 02:18 356952 c:\windows\system32\FNTCACHE.DAT
- 2007-08-11 09:48 . 2009-10-20 22:45 356952 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-11 13:00 . 2009-08-06 21:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-08-11 13:00 . 2009-08-06 21:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-11 13:00 . 2009-08-06 21:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2009-09-29 16:28 . 2009-09-29 16:28 295606 c:\windows\Installer\{AC76BA86-7AD7-1046-7B44-A81300000003}\SC_Reader.exe
+ 2009-09-29 16:28 . 2009-11-12 23:42 295606 c:\windows\Installer\{AC76BA86-7AD7-1046-7B44-A81300000003}\SC_Reader.exe
+ 2009-11-03 23:19 . 2008-07-08 12:58 395128 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-03 23:19 . 2008-07-08 12:58 233336 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2007-08-11 13:00 . 2009-08-06 21:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-04 02:38 . 2009-08-14 15:15 1850752 c:\windows\system32\win32k.sys
+ 2004-08-04 02:45 . 2009-10-22 09:17 5939712 c:\windows\system32\mshtml.dll
+ 2007-08-11 13:00 . 2009-08-06 21:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-04-19 19:50 . 2009-08-14 15:15 1850752 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 02:45 . 2009-10-22 09:17 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-07 01:32 . 2009-10-07 01:32 4733440 c:\windows\Installer\1f288.msp
+ 2009-11-12 23:42 . 2009-11-12 23:42 1711616 c:\windows\Installer\11753d.msp
+ 2009-11-03 23:19 . 2009-08-29 07:57 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2009-10-15 23:29 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
+ 2008-10-15 03:42 . 2008-10-15 03:42 13219184 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B7448A3100000030\8.1.3\AcroRd32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-11-06 01:02 2655736 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\TBUDC\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-11-06 2803200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^usuario^Menu Iniciar^Programas^Inicializar^Reboot.exe]
path=c:\documents and settings\usuario\Menu Iniciar\Programas\Inicializar\Reboot.exe
backup=c:\windows\pss\Reboot.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/10/2009 13:57 28544]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/11/2007 18:22 34064]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
2007-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-06-03 16:42]
2009-10-11 c:\windows\Tasks\McDefragTask.job
- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2009-10-11 14:22]
2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2009-10-11 14:22]
2009-11-14 c:\windows\Tasks\User_Feed_Synchronization-{549ECE67-9207-4B6E-A3D6-95D0D8D36602}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.speedbit.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8F42911F-1B92-4CB2-9FB7-2210EFC0D097} = 200.149.55.140 200.165.132.147
FF - ProfilePath - c:\documents and settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\29y57njr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla
t-BR
fficial
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-14 22:52
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86F808AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
GMER - Rootkit Detector and Remover
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7246B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7246B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7246B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7246B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7246B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7246B40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-606747145-1965331169-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:de,19,41,fc,8d,01,94,91,41,57,2c,9e,28,cc,91,5b,91,8e,9b,17,6c,23,df,
1c,1e,be,92,cc,05,2a,91,85,44,a8,aa,de,39,f3,d4,23,df,bc,90,cc,93,1d,72,99,\
"??"=hex:ba,fd,0f,63,1b,2b,94,42,db,fd,dc,03,2e,1d,d9,bc
[HKEY_USERS\S-1-5-21-606747145-1965331169-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:af,17,2b,11,f3,d9,65,97,1e,5d,57,e5,de,1e,91,6f,c0,73,95,da,aa,
9b,28,74,55,53,3e,22,20,8d,f2,10,68,e7,55,d2,15,25,dc,f8,c1,2b,55,c4,ba,6a,\
"rkeysecu"=hex:45,68,f7,54,53,7e,35,5d,30,41,1e,43,d3,9b,8a,d6
.
Tempo para conclusão: 2009-11-14 22:54
ComboFix-quarantined-files.txt 2009-11-15 00:54
ComboFix2.txt 2009-10-31 23:09
Pré-execução: 2.401.062.912 bytes disponíveis
Pós execução: 2.362.212.352 bytes disponíveis
- - End Of File - - 7EFBE9A9AD44B389EDD11FCC48F96EE2
