Boa tarde pessoal!
Rodrimack, dê uma olhada dentro da pasta C:\ComboFix (e também em suas subpastas) e veja se existe algum log
ComboFix.txt ou
ComboFix2.txt.
O ComboFix foi reformulado, dependendo da infecção ele executa em background, sem que o usuário necessite fazer manualmente. Isto visa diminuir o risco de a infecção impedir o uso da ferramenta. Se isto realmente aconteceu, não podemos executá-lo novamente pois irá sobrescrever o log principal.
Se não existir nenhum log dentro da pasta, siga este procedimento abaixo:
Delete o ComboFix.exe e sua pasta. Baixe-o
aqui novamente, mas antes de fazer o download, altere o nome do executável de ComboFix.exe para
Rodrimack.exe, faça o download e veja se consegue executá-lo então.
Deu certo, o resultado:
ComboFix 10-03-12.02 - User 12/03/2010 19:18:48.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1046.18.494.121 [GMT -3:00]
Executando de: c:\documents and settings\User\Desktop\Rodrimack.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lopes.NOME-195A66C457\NOVO FLUXO DE CAIXA .xls
c:\documents and settings\User\Dados de aplicativos\Desktopicon
c:\documents and settings\User\Dados de aplicativos\Desktopicon\eBay.ico
c:\documents and settings\User\Dados de aplicativos\Desktopicon\uninst.exe
c:\windows\system32\drivers\ndnomp.sys
c:\windows\system32\logs
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_dpti930
(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))
.
2010-03-10 21:00 . 2006-07-12 16:47 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-03-10 21:00 . 2006-07-12 16:47 95617 ----a-r- c:\windows\system32\atiicdxx.dat
2010-03-10 07:06 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 22:13 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-05 22:13 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-05 22:13 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-05 22:13 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 22:13 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-03-05 22:13 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-03-05 22:13 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-05 22:12 . 2010-03-05 22:22 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\arquivos de programas\Machine Works NW
2010-03-01 02:58 . 2010-03-01 21:01 -------- d-----w- c:\arquivos de programas\Microsoft ActiveSync
2010-02-13 01:59 . 2010-03-10 20:04 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\BitComet
2010-02-13 01:59 . 2010-02-13 02:00 -------- d-----w- c:\arquivos de programas\BitComet
2010-02-11 20:52 . 2010-02-11 23:33 -------- d-----w- c:\arquivos de programas\The KMPlayer
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 21:02 . 2009-10-18 23:16 -------- d-----w- c:\arquivos de programas\ATI Technologies
2010-03-10 21:02 . 2008-06-03 20:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-03-10 09:44 . 2008-07-19 04:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-03-01 13:24 . 2004-08-04 12:00 83618 ----a-w- c:\windows\system32\perfc016.dat
2010-03-01 13:24 . 2004-08-04 12:00 477920 ----a-w- c:\windows\system32\perfh016.dat
2010-02-28 21:34 . 2009-01-03 11:21 -------- d-----w- c:\arquivos de programas\Sony Ericsson
2010-02-27 13:00 . 2008-06-12 10:19 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-02-26 22:46 . 2008-08-25 14:17 -------- d-----w- c:\arquivos de programas\CCleaner
2010-02-13 10:50 . 2008-06-05 04:31 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\uTorrent
2010-01-20 12:52 . 2008-06-25 13:31 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2010-01-19 20:46 . 2009-08-26 05:03 358944 ----a-w- c:\windows\vncutil.exe
2010-01-19 20:46 . 2008-06-05 02:21 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-01-19 20:46 . 2008-06-05 02:21 1833504 ----a-w- c:\windows\SkyTel.exe
2010-01-19 20:46 . 2008-06-05 02:21 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-01-19 20:46 . 2008-06-05 02:21 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-01-19 20:46 . 2009-08-26 05:03 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-19 20:46 . 2009-08-26 05:03 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-01-19 20:46 . 2008-06-05 02:21 18790432 ----a-w- c:\windows\RTHDCPL.EXE
2010-01-19 20:46 . 2008-06-05 02:21 2177568 ----a-w- c:\windows\MicCal.exe
2010-01-19 20:46 . 2008-06-05 02:21 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-01-19 20:46 . 2008-06-05 02:21 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-01-19 20:36 . 2008-06-05 02:21 5818400 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-01-18 23:03 . 2010-01-18 23:03 -------- d-----w- c:\documents and settings\Lopes.NOME-195A66C457\Dados de aplicativos\Apple Computer
2010-01-18 00:07 . 2010-01-18 00:07 -------- d-----w- c:\arquivos de programas\Vimicro
2010-01-18 00:07 . 2010-01-18 00:07 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\InstallShield
2010-01-17 14:46 . 2009-03-09 12:30 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\LimeWire
2010-01-13 15:17 . 2008-06-05 02:20 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-10 09:35 . 2009-01-16 09:04 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 18:07 . 2008-12-17 19:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 18:07 . 2008-12-17 19:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2008-06-03 19:37 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
------- Sigcheck -------
[-] 2008-07-13 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-07-13 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-18 209153]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lopes.NOME-195A66C457^Menu Iniciar^Programas^Inicializar^Magnifier.lnk]
backup=c:\windows\pss\Magnifier.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 01:16 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-08-01 14:39 4608 ----a-w- c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 20:07 119296 ------w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 17:50 54576 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManager]
2005-09-16 12:38 31744 ----a-w- c:\arquivos de programas\Power Manager\PM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 19:18 413696 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-06-30 14:00 2836376 ----a-w- c:\arquivos de programas\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-07-12 16:47 544768 ----a-r- c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"26273:TCP"= 26273:TCP:BitComet 26273 TCP
"26273:UDP"= 26273:UDP:BitComet 26273 UDP
"40000:TCP"= 40000:TCP:BitComet 40000 TCP
"40000:UDP"= 40000:UDP:BitComet 40000 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/6/2009 13:01 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2008 14:27 716272]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [18/3/2009 11:44 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [18/3/2009 11:44 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [18/3/2009 11:44 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/3/2009 11:44 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [18/3/2009 11:44 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [18/3/2009 11:44 69632]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/10/2008 00:39 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/9/2008 11:33 16512]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [5/6/2008 02:17 36480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/6/2009 13:02 29192]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys --> c:\windows\system32\DRIVERS\ggflt.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/6/2009 13:01 26248]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/5/2009 18:56 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/5/2009 18:56 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/5/2009 18:56 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/5/2009 18:56 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/5/2009 18:56 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/5/2009 18:56 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/5/2009 18:56 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [15/12/2008 18:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [15/12/2008 18:38 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [15/12/2008 18:38 110632]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [15/12/2008 18:39 100648]
S3 SASENUM;SASENUM; [x]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\sr9usb.sys --> c:\windows\system32\DRIVERS\sr9usb.sys [?]
S3 TfNetMon;TfNetMon; [x]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [17/1/2010 21:08 1537024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]
2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{296B2BB7-81AE-4AE6-850C-79AB0C908CBA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
mStart Page = about:blank
LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\
FF - prefs.js: browser.startup.homepage -
Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-12 19:33
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spya.sys >>UNKNOWN [0x86192938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7528f28
\Driver\ACPI -> ACPI.sys @ 0xf7286cb8
\Driver\atapi -> atapi.sys @ 0xf7241b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-4294710607-957213101-1005835743-1005\Software\SecuROM\License information*]
"datasecu"=hex:22,b7,7a,86,ff,9e,78,8b,12,b7,e9,54,7b,a0,27,3c,63,99,ca,24,d7,
c0,29,b7,2a,7c,55,38,d4,a8,45,c7,e6,eb,62,c3,47,fc,6f,22,a2,2b,29,d8,62,45,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{402278d4-786d-44b1-a200-ba076b69a537}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fd
"Therad"=dword:00000015
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,fe,80,6d,74,d0,aa,c2,2c,51,9e,3b,fc,4e,31,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,87,92,3e,3f,c6,c4,fb,e4,c6,55,65,ed,dd,91,6b,40,6b,c3,85,d2,
f4,ce,92,4e,70,cf,62,1d,16,df,b2,44,1c,a6,c8,ca,db,12,34,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\hÑ*BNoc]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="??\09"
"ReinstallString"="8.493.0.0000"
"DeviceInstanceIds"=multi:"c:\\ati\\support\\8-5-igp_xp32_dd_ccc_wdm_sb_gart_enu_63030\\driver\\xp_inf\\cx_63030.inf\00"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(708)
c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(1136)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe
c:\arquiv~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-03-12 19:41:56 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-03-12 22:41
Pré-execução: 2.237.452.288 bytes disponíveis
Pós execução: 2.276.974.592 bytes disponíveis
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - BF8328F409698C704A52F130D37CCCDE