Combo Fix

ComboFix 09-07-12.01 - Administrador 15/07/2009 15:24.2.
1 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professional 5.0.2195.4.1252.55.1046.18.255.177 [GMT -3:
00]
Executando de: C:\ComboFix.exe
ATENAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAO INSTALADA !!
.
(((((((((((((((((((((((((((((((((((((
))))))))))))))))))))))))))))
.
Outras Excluses
)))))))))))))))))))))))
c:\arquivos de programas\INSTALL.LOG
c:\documents and settings\Administrador\Dados de aplicativos\inst.exe
c:\winnt\system32\csrcs.exe
c:\winnt\system32\sshnas21.dll
.
(((((((((((((((((((((((((((((((((((((((
))))))))))))))))))))))))))))
.
Drivers/Servios
)))))))))))))))))))))
-------\Legacy_SSHNAS
-------\Service_SSHNAS
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 )))))
)))))))))))))))))))))))
.
2010-07-09 09:38 . 2007-05-01 23:09
52496 ----a-wc:\winnt\system3
2\vfwwdm32.dll
2010-07-09 09:38 . 2007-05-01 23:09
2\tsbyuv.dll
2010-07-09 09:38 . 2007-05-01 23:09
2\msh263.drv
2010-07-09 09:38 . 2007-05-01 23:09
2\iyuv_32.dll
2010-07-09 09:38 . 2006-09-14 13:27
2\mtkjpeg.dll
2010-07-09 09:38 . 2006-08-01 13:36
2\drivers\usbmtk.sys
2010-07-09 09:38 . 2010-07-09 09:38
-------d-----wC:\Webca
m_Driver_v1_2_0
2010-07-09 09:31 . 2007-05-01 23:09
2\drivers\usbser.sys
2010-07-09 09:29 . 2010-07-09 09:29
-------d-----wC:\MTKUS
B_Driver_6235
2010-07-09 08:11 . 2010-07-09 08:17
-------d-----wc:\arqui
vos de programas\mp3DirectCut
2010-06-19 07:56 . 2010-06-19 07:56
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\nView_Profiles
2010-06-19 07:48 . 2004-10-29 21:50
2\nvshell.dll
2010-06-19 07:48 . 2004-10-29 21:50
2\nview.dll
2010-06-19 07:48 . 2010-06-19 07:54
-------d-----wc:\winnt
\nview
2010-06-19 07:48 . 2004-10-29 21:50
2\nvappbar.exe
2010-06-19 07:48 . 2004-10-29 21:50

2\keystone.exe
2010-06-19 07:48 . 2004-10-29 21:50
2\nvudisp.exe
2010-06-19 07:48 . 2004-10-29 21:50
2\nvdspsch.exe
2010-06-19 07:43 . 2010-06-19 07:43
-------d-----wc:\arqui
vos de programas\MultiRes
2010-06-19 07:43 . 2010-06-19 07:42
737280 ----a-wc:\winnt\iun6002
.exe
2010-06-19 07:42 . 2010-06-19 07:42
-------d-----wc:\arqui
vos de programas\Nvidia Omega Drivers
2010-06-17 09:16 . 2010-06-19 08:00
-------d-----wc:\arqui
vos de programas\MU World
2010-06-15 18:04 . 2010-06-15 18:04
179200 ----a-wc:\winnt\Ypygya.
exe
2010-06-11 12:15 . 2010-06-11 12:15
2\msgr.exe
2010-04-24 08:12 . 2009-09-04 20:29
2\D3DX9_42.dll
2010-04-24 08:12 . 2006-11-29 16:06
2\d3dx9_32.dll
2010-04-24 08:12 . 2006-09-28 19:05
2\d3dx9_31.dll
2010-04-24 08:12 . 2010-04-24 08:12
-------d-----wc:\winnt
\Logs
2010-04-24 08:08 . 2010-04-24 08:08
-------d-----wc:\arqui
vos de programas\Winamp Detect
2010-04-24 08:06 . 2010-04-30 10:33
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\Winamp
2010-04-24 08:06 . 2010-04-24 08:28
-------d-----wc:\arqui
vos de programas\Winamp
2010-04-23 16:31 . 2010-04-23 16:31
2\drivers\AnyDVD.sys
2010-03-31 20:31 . 2000-07-31 16:28
2\binkW32.dll
2010-03-31 09:44 . 2010-04-01 09:37
-------d-----wc:\arqui
vos de programas\lot
2010-03-31 09:44 . 2010-03-31 09:44
-------d-----wc:\arqui
vos de programas\Nova pasta (2)
2010-03-31 09:44 . 2010-03-31 09:44
-------d-----wc:\arqui
vos de programas\Nova pasta
2010-03-31 09:40 . 2010-03-31 09:40
-------d-----wc:\arqui
vos de programas\Capcom
2010-03-31 08:34 . 2010-03-31 08:34
-------d-----wc:\arqui
vos de programas\Buka
2010-03-19 13:31 . 2010-03-19 13:31
2\ElbyCDIO.dll
2010-03-14 12:16 . 2010-03-14 12:16
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\Canneverbe Limited
2010-03-14 12:16 . 2010-03-14 12:16
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2010-03-14 12:15 . 2009-11-12 16:48
7168
----a-wc:\winnt\system3
2\drivers\StarOpen.sys
2010-03-14 12:15 . 2010-03-14 12:15
-------d-----wc:\arqui
vos de programas\CDBurnerXP
2010-02-24 12:49 . 2010-02-24 12:49
-------d-----wc:\arqui
vos de programas\Orban
2010-02-24 12:48 . 2010-02-24 12:49
-------d-----wc:\arqui
vos de programas\Megacubo
2010-02-13 01:37 . 2000-04-11 02:46

-------d-----wc:\arqui
vos de programas\agpls
2010-02-13 01:35 . 2000-04-11 02:47
-------d-----wc:\arqui
vos de programas\agpsp
2010-01-24 13:03 . 2010-01-24 13:03
-------d-----wc:\arqui
vos de programas\MSN Messenger
2010-01-18 05:09 . 2010-01-18 05:09
-------d-----wc:\arqui
vos de programas\Microsoft.NET
2010-01-15 01:11 . 2010-01-15 01:11
-------d-----wc:\arqui
vos de programas\Alcohol Soft
2010-01-01 17:20 . 2010-01-01 17:20
2\drivers\ElbyCDIO.sys
2009-12-28 19:02 . 2009-12-28 19:02
664
----a-wc:\winnt\system3
2\d3d9caps.dat
2009-12-23 02:06 . 2009-12-23 02:06
-------d-----wc:\arqui
vos de programas\Google
2009-12-16 00:00 . 2001-05-24 14:59
162304 ----a-wC:\UNWISE.EXE
2009-12-14 08:46 . 2009-12-14 08:46
-------d-----wc:\arqui
vos de programas\HHD Software
2009-12-14 08:29 . 2009-12-16 02:19
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\Dev-Cpp
2009-11-29 20:11 . 2009-11-29 22:20
-------d-----wc:\arqui
vos de programas\NetstormLaunch
2009-11-29 20:01 . 2009-11-29 20:01
-------d-----wC:\NetSt
ormDemo
2009-11-29 03:36 . 2010-07-03 07:39
-------d-----wc:\arqui
vos de programas\Freeware PDF Unlocker
2009-11-29 01:53 . 2009-11-29 01:53
-------d-----wc:\arqui
vos de programas\SysTools PDF Unlocker Software
2009-11-03 05:30 . 2009-11-03 07:43
-------d-----wc:\arqui
vos de programas\DVDFab 62
2009-11-03 03:49 . 2009-11-03 03:49
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\DVDFab
2009-11-01 02:25 . 2009-11-01 02:25
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\ICQ
2009-11-01 02:24 . 2009-11-01 02:24
-------d-----wc:\winnt
\aod
2009-11-01 02:23 . 2010-04-11 04:40
-------d---a-wc:\arqui
vos de programas\ICQ
2009-10-30 02:31 . 2008-01-27 12:49
2\MsgPlusLoader.dll
2009-10-27 00:30 . 2010-03-25 17:32
-------d-----wc:\arqui
vos de programas\Real Alternative
2009-10-26 22:14 . 2000-04-11 03:22
-------d-sh--wc:\winnt
\Installer
2009-10-21 18:08 . 2004-10-12 18:42
2\TomsMoComp_ff.dll
2009-10-21 18:08 . 2004-10-04 05:50
2\libmpeg2_ff.dll
2009-10-21 18:08 . 2004-09-10 17:50
2\ffdshow.reg
2009-10-21 18:08 . 2009-10-21 18:08
-------d-----wc:\arqui
vos de programas\Cucusoft
2009-10-21 17:58 . 2000-04-11 02:13
-------d-----wc:\arqui
vos de programas\DVDlabPro2
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wC:\audie
nces
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wC:\codec
s
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wC:\plugi
ns
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wC:\commo
n
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wC:\tools
2009-10-20 12:13 . 2009-10-20 12:13
4753
----a-wC:\unins000.dat
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wc:\winnt
\WinAVI Video Converter 9.0
2009-10-20 12:13 . 2009-10-20 12:13
-------d-----wc:\arqui
vos de programas\WinAVI Video Converter 9.0
2009-10-12 20:13 . 2009-10-12 20:13
2\drivers\pcouffin.sys
2009-10-12 20:13 . 2009-10-12 20:13
47360 ----a-wc:\documents and
settings\Administrador\Dados de aplicativos\pcouffin.sys
2009-10-12 20:13 . 2010-05-16 12:33
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\Vso
2009-10-12 20:11 . 2009-10-12 20:12
-------d-----wc:\arqui
vos de programas\DVDFab 6
2009-10-12 17:11 . 2009-10-12 17:11
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\Malwarebytes
2009-10-12 13:34 . 2010-07-14 14:34
-------d-----wC:\Clone
DVDTemp
2009-10-12 12:15 . 2009-10-12 12:15
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\SlySoft
2009-10-12 12:14 . 2009-10-12 12:14
-------d-----wc:\arqui
vos de programas\Elaborate Bytes
2009-10-12 12:14 . 2009-11-16 03:48
-------d-----wc:\arqui
vos de programas\SlySoft
2009-10-12 09:04 . 2009-11-03 03:37
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-10-12 09:03 . 2009-10-12 09:03
-------d-----wc:\arqui
vos de programas\DVD Shrink
2009-10-12 05:58 . 2009-10-12 05:58
-------d-----wc:\arqui
vos de programas\Cpia de save
2009-10-03 22:09 . 2009-10-03 22:09
-------d-----wc:\arqui
vos de programas\DemoForge
2009-10-03 22:09 . 2009-10-03 22:24
-------d-----wc:\arqui
vos de programas\UltraVNC
2009-10-03 22:04 . 2009-10-03 22:07
-------d-----wc:\arqui
vos de programas\NetListener
2009-10-03 21:53 . 2009-10-03 21:53
-------d-----wc:\arqui
vos de programas\Winco
2009-10-03 21:50 . 2009-10-03 21:50
-------d-----wc:\arqui
vos de programas\Toleron
2009-09-19 03:13 . 2009-09-19 03:14
-------d-----wc:\arqui
vos de programas\Arquivos comuns\Akamai
2009-07-12 10:59 . 2009-07-12 11:09
3054946 -c--a-rC:\ComboFix.exe
2009-07-11 07:56 . 2009-07-31 12:48
-------d-----wc:\arqui
vos de programas\FanaticMU
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-07-15 14:29 . 2000-04-11 13:04
-------d-----wc:\docum
ents and settings\Administrador\Dados de aplicativos\DMCache
2010-06-18 03:30 . 2008-11-09 01:13
-------d-----wc:\arqui
vos de programas\SystemRequirementsLab
2010-03-31 09:40 . 2007-11-16 15:20
-------d--h--wc:\arqui
vos de programas\InstallShield Installation Information
2010-02-19 08:39 . 2000-04-11 16:19
settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\yt3bandv.d
efault\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAl
ert.dll
2010-02-19 08:39 . 2000-04-11 16:19
settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\yt3bandv.d
efault\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore
.dll
2010-02-13 04:12 . 2010-02-13 04:12
0
----a-wc:\arquivos de p
rogramas\agpspZs~3`2=
2010-01-15 01:08 . 2007-12-15 18:42
2\drivers\sptd.sys
2009-12-24 13:34 . 2000-04-11 08:06
-------d-----wc:\docum
ents and settings\All Users\Dados de aplicativos\vsosdk
2009-10-27 00:49 . 2009-10-27 00:49
-------d-----wc:\arqui
vos de programas\K-Lite Codec Pack
2009-10-27 00:33 . 2000-04-11 13:11
-------d-----wc:\arqui
vos de programas\Essentials Codec Pack
2009-10-13 18:00 . 2009-10-27 00:49
2\ff_vfw.dll
2009-10-12 20:11 . 2001-05-07 13:00
2\perfc016.dat
2009-10-12 20:11 . 2001-05-07 13:00
2\perfh016.dat
2009-10-12 13:41 . 2000-04-11 02:11
-------d-----wc:\arqui
vos de programas\KAPITALSIN
2009-10-12 07:27 . 2009-04-11 10:24
-------d-----wc:\arqui
vos de programas\Diablo II
2009-10-12 05:58 . 2009-06-12 06:27
-------d-----wc:\arqui
vos de programas\Warcraft III
2009-09-02 20:41 . 2000-04-11 03:31
2\sipr3260.dll
2009-09-02 20:41 . 2000-04-11 03:31
2\cook3260.dll
2009-09-02 20:41 . 2000-04-11 03:31
2\drv43260.dll
2009-09-02 20:41 . 2000-04-11 03:31
2\drv33260.dll
2009-09-02 20:41 . 2000-04-11 03:31
2\drv23260.dll
2009-09-02 20:41 . 2000-04-11 03:31
2\wvc1dmod.dll
2009-08-16 15:08 . 2009-10-27 00:49
2\unrar.dll
2009-08-08 07:51 . 2009-04-11 11:16
2\CmdLineExt03.dll
2009-08-06 21:24 . 2007-11-15 19:09
2\wucltui.dll
2009-08-06 21:24 . 2007-11-15 19:09
2\wuweb.dll
2009-08-06 21:24 . 2007-11-15 19:09
44768 -c--a-wc:\winnt\system3
2\wups2.dll
2009-08-06 21:24 . 2007-11-15 19:09
35552 -c--a-wc:\winnt\system3
2\wups.dll
2009-08-06 21:24 . 2007-11-15 16:34
2\wuauclt.exe
2009-08-06 21:24 . 2003-06-19 02:05
2\cdm.dll
2009-08-06 21:23 . 2007-11-15 19:09
2\wuapi.dll
2009-08-06 21:23 . 2007-11-16 19:38
2\mucltui.dll
2009-08-06 21:23 . 2007-11-15
2\wuaueng.dll
2009-08-06 21:23 . 2007-07-30
2\muweb.dll
2009-07-29 06:35 . 2009-10-27
2\x264vfw.dll
2009-07-14 00:15 . 2009-10-27
2\dpl100.dll
2009-07-14 00:15 . 2009-10-27
2\divx.dll
2009-06-12 07:53 . 2009-06-12
n.dat
2009-06-12 06:48 . 2009-06-12
n.pif
2009-06-12 06:48 . 2009-06-12
n.exe
2009-05-29 21:37 . 2009-10-27
2\xvidvfw.dll
2009-05-29 21:31 . 2009-10-27
2\xvidcore.dll
2009-04-28 20:20 . 2007-11-17
2\drivers\PxHelp20.sys
2009-04-28 20:20 . 2007-11-17
2\pxafs.dll
2009-04-17 14:03 . 2009-04-26
2\MSJCE.dll
2008-01-09 18:31 . 2007-11-15
rogramas\folder.htt
2000-04-11 02:24 . 2000-04-11
rogramas\khw
.
16:34
1929952 ----a-w-
c:\winnt\system3
21:18
215920 ----a-w-
c:\winnt\system3
00:49
2378752 ----a-w-
c:\winnt\system3
00:49
90112
----a-w-
c:\winnt\system3
00:49
685056 ----a-w-
c:\winnt\system3
03:38
85279
-c--a-w-
c:\winnt\War3Uni
06:39
2829
-c--a-w-
c:\winnt\War3Uni
03:38
139264 -c--a-w-
c:\winnt\War3Uni
00:49
205824 ----a-w-
c:\winnt\system3
00:49
881664 ----a-w-
c:\winnt\system3
00:55
44944
-c----w-
c:\winnt\system3
00:55
129520 -c----w-
c:\winnt\system3
05:08
69632
-c--a-w-
c:\winnt\system3
16:38
22040
-c-h--w-
c:\arquivos de p
02:24
--sha-r-
c:\arquivos de p
------- Sigcheck ------[-] 2007-11-16 22:49

\explorer.exe
245520 2060752B92A633AACD60576217BA4207
c:\winnt
[-] 2007-05-01 23:30

96560 9C4225A67C755FF497DF8041D4CC90D9
c:\winnt
\system32\sfc.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por defeito no so mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\winnt\msconfig.exe" [2001-10-29 146432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\nwprovau]
2007-05-01 16:06
141584 ----a-wc:\winnt\system32\nwprovau.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ
msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and SettingsÂdministrador^Menu Iniciar^Progr
amasÎnicializar^PowerReg Scheduler V3.exe]
backup=c:\winnt\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and SettingsÂdministrador^Menu Iniciar^Progr
amasÎnicializar^PowerReg Scheduler.exe]
backup=c:\winnt\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and SettingsÂll Users^Menu Iniciar^Programas
ÎnicializarÂcelerador Cresce.Net.lnk]
backup=c:\winnt\pss\Acelerador Cresce.Net.lnkCommon Startup
ÎnicializarÂcelerador POP.lnk]
backup=c:\winnt\pss\Acelerador POP.lnkCommon Startup
Înicializar^Discador Oi Internet.lnk]
backup=c:\winnt\pss\Discador Oi Internet.lnkCommon Startup
Înicializar^DRIVER PNP Monitor.lnk]
backup=c:\winnt\pss\DRIVER PNP Monitor.lnkCommon Startup
Înicializar^Lorencia & MUWorld.lnk]
backup=c:\winnt\pss\Lorencia & MUWorld.lnkCommon Startup
Înicializar^Microsoft Office.lnk]
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup
Înicializar^Run Google Web Accelerator.lnk]
backup=c:\winnt\pss\Run Google Web Accelerator.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAu
tomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft C
onnection Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwareby
tes' Anti-Malware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStrea
m
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTe
rminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAge
nt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winconnec
tion4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"Spooler"=2 (0x2)
"Schedule"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"nHancer"=2 (0x2)
"StiSvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=2 (0x2)
"sp_rssrv"=2 (0x2)
"AVP"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"ose"=3 (0x3)
"wuauserv"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Synchronization Manager"=mobsync.exe /logon
R0 amd751;AMD 751 AGP Filter;c:\winnt\system32\drivers\amd751.sys [15/11/2007 14
:22 31684]
R0 NVDual;NVDual;c:\winnt\system32\drivers\nvdual.sys [11/1/2008 11:15 1598]
R0 pmfilt;pmfilt;c:\winnt\system32\drivers\pmfilt.sys [11/7/2008 06:24 10112]
R0 pmhelp;pmhelp;c:\winnt\system32\drivers\pmhelp.sys [11/7/2008 06:24 50464]
S3 cpuz131;cpuz131; [x]
S3 DCamUSBMtk;Webcam phone;c:\winnt\system32\drivers\usbmtk.sys [9/7/2010 06:38
44032]
S3 dfmirage;dfmirage;c:\winnt\system32\drivers\dfmirage.sys [25/11/2005 17:43 31
896]
S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\winnt\system32\drivers\
RMSPPPOE.SYS [12/4/2000 10:29 33792]
S3 XDva031;XDva031; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ
Akamai
.
Contedo da pasta 'Tarefas Agendadas'
2008-07-09 c:\winnt\Tasks\XoftSpySE 2.job
- c:\arquivos de programas\XoftSpySE\XoftSpy.exe [2007-07-13 11:43]
2008-07-07 c:\winnt\Tasks\XoftSpySE.job
- c:\arquivos de programas\XoftSpySE\XoftSpy.exe [2007-07-13 11:43]
2010-06-15 c:\winnt\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\winnt\Ypygya.exe [2010-06-15 18:04]
.
- - - - ORFOS REMOVIDOS - - - -
HKLM-Explorer_Run-csrcs - c:\winnt\system32\csrcs.exe
.
------- Scan Suplementar ------.
uStart Page =
mSearch Bar = hxxp://farejador.ig.com.br/ie/
IE: Download All Links with IDM - c:\arquivos de programas\Internet Download Man
ager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Down
load Manager\IEGetVL.htm
IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt
.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3
000
LSP: c:\arquivos de programas\TrafficCompressor\TCompLsp.dll
LSP: %SystemRoot%\system32\msafd.dll
TCP: {1AB7C2BB-32AB-42AE-BC4C-1A40A1E30303} = 192.168.0.1,10.1.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\
Mozilla\Firefox\Profiles\yt3bandv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
aspx?ctid=CT2536667&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Castle Age Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT25
36667&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Moz
illa\Firefox\Profiles\yt3bandv.default\extensions\{aac4043a-8832-4abe-9963-35377
f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Moz
illa\Firefox\Profiles\yt3bandv.default\extensions\{aac4043a-8832-4abe-9963-35377
f30b8e6}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de progr
amas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ---FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.http.max-persistent-connections-per-server - 2
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
rowser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2009-07-15 15:58
Windows 5.0.2195 Service Pack 4 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializveis ocultas ...
Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3553.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3553.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}\Elevation]
"Enabled"=dword:00000001
}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10d.exe"
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC
}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,70,2f,41,69,c1,a4,68,59,a3,c4,57,e2,85,fe,ae,af,d6,43,fe,c8,
5f,93,fc,93,11,19,39,d4,4b,73,41,44,00,ca,1a,ab,25,ea,02,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8934b571-dc6d-4867-b217-c844abb403aa
}]
@Denied: (Full) (Everyone)
"Model"=dword:00000139
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,d6,04,1d,b4,39,89,68,01,8a,d8,00,b1,06,d8,ee,26,ec,db,9c,3d,f1,af,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41
D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execuo -------------------- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'explorer.exe'(248)
c:\winnt\AppPatch\AcLayers.DLL
.
Tempo para concluso: 2009-07-15 16:06 - Mquina reiniciou
ComboFix-quarantined-files.txt 2009-07-15 19:06
ComboFix2.txt 2009-07-12 12:09
Pr-execuo: 2.444.615.680 bytes disponveis
Ps execuo: 2.559.385.600 bytes disponveis
352

Combo Fix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 09-07-12.01 - Administrador 15/07/2009 15:24.2.

2010-06-19 07:48 . 2004-10-29 21:50

2010-02-13 01:37 . 2000-04-11 02:46

------- Sigcheck ------[-] 2007-11-16 22:49

[-] 2007-05-01 23:30

Procurando ficheiros/arquivos ocultos ...

You might also like