Você está na página 1de 6

ComboFix 10-10-27.09 - leonilia 28/10/2010 11:56:25.2.

2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.893.385 [GMT -2:00
]
Executando de: c:\downloads\Software\ComboFix.exe
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
[i] ADS - drivers: deleted 208 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\Desktopi
con
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\Desktopi
con\config.ini
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\Desktopi
con\eBayShortcuts.exe
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\Desktopi
con\mc.ico
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\1.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\a.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\b.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\c.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\d.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\e.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\f.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\g.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\h.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\i.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\J.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\k.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\l.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\m.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\mru.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\n.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\o.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\p.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\q.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\r.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\s.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\t.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\u.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\v.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\w.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\x.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\y.xml
c:\documents and settings\leonilia.AB-D627DC188D03\Dados de aplicativos\PriceGon
g\Data\z.xml
C:\Thumbs.db
c:\windows\didulist
c:\windows\ocxlist
c:\windows\ocxlist\arq.exe
c:\windows\ocxlist\GbPlugin.exe
c:\windows\svchost
c:\windows\Web\webdc
c:\windows\Web\webhp
c:\windows\Web\webpf
c:\windows\Web\webpt
c:\windows\Web\webxs
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-28 to 2010-10-28 )))))
)))))))))))))))))))))))
.
2010-10-11 00:05 . 2010-08-05 11:46 37336 ----a-w- c:\windows\syste
m32\CleanMFT32.exe
2010-10-11 00:05 . 2008-04-02 18:54 1101824 ----a-w- c:\windows\syste
m32\UniBox210.ocx
2010-10-11 00:05 . 2008-04-02 18:53 212992 ----a-w- c:\windows\syste
m32\UniBoxVB12.ocx
2010-10-11 00:05 . 2008-04-02 18:53 880640 ----a-w- c:\windows\syste
m32\UniBox10.ocx
2010-10-11 00:04 . 2010-10-11 00:04 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\PC Tools
2010-10-11 00:04 . 2010-10-11 00:08 -------- d---a-w- c:\docum
ents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP
2010-10-10 23:52 . 2010-10-10 23:52 -------- d-----w- C:\Sarai
va
2010-10-10 23:29 . 2010-10-10 23:29 -------- d-----w- c:\docum
ents and settings\leonilia.AB-D627DC188D03\Configurações locais\Dados de aplicativos
\Conduit
2010-10-10 23:29 . 2010-10-10 23:29 -------- d-----w- c:\arqui
vos de programas\Conduit
2010-10-10 23:29 . 2010-10-10 23:33 -------- d-----w- c:\docum
ents and settings\leonilia.AB-D627DC188D03\Configurações locais\Dados de aplicativos
\Softonic_Brasil
2010-10-10 23:29 . 2010-10-10 23:34 -------- d-----w- c:\arqui
vos de programas\Softonic_Brasil
2010-10-10 23:28 . 2010-10-10 23:28 -------- d-----w- C:\ABSVD
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-09-21 17:21 . 2009-09-28 15:25 45128 ----a-w- c:\windows\syste
m32\drivers\GbpKm.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Bra
sil\tbSof1.dll" [2010-10-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cb
a5}]
2010-10-10 23:35 2735200 ----a-w- c:\arquivos de programas\Softoni
c_Brasil\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Bra
sil\tbSof1.dll" [2010-10-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Bra
sil\tbSof1.dll" [2010-10-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arq
uivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07
-26 3883840]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe"
[2010-04-29 3727411]
"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2
010-04-23 2285637]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2007-04-10 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22
630784]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-08-08 7
61946]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-09-05 45056]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2006-08-04 73728]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [20
03-10-23 233472]
"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Updat
e\HPWuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
[2006-01-13 176128]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.e
xe" [2007-03-01 153136]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2
007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\
Reader_sl.exe" [2008-06-12 34672]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-03 536576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2005-06-01 15360]
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\
HotKeyDriver.lnk - c:\arquivos de programas\HotKey_Driver\HotKeyDriver.exe [2007
-8-21 3596288]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin
\hpqtra08.exe [2007-1-2 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbi
ehcef.dll" [2010-09-21 333768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginCef]
2010-09-21 17:17 333768 ----a-w- c:\arquivos de programas\GbPlugi
n\gbiehcef.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [28/9/2009 13:25 4
5128]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [28/9/2009 13:25 54728]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\arquivo
s de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe [10/10/2010 22:
04 583640]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\wi
ndows\system32\drivers\RTL8187.sys [27/12/2007 13:10 180480]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\syste
m32\Drivers\SSPORT.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys
[24/9/2009 17:34 102656]
--- =Outros Serviços/Drivers Na Memória ---
*Deregistered* - avast! Antivirus
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Do
wnload Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Fr
ee Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Fre
e Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de prog
ramas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3
000
TCP: {702B8681-AB9D-4063-AC28-83390BE67CD1} = 20.0.0.1
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gb
pdist.cab
FF - ProfilePath - c:\documents and settings\leonilia.AB-D627DC188D03\Dados de a
plicativos\Mozilla\Firefox\Profiles\d4f8kpmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1
&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId
=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension
\components\vmsfdmff.dll
FF - component: c:\documents and settings\leonilia.AB-D627DC188D03\Dados de apli
cativos\Mozilla\Firefox\Profiles\d4f8kpmj.default\extensions\{12fc3d37-2a42-4fe3
-8489-81296878cba5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\leonilia.AB-D627DC188D03\Dados de apli
cativos\Mozilla\Firefox\Profiles\d4f8kpmj.default\extensions\{12fc3d37-2a42-4fe3
-8489-81296878cba5}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
rowser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-fsm - (no file)
ActiveSetup-{990B770D-62AE-5421-DA6D-16033B76258C} - c:\windows\system32\ssmicrc
o.scr

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-10-28 12:02
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData
\LocalSystem\Components\Ø |ÿÿÿÿ |ù 6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(848)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
Tempo para conclusão: 2010-10-28 12:04:58
ComboFix-quarantined-files.txt 2010-10-28 14:04
Pré-execução: 18 pasta(s) 27.557.376.000 bytes disponíveis
Pós execução: 21 pasta(s) 28.145.311.744 bytes disponíveis
- - End Of File - - 3FDE635A53E677B280EA9C1E7E27CA78