Remoção de programas indesejados

ComboFix 10-06-29.04 - CASA 30/06/2010 16:46:38.1.
2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1529 [GMT -3:
00]
Executando de: c:\documents and settings\CASA\Meus documentos\Downloads\ComboFix
.exe
AV: avast! antivirus 4.8.1368 [VPS 100305-0] *On-access scanning disabled* (Outd
ated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
[i] ADS - drivers: deleted 204 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
c:\arquivos de programas\FunWebProducts
c:\arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\arquivos de programas\MyWebSearch
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3DTactl.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3HTml.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3MSg.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\arquivos de programas\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\arquivos de programas\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Cache\006062BE
c:\arquivos de programas\MyWebSearch\bar\Cache\09E710CE.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\09E71255.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\09E714C6.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\09E7166C.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\files.ini
c:\arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S
c:\arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S
c:\arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S
c:\arquivos de programas\MyWebSearch\bar\History\search3
c:\arquivos de programas\MyWebSearch\bar\icons\CM.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\MFC.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\PSS.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\WB.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO
c:\arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S
c:\arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm
c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat
c:\arquivos de programas\MyWebSearch\bar\Settings\setting2.htm
c:\arquivos de programas\MyWebSearch\bar\Settings\settings.dat
c:\documents and settings\CASA\Dados de aplicativos\Desktopicon
c:\documents and settings\CASA\Dados de aplicativos\Desktopicon\eBayShortcuts.ex
e
c:\documents and settings\CASA\Dados de aplicativos\Desktopicon\mc.ico
c:\documents and settings\CASA\Dados de aplicativos\inst.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Slypoa.exe
c:\windows\Slypob.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\sshnas21.dll
c:\windows\system32\vbzlib1.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))
))))))))))))))))))))))))))))
.
-------\Legacy_ATAPIDRV
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_AtapiDrv
-------\Service_MyWebSearchService
-------\Service_SSHNAS
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-30 )))))
)))))))))))))))))))))))
.
2010-06-30 18:51 . 2010-06-30 18:51 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\Malwarebytes
2010-06-30 18:51 . 2010-04-29 18:39 38224 ----a-w- c:\windows\syste
m32\drivers\mbamswissarmy.sys
2010-06-30 18:51 . 2010-06-30 18:51 -------- d-----w- c:\arqui
vos de programas\Malwarebytes' Anti-Malware
2010-06-30 18:51 . 2010-06-30 18:51 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Malwarebytes
m32\drivers\mbam.sys
2010-06-30 15:17 . 2010-06-30 15:17 -------- d-----w- C:\MSNCl
eaner
2010-06-25 20:47 . 2010-06-10 14:07 -------- d-----w- c:\docum
ents and settings\CASA\Kitserver2010
m32\NCTAudioPlayer2.dll
m32\NCTWMAFile2.dll
m32\NCTAudioFile2.dll
2010-06-24 20:12 . 2010-06-24 20:12 -------- d-----w- c:\arqui
vos de programas\Free MP3 WMA WAV Converter
2010-06-24 19:54 . 2010-06-24 19:54 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Java
m32\deployJava1.dll
2010-06-24 03:06 . 2010-06-24 03:06 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Common Share
m32\devil.dll
m32\avisynth.dll
m32\gdiplus.dll
2010-06-24 02:59 . 2010-06-24 02:59 -------- d-----w- c:\arqui
vos de programas\OJOsoft
2010-06-24 01:48 . 2010-06-24 02:43 -------- d-----w- c:\arqui
vos de programas\WinMPG VideoConvert
2010-06-16 19:05 . 2010-06-16 19:44 -------- d-----w- c:\arqui
vos de programas\F.E.A.R. 2
2010-06-08 18:52 . 2010-05-06 10:34 743424 -c----w- c:\windows\syste
m32\dllcache\iedvtool.dll
m32\SER9PL.sys
2010-06-06 16:06 . 2010-06-06 16:06 5 ---ha-w- c:\windows\syste
m32\AVDX.dat
2010-06-05 16:32 . 2010-06-05 16:32 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe
2010-06-05 16:25 . 2010-06-05 16:25 -------- d-----w- c:\arqui
vos de programas\Adobe Media Player
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-06-30 23:17 . 2009-09-05 22:31 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\uTorrent
m32\d3d9caps.dat
2010-06-30 01:45 . 2009-09-05 22:32 -------- d-----w- c:\arqui
vos de programas\uTorrent
2010-06-30 01:42 . 2009-09-07 05:18 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-06-28 01:02 . 2009-09-15 19:06 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\LimeWire
2010-06-25 18:04 . 2009-12-03 18:17 -------- d-----w- c:\arqui
vos de programas\Sony
2010-06-25 02:35 . 2009-12-03 18:31 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\Sony
2010-06-25 02:28 . 2009-11-15 19:12 -------- d---a-w- c:\docum
ents and settings\All Users\Dados de aplicativos\TEMP
2010-06-24 20:37 . 2009-09-10 03:01 -------- d-----w- c:\arqui
vos de programas\Windows Live Safety Center
2010-06-24 19:54 . 2009-09-10 01:19 -------- d-----w- c:\arqui
vos de programas\Java
m32\perfc016.dat
m32\perfh016.dat
2010-06-24 02:27 . 2010-03-15 02:31 -------- d-----w- c:\arqui
vos de programas\WinAVI Video Converter
2010-06-23 19:54 . 2010-01-28 05:01 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Symantec Shared
2010-06-20 08:35 . 2009-09-06 02:19 -------- d-----w- c:\arqui
vos de programas\Messenger Plus! Live
2010-06-16 19:41 . 2010-05-31 03:21 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Akamai
2010-06-16 15:11 . 2010-01-10 16:06 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\GbPlugin
2010-06-16 15:11 . 2010-01-10 16:06 -------- d-----w- c:\arqui
vos de programas\GbPlugin
2010-06-09 02:23 . 2009-09-10 01:47 -------- d-----w- c:\arqui
vos de programas\Intelitek
2010-06-09 02:23 . 2009-09-05 15:08 -------- d--h--w- c:\arqui
vos de programas\InstallShield Installation Information
2010-06-06 17:12 . 2009-11-26 23:18 -------- d-----w- c:\arqui
vos de programas\Microsoft.NET
2010-06-06 17:12 . 2009-11-16 06:13 -------- d-----w- c:\arqui
vos de programas\Microsoft Visual Studio 8
2010-06-06 04:28 . 2009-09-06 03:08 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\Windows Desktop Search
2010-06-06 04:28 . 2009-09-06 03:08 -------- d-----w- c:\arqui
vos de programas\Windows Desktop Search
2010-06-06 04:21 . 2010-05-31 16:38 -------- d-----w- c:\arqui
vos de programas\Autodesk
2010-06-06 02:22 . 2009-11-26 21:46 -------- d-----w- c:\arqui
vos de programas\VS Revo Group
2010-06-06 00:25 . 2010-05-31 09:23 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Autodesk
2010-06-06 00:25 . 2010-05-31 16:38 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Autodesk Shared
2010-06-05 16:26 . 2009-09-06 14:45 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Adobe
2010-06-04 15:48 . 2009-09-06 03:08 -------- d-----w- c:\arqui
vos de programas\Microsoft Silverlight
2010-05-31 17:26 . 2010-05-31 09:23 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\Autodesk
2010-05-31 17:21 . 2009-09-09 13:21 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\FLEXnet
2010-05-31 02:36 . 2010-05-31 02:16 -------- d-----w- c:\arqui
vos de programas\MagicISO
2010-05-28 19:45 . 2009-11-22 23:44 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\Adobe AIR
m32\drivers\gbpkm.sys
2010-05-23 18:22 . 2009-12-22 23:54 -------- d-----w- c:\arqui
vos de programas\Counter Strike Source
2010-05-13 22:14 . 2009-09-10 01:48 -------- d-----w- c:\docum
ents and settings\CASA\Dados de aplicativos\Intelitek
2010-05-12 21:01 . 2010-05-12 21:01 -------- d-----w- c:\arqui
vos de programas\Norton Security Scan
2010-05-12 21:01 . 2010-01-28 02:31 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Norton
2010-05-12 21:01 . 2010-01-28 02:31 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\NortonInstaller
2010-05-11 00:25 . 2009-09-06 00:35 -------- d-----w- c:\arqui
vos de programas\Google
2010-05-09 14:22 . 2010-05-09 14:22 -------- d-----w- c:\arqui
vos de programas\Climatempo Widget
m32\wininet.dll
m32\win32k.sys
m32\atmfd.dll
2009-09-24 02:52 . 2009-09-24 02:52 23605 ----a-w- c:\arquivos de p
rogramas\sbl220704.LOG
2000-07-06 13:58 . 2009-09-24 02:25 83536 ----a-w- c:\arquivos de p
rogramas\Uninstal.EXE
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de p
rogramas\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de p
rogramas\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07
-26 3883840]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-06-29 325424]
"Google Update"="c:\documents and settings\CASA\Configurações locais\Dados de aplica
tivos\Google\Update\GoogleUpdate.exe" [2009-11-04 135664]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\
Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifi
er.exe" [2009-09-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\Goog
leQuickSearchBox.exe" [2009-09-06 122368]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4Serv
iceManager\CS4ServiceManager.exe" [2009-11-11 611712]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2
008-12-02 2221352]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-09-05 417
792]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2
008-05-02 15872]
"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13
1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-09-11 18717696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"XboxStat"="c:\arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe
" [2007-09-27 734264]
"BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2009-
02-27 278016]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\
jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\
Reader_sl.exe" [2010-04-04 36272]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.e
xe" [2009-04-08 570664]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp
\UWA\UpdaterStartupUtility.exe" [2010-06-05 500208]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\Switch
Board.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5Serv
iceManager\CS5ServiceManager.exe" [2010-02-22 406992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\CASA\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstar
t.exe [2009-8-18 384000]
Styler.lnk - c:\documents and settings\CASA\Dados de aplicativos\Microsoft\Insta
ller\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-1-20 15086]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSear
ch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desk
top Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginBb]
2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugi
n\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\
Reader_sl.exe"
"SMSERIAL"=sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4Servic
eManager.exe"=
"c:\\Documents and Settings\\CASA\\Dados de aplicativos\\PowerChallenge\\PowerSo
ccer\\PowerSoccer.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\CASA\\Desktop\\Jogos\\PES2010\\Crack\\pes2010.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Documents and Settings\\CASA\\Desktop\\Jogos\\Cod5\\Call of Duty - World at
War\\CoDWaW.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3881:TCP"= 3881:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [
7/1/2009 22:39 20744]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [10/1/2010 13:07 4
5472]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/9/2009
18:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/9/2009 18:50 20
560]
R2 BsMobileCS;BsMobileCS;c:\arquivos de programas\IVT Corporation\BlueSoleil\BsM
obileCS.exe [27/2/2009 15:40 143467]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [10/1/2010 13:07 55072]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [
7/12/2008 11:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [
2/7/2008 13:58 26248]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23/3/2007 01:00 30
032]
S2 Fix8;Fix8 Live Cam, WDM Video Capture;c:\windows\system32\drivers\Fix8v2.sys
[16/11/2009 02:30 257936]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Updat
e\GoogleUpdate.exe [12/2/2010 13:07 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/9/2009 16:05 1684
736]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\dri
vers\motfilt.sys [23/9/2009 23:04 6016]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [24/9/
2009 19:46 17376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers
\Motousbnet.sys [23/9/2009 23:04 23296]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\Switch
Board\SwitchBoard.exe [19/2/2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/9/2009 04:07 691696]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-HOME-CASA.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuput
ility.exe [2010-06-05 16:18]
2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30
15:34]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-12 16:07]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-12 16:07]
2010-06-30 c:\windows\Tasks\Norton Security Scan for CASA.job
- c:\arquivos de programas\Norton Security Scan\Norton Security Scan\Engine\2.7.
3.34\Nss.exe [2010-05-12 08:58]
2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{8C59F7BA-8888-465F-AB63-5
6A1DD1F2C1D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3
000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Componen
t\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send by Bluetooth - c:\arquivos de programas\IVT Corporation\BlueSoleil\Tran
sSend\IE\tsinfo.htm
IE: Send via &Message... - c:\arquivos de programas\IVT Corporation\BlueSoleil\T
ransSend\IE\tssms.htm
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com.br/s/v
/56.20/uploader2.cab
FF - ProfilePath - c:\documents and settings\CASA\Dados de aplicativos\Mozilla\F
irefox\Profiles\4qhi17l1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - component: c:\documents and settings\CASA\Dados de aplicativos\Mozilla\Fire
fox\Profiles\4qhi17l1.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\
components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8
.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDFusionWebFirefo
x.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\arquivos de programas\Total Immersion\DFusionHomeWebPlugIn\NPDFu
sionWebFirefox.dll
FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\arquivos de programas\Veetle\Player\npvlc.dll
FF - plugin: c:\arquivos de programas\Veetle\plugins\npVeetle.dll
FF - plugin: c:\browserplusplugins\f445f33ec50f08c4fae1c9b6330da263\npybrowserpl
us_2.7.0.dll
FF - plugin: c:\docume~1\CASA\DADOSD~1\POWERC~1\nppowerloader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_c
olors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whi
telist.lu", true);
telist.nu", true);
telist.nz", true);
telist.xn--mgberp4a5d4ar", true);
telist.xn--p1ai", true);
telist.xn--mgbayh7gpa", true);
telist.tel", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.fo
rce-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.t
ype", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins
.timeoutSecs", 45);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enable
d", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.e
nabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("secu
rity.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true
);
rity.ssl.renego_unrestricted_hosts", "");
rity.ssl.treat_unsafe_negotiation_as_broken", false);
rity.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
rowser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extens
ions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/brow
ser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extens
ions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/loca
le/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugin
s.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ip
c.plugins.enabled.nptest.dll", true);
c.plugins.enabled.npswf32.dll", true);
c.plugins.enabled.npctrl.dll", true);
c.plugins.enabled.npqtplugin.dll", true);
c.plugins.enabled", false);
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-MyWebSearch Plugin - c:\arquiv~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-GrooveMonitor - c:\arquivos de programas\Microsoft Office\Office12\Groo
veMonitor.exe
SafeBoot-AtapiDrv.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-06-30 20:15
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX
.exe,-101"
}\Elevation]
"Enabled"=dword:00000001
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(920)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.
dll
- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\WININET.dll
c:\arquivos de programas\Unlocker\UnlockerHook.dll
c:\arquivos de programas\Styler\StylerHelper.dll
c:\arquivos de programas\Windows Desktop Search\deskbar.dll
c:\arquivos de programas\Windows Desktop Search\pt-br\dbres.dll.mui
c:\arquivos de programas\Windows Desktop Search\dbres.dll
c:\arquivos de programas\Windows Desktop Search\wordwheel.dll
c:\arquivos de programas\Windows Desktop Search\pt-br\msnlExtRes.dll.mui
c:\arquivos de programas\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMo
bileDeviceService.exe
c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.e
xe
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\BrOffice.org 3\program\soffice.exe
c:\arquivos de programas\Styler\Styler.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.bin
c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-06-30 20:23:52 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-06-30 23:23
Pré-execução: 3.001.237.504 bytes disponíveis
Pós execução: 2.582.454.272 bytes disponíveis
- - End Of File - - 4E35467E73FE9A0036C8F1A8EC75ABF7

Remoção de programas indesejados

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Remoção de programas indesejados

Enviado por

Direitos autorais:

Formatos disponíveis

ComboFix 10-06-29.04 - CASA 30/06/2010 16:46:38.1.

Você também pode gostar