Вы находитесь на странице: 1из 7

ComboFix 10-12-25.02 - Carlos e Lucia 26/12/2010 2:26.2.

1 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.55.1046.18.1013.340 [GMT -2
:00]
Executando de: c:\users\Carlos e Lucia\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - system32: deleted 4 bytes in 2 streams. [/i]
[i] ADS - drivers: deleted 308 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
c:\program files\cclenner\DV003.exe
c:\program files\cclenner\Ustvx.exe
c:\program files\cclenner\webcamss.exe
c:\program files\Windows Media Player\Silkscrenn.ini
c:\program files\Windows Media Player\Silkscrenn30.ini
c:\program files\Windows Media Player\skin2.ini
C:\readme.txt
c:\users\Carlos e Lucia\xf-a2010.exe
c:\windows\system32\drivesom.exe
c:\windows\System32\msystem\services.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-26 to 2010-12-26 )))))
)))))))))))))))))))))))
.
2010-12-26 04:39 . 2010-12-26 04:41 -------- d-----w- c:\users
\Carlos e Lucia\AppData\Local\temp
2010-12-26 04:39 . 2010-12-26 04:39 -------- d-----w- c:\users
\Public\AppData\Local\temp
2010-12-26 04:39 . 2010-12-26 04:39 -------- d-----w- c:\users
\Default\AppData\Local\temp
2010-12-24 16:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\M
icrosoft\Windows Defender\Definition Updates\{01D58BAD-0485-4AFE-8F01-B637E71B5A
4F}\mpengine.dll
2010-12-23 19:42 . 2010-12-23 19:42 -------- d--h--w- c:\progr
amdata\CanonIJSolutionMenu
2010-12-23 19:42 . 2010-12-23 19:42 -------- d--h--w- c:\progr
amdata\CanonIJMyPrinter
2010-12-23 19:42 . 2010-12-24 02:17 -------- d-----w- c:\progr
amdata\CanonIJPLM
2010-12-23 18:59 . 2010-12-23 18:59 -------- d--h--w- c:\progr
amdata\CanonIJEGV
2010-12-23 18:33 . 2010-12-23 18:33 -------- d-----w- c:\progr
am files\Common Files\CANON
2010-12-23 18:29 . 2010-02-04 07:00 70656 ----a-w- c:\windows\syste
m32\Spool\prtprocs\w32x86\CNMPP9W.DLL
2010-12-23 18:29 . 2010-02-04 07:00 27648 ----a-w- c:\windows\syste
m32\Spool\prtprocs\w32x86\CNMPD9W.DLL
2010-12-23 18:29 . 2010-12-23 18:29 -------- d--h--w- c:\windo
ws\system32\CanonIJ Uninstaller Information
2010-12-23 18:28 . 2009-04-03 18:00 1310720 ----a-w- c:\windows\syste
m32\CNC250C.dll
2010-12-23 18:28 . 2009-04-03 17:59 110592 ----a-w- c:\windows\syste
m32\CNC250I.dll
2010-12-23 18:28 . 2009-04-03 17:57 106496 ----a-w- c:\windows\syste
m32\CNC250U.dll
2010-12-23 18:28 . 2009-03-11 13:34 303104 ----a-w- c:\windows\syste
m32\CNC250L.dll
2010-12-23 18:28 . 2008-08-25 20:02 15872 ----a-w- c:\windows\syste
m32\CNHMCA.dll
2010-12-23 18:27 . 2010-02-04 07:00 272384 ----a-w- c:\windows\syste
m32\CNMLM9W.DLL
2010-12-23 18:26 . 2009-02-04 12:17 90112 ----a-w- c:\windows\syste
m32\CNC250O.dll
2010-12-23 18:26 . 2009-03-18 08:09 178176 ----a-w- c:\windows\syste
m32\CNMIU9W.DLL
2010-12-23 18:26 . 2010-12-23 18:26 -------- d--h--w- c:\progr
am files\CanonBJ
2010-12-18 11:11 . 2010-12-18 11:12 -------- d-----w- c:\progr
am files\CCleaner
2010-12-17 09:33 . 2010-10-28 13:20 2048 ----a-w- c:\windows\syste
m32\tzres.dll
2010-12-17 09:30 . 2010-10-18 13:37 81920 ----a-w- c:\windows\syste
m32\consent.exe
2010-12-17 09:29 . 2010-10-28 15:44 34304 ----a-w- c:\windows\syste
m32\atmlib.dll
2010-12-17 09:29 . 2010-10-28 13:27 292352 ----a-w- c:\windows\syste
m32\atmfd.dll
2010-12-17 09:29 . 2010-06-16 15:30 72704 ----a-w- c:\windows\syste
m32\fontsub.dll
2010-12-17 09:29 . 2010-11-03 10:51 2409784 ----a-w- c:\program files
\Windows Mail\OESpamFilter.dat
2010-12-10 14:59 . 2010-12-10 14:59 -------- d-----w- c:\users
\Carlos e Lucia\AppData\Roaming\Canon
2010-12-05 01:07 . 2010-12-05 08:10 -------- d-----w- c:\progr
am files\e-bit plugin
2010-12-02 02:23 . 2010-12-02 02:23 -------- d-----w- c:\users
\Carlos e Lucia\AppData\Local\Windows Live Writer
2010-12-02 02:23 . 2010-12-02 02:23 -------- d-----w- c:\users
\Carlos e Lucia\AppData\Roaming\Windows Live Writer
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-11-03 14:36 . 2010-04-08 01:29 45128 ----a-w- c:\windows\syste
m32\drivers\GbpKm.sys
2010-10-19 12:41 . 2009-11-27 09:56 222080 ------w- c:\windows\syste
m32\MpSigStub.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskTo
olbar.dll" [2010-10-11 1244040]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD7FA18DBF
33}]
2006-11-06 18:29 1823744 ----a-w- c:\progra~1\NexusBar\nexusbar.dl
l
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D81274
40}]
2010-10-11 18:12 1244040 ----a-w- c:\program files\Ask.com\Generic
AskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4c23ca5-ed6c-4376-80ad-62f9161a72
86}]
2010-05-19 12:05 2393184 ----a-w- c:\program files\Online_Radio_Br
azil\tbOnl1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C0FF-FD7FA18DBF33}"= "c:\progra~1\NexusBar\nexusbar.dll" [2
006-11-06 1823744]
"{f4c23ca5-ed6c-4376-80ad-62f9161a7286}"= "c:\program files\Online_Radio_Brazil\
tbOnl1.dll" [2010-05-19 2393184]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
olbar.dll" [2010-10-11 1244040]
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7fa18dbf33}]
[HKEY_CLASSES_ROOT\nexusbar.NEXUSBAR]
[HKEY_CLASSES_ROOT\clsid\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4E7BD74F-2B8D-469E-C0FF-FD7FA18DBF33}"= "c:\progra~1\NexusBar\nexusbar.dll" [2
006-11-06 1823744]
"{F4C23CA5-ED6C-4376-80AD-62F9161A7286}"= "c:\program files\Online_Radio_Brazil\
tbOnl1.dll" [2010-05-19 2393184]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
olbar.dll" [2010-10-11 1244040]
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7fa18dbf33}]
[HKEY_CLASSES_ROOT\nexusbar.NEXUSBAR]
[HKEY_CLASSES_ROOT\clsid\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240
760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAcc
elerator.exe" [2010-03-06 1590888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ServicioSpeedy"="c:\program files\Telefonica\Speedy\SATCfgApp.exe" [2004-11-15
45056]
"trioService"="c:\program files\3D-Relax\Living Marine Aquarium 2.0 trial\trioSe
rvice.exe" [2005-12-23 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2008-10-25 31072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [200
6-12-11 49152]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08
49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregPor\Ereg.exe" [2003
-07-07 729088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-
21 932288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983
816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-
04 767312]
c:\users\Carlos e Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\St
artup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Off
ice\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra0
8.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2
010-10-11 341928]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dl
l" [2010-11-03 335304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginCef]
2010-11-03 14:34 335304 ----a-w- c:\program files\GbPlugin\gbiehc
ef.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginUni]
2010-10-11 15:51 341928 ------w- c:\progra~1\GbPlugin\gbiehUni.dl
l
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Softw
are Update]
2006-12-11 00:52 49152 ----a-w- c:\program files\HP\HP Software
Update\hpwuSchd2.exe
R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sy
s [2009-12-19 240128]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [2010-01-29 135664]
R2 HIDKbFlt;Dritek USB Keyboard Filter;c:\windows\system32\DRIVERS\HIDKbFlt.SYS
[x]
R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]
R2 TimerStop;TimerStop;c:\windows\system32\timerstop.sys [2007-01-02 3584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcc
eleratorService.exe [2010-03-06 300656]
R3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-02-1
6 144768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Window
s Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-11-03 45128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\
ApplicationUpdater.exe [2009-12-16 375296]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-11-03 58056]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 50308
0]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\window
s\system32\DRIVERS\l260x86.sys [2007-06-12 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
LPDService REG_MULTI_SZ LPDSVC
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 01:18]
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 01:18]
2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{4E71628F-E6C8-4EAA-BA5A-4
A4F3B395055}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.ig.com.br/
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=C783DE700
1CB748D02C63C91&src_id=11379&camp_id=1211&tb_version=2.5.15000.521
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3
000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resou
rce.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resour
ce.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC
_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_P
rint.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
ToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Trusted Zone: carrefour.com.br\www
TCP: {F4283E6E-E876-47A4-96E0-7441E453A98D} = 200.221.11.100,200.221.11.101
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {1F831FAD-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD
%202002%20Brs/InstFred.ocx
DPF: {AE56372D-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD
%202002%20Brs/InstBanr.ocx
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylo
mgamesplayer.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.
br/GbPlugin/cab/GbPluginUni.cab
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-msservices - c:\windows\System32\msystem\services.exe
HKLM-Run-Modulo_Ad_Autorizador - c:\program files\cclenner\DV003.exe
HKLM-Run-Modulo_administrativo - c:\program files\cclenner\webcamss.exe
HKLM-Run-Modulo_Ad_bne - c:\program files\cclenner\Ustvx.exe
HKLM-Run-msservices - c:\windows\System32\msystem\services.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-12-26 02:40
Windows 6.0.6002 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
.net
Windows 6.0.6002
CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'lsass.exe'(596)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
c:\program files\Scpad\scpLIB.dll
c:\program files\Scpad\scpMIB.dll
.
Tempo para conclusão: 2010-12-26 02:46:20
ComboFix-quarantined-files.txt 2010-12-26 04:46
Pré-execução: 35.127.812.096 bytes disponíveis
Pós execução: 35.162.451.968 bytes disponíveis
- - End Of File - - 3FD81DF74CDF9CFD97C5240725C516B2