Untitled

ComboFix 10-03-19.06 - Administrador 20/03/2010   9:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.255.102 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT

.
((((((((((((((((   Arquivos/Ficheiros criados de 2010-02-20 to 2010-03-20  ))))))))))))))))))))))))))))
.

2010-03-20 00:32 . 2010-03-20 00:32     --------        d-----w-        c:\arquivos de programas\Trend Micro
2010-03-18 00:50 . 2009-12-21 19:07     594432  -c----w-        c:\windows\system32\dllcache\msfeeds.dll
2010-03-18 00:50 . 2009-12-21 19:07     1985536 -c----w-        c:\windows\system32\dllcache\iertutil.dll
2010-03-18 00:50 . 2009-12-21 19:07     246272  -c----w-        c:\windows\system32\dllcache\ieproxy.dll
2010-03-18 00:50 . 2009-12-21 19:07     55296   -c----w-        c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-18 00:50 . 2009-12-21 19:08     12800   -c----w-        c:\windows\system32\dllcache\xpshims.dll
2010-03-18 00:50 . 2009-12-21 19:07     11070464        -c----w-        c:\windows\system32\dllcache\ieframe.dll
2010-03-17 18:43 . 2010-03-18 19:57     --------        d-----w-        c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 00:28 . 2009-07-06 23:07     --------        d-----w-        c:\arquivos de programas\Puxa Rápido
2010-03-19 21:09 . 2006-06-05 16:03     --------        d-----w-        c:\arquivos de programas\Arquivos comuns\Symantec Shared
2010-03-19 21:09 . 2006-04-20 22:37     --------        d-----w-        c:\arquivos de programas\Spybot - Search & Destroy
2010-03-19 21:04 . 2006-06-07 16:38     --------        d-----w-        c:\arquivos de programas\Google
2010-03-19 20:16 . 2007-02-13 23:53     --------        d-----w-        c:\arquivos de programas\LimeWire
2010-03-19 20:14 . 2006-04-20 00:33     --------        d-----w-        c:\arquivos de programas\Arquivos comuns\Adobe
2010-03-19 20:13 . 2006-04-20 22:37     --------        d-----w-        c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2010-03-19 20:11 . 2006-04-20 00:31     --------        d-----w-        c:\arquivos de programas\ESET
2010-03-18 20:45 . 2009-09-16 15:46     --------        d-----w-        c:\arquivos de programas\Microsoft Silverlight
2010-03-18 01:57 . 2007-02-13 23:57     --------        d-----w-        c:\documents and settings\Administrador\Dados de aplicativos\LimeWire
2010-03-18 01:48 . 2006-05-12 00:26     --------        d-----w-        c:\documents and settings\Administrador\Dados de aplicativos\teamspeak2
2010-03-18 00:27 . 2001-10-28 17:07     80586   ----a-w-        c:\windows\system32\perfc016.dat
2010-03-18 00:27 . 2001-10-28 17:07     471090  ----a-w-        c:\windows\system32\perfh016.dat
2010-03-16 22:34 . 2007-02-15 00:18     --------        d-----w-        c:\arquivos de programas\Winamp
2010-03-16 22:00 . 2007-02-14 01:09     --------        d-----w-        c:\arquivos de programas\Windows Media Connect 2
2009-12-31 16:14 . 2004-08-04 02:14     352640  ----a-w-        c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-04 03:45     916480  ----a-w-        c:\windows\system32\wininet.dll
2007-08-29 20:07 . 2007-08-29 20:07     3099767 ----a-w-        c:\arquivos de programas\bf2007.exe
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50        155648  ----a-r-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM Startup"=c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"SMSERIAL"=sm56hlpr.exe
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
"snpstd3"=c:\windows\vsnpstd3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Navnt\\POProxy.exe"=
"c:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R3 npggsvc;nProtect GameGuard Service; [x]
R3 npkycryp;npkycryp; [x]
S2 NAV Auto-Protect;NAV Auto-Protect;c:\arquiv~1\Navnt\navapsvc.exe [1999-05-07 90112]

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-03-20 c:\windows\Tasks\GlaryInitialize.job
- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-12-19 12:21]

2002-01-01 c:\windows\Tasks\SmartDefrag.job
- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2002-01-01 17:30]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\g7o72m6b.default\
FF - prefs.js: browser.search.selectedEngine - Puxaki.com.br
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 09:19
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-842925246-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,a5,bc,bd,f8,a7,63,41,bd,77,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,a5,bc,bd,f8,a7,63,41,bd,77,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5b36680f-614c-486f-9963-f186612f5c0e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000096
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b7,8d,59,4d,bf,af,40,20,39,77,36,c7,76,33,43,9a,8c,96,65,76,a6,
   eb,66,3f,4c,e3,0f,89,89,64,d4,63,e8,cd,0c,84,86,ee,1a,c1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(400)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-03-20  09:28:22
ComboFix-quarantined-files.txt  2010-03-20 12:28

Pré-execução: 15 pasta(s) 12.410.040.320 bytes disponíveis
Pós execução: 19 pasta(s) 12.498.325.504 bytes disponíveis

- - End Of File - - CA634C9D5CD69AD21CF864E4CBC37EE9