Dear friends,

I´ve just checked the topic "[Resolved] Bancos IPA alias Trojan-Spy.Win32.Banker.gka [Kaspersk" at(http://forums.whatthetech.com/Bancos_IPA_alias_Trojan_Spy_Win32_Banker_gka_Kaspersk_t93875.html) and I got the very same problem.

I´ve followed the proposed actions:

1. Cleared "Hide protected operating system files."
2. Downloaded and executed ATF Cleaner (Under Main choose: Select All / Clicked the Empty Selected button).
3. Downloaded and executed combofix (I did not have it at my pc, so i just downloaded at Desktop and double clicked to execute it)

I noticed that a file "CFScript.txt" was created by LDTate, that was draged to combofix.exe.

Could you please generate the CFScript txt for me? Above, the combifix.txt content:

(I would like to thank you in advance for your help!!! )

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 09-06-19.01 - adriano 20/06/2009 12:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.3573.2121 [GMT -3:00]
Executando de: c:\users\adriano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2869144217-1070373754-383600519-500
c:\$recycle.bin\S-1-5-21-2869144217-1070373754-383600519-500\desktop.ini
c:\users\adriano\AppData\Local\Temp\install_flash_player.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))
.

2009-06-20 16:02 . 2009-06-20 16:02 -------- d-----w- c:\users\kelen\AppData\Local\temp
2009-06-20 16:02 . 2009-06-20 16:02 -------- d-----w- c:\users\flavia\AppData\Local\temp
2009-06-19 05:00 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-19 05:00 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-19 05:00 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-19 04:59 . 2009-06-19 05:00 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-19 04:59 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-19 04:59 . 2009-06-20 00:37 -------- d-----w- c:\program files\Spyware Doctor
2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\users\kelen\AppData\Roaming\PC Tools
2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\programdata\PC Tools
2009-06-19 04:45 . 2009-06-19 04:45 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE034.tmp.exe
2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Norton Security Scan
2009-06-19 04:35 . 2009-06-19 04:57 -------- d-----w- c:\programdata\Google Updater
2009-06-19 04:08 . 2009-06-19 04:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 04:08 . 2009-06-19 04:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-19 03:48 . 2009-06-19 03:48 -------- d-----w- c:\users\kelen\AppData\Roaming\Roxio
2009-06-12 22:03 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 22:03 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-12 03:47 . 2009-06-12 03:47 -------- d-----w- c:\program files\UndeleteMyFiles
2009-06-11 01:30 . 2009-06-11 01:30 -------- d-----w- c:\users\kelen\AppData\Local\Mozilla
2009-06-11 00:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-05 03:17 . 2009-06-05 03:17 -------- d-----w- c:\program files\MSECache
2009-06-03 15:26 . 2009-06-03 15:26 24390976 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe
2009-06-03 15:26 . 2009-06-03 15:26 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-03 15:26 . 2009-06-03 15:26 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-03 15:26 . 2009-06-03 15:26 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-02 19:34 . 2009-06-18 17:19 -------- d-----w- c:\users\flavia\Tracing
2009-06-01 02:09 . 2009-06-01 02:09 262144 ----a-w- C:\ntuser.dat
2009-06-01 02:09 . 2009-06-01 02:09 -------- d-----w- c:\programdata\Yahoo!
2009-06-01 01:55 . 2009-06-01 01:55 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-01 01:55 . 2009-06-01 01:58 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-05-30 05:41 . 2009-05-30 05:41 -------- d-----w- c:\users\adriano\AppData\Local\Mozilla
2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Roaming\Flickr
2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Local\Flickr
2009-05-28 02:03 . 2009-05-28 02:03 -------- d-----w- c:\program files\Flickr Uploadr
2009-05-21 18:54 . 2009-06-06 05:19 -------- d-----w- c:\users\adriano\AppData\Local\WinZip
2009-05-21 18:53 . 2009-05-21 18:54 -------- d-----w- c:\programdata\WinZip

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 15:55 . 2009-02-18 01:05 -------- d-----w- c:\users\adriano\AppData\Roaming\DNA
2009-06-20 15:31 . 2008-01-21 05:26 634222 ----a-w- c:\windows\system32\prfh0416.dat
2009-06-20 15:31 . 2008-01-21 05:26 121888 ----a-w- c:\windows\system32\prfc0416.dat
2009-06-20 02:38 . 2008-12-19 15:46 1660 ----a-w- c:\windows\bthservsdp.dat
2009-06-16 01:50 . 2008-12-26 00:01 -------- d-----w- c:\users\adriano\AppData\Roaming\Skype
2009-06-16 01:38 . 2008-12-26 00:02 -------- d-----w- c:\users\adriano\AppData\Roaming\skypePM
2009-06-12 22:05 . 2009-01-01 23:01 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 21:44 . 2008-12-19 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 02:59 . 2009-02-18 01:06 -------- d-----w- c:\users\adriano\AppData\Roaming\BitTorrent
2009-06-11 02:21 . 2008-12-19 18:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 23:35 . 2008-12-26 02:10 -------- d-----w- c:\users\kelen\AppData\Roaming\Yahoo!
2009-06-08 17:57 . 2009-06-08 17:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-07 15:45 . 2009-01-15 22:18 -------- d-----w- c:\program files\DivX
2009-06-07 15:44 . 2009-04-15 02:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 15:30 . 2009-01-20 00:38 -------- d-----w- c:\programdata\Installations
2009-06-03 15:28 . 2009-01-20 00:39 -------- d-----w- c:\program files\Nokia
2009-06-03 15:27 . 2009-01-20 01:04 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 13:51 . 2008-12-26 00:32 -------- d-----w- c:\users\adriano\AppData\Roaming\Yahoo!
2009-06-02 19:40 . 2009-01-05 12:29 -------- d-----w- c:\users\flavia\AppData\Roaming\Yahoo!
2009-06-02 19:33 . 2008-12-29 21:41 101856 ----a-w- c:\users\flavia\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 02:09 . 2008-12-25 16:22 -------- d-----w- c:\program files\Yahoo!
2009-06-01 02:09 . 2008-12-26 00:32 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-15 02:02 . 2009-05-15 02:02 -------- d-----w- c:\program files\Unity
2009-05-14 23:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-11 00:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 00:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-09 02:09 . 2009-02-09 01:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 02:09 . 2009-02-09 01:07 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 02:09 . 2009-02-09 01:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 02:09 . 2009-02-09 01:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 21:51 . 2008-12-25 05:00 101856 ----a-w- c:\users\kelen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 21:42 . 2008-12-25 16:05 101856 ----a-w- c:\users\adriano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 12:42 . 2009-06-11 00:37 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 00:37 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-19 18:02 . 2008-12-19 18:02 76 --sh--r- c:\windows\CT4CET.bin
2008-12-19 23:23 . 2008-12-19 23:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\users\adriano\Program Files\DNA\btdna.exe" [2009-02-18 321344]
"googletalk"="c:\users\adriano\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-05-26 24264488]
"Google Update"="c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-19 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2008-11-04 396192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-19 18:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{773AF746-145C-423A-85C8-B1A150CFC25D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{C5D7D5F4-FD3B-4409-B8F3-9C1DFB00FB9B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B02EF930-1E57-470B-8B6D-5D041C2A39CF}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{BBF96C42-904B-4425-A878-C958193D4B46}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{380D0500-E170-40F5-AC1C-41838E03CBF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77225A2B-F29C-4913-A5B6-D62FA33ABEC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6C4AFC4D-902A-41D7-81CC-8CC971E158A5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E5497C45-169F-445F-A5D8-D74C2E20D249}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F4A32F14-17BA-4FF4-9C48-1482F09043F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7165BA5D-BB34-404F-9905-68558D47CE9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DCAD8096-C4FA-48F6-9F45-9FF1AEFBC220}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{08141B50-F959-440B-B1A3-03ED78461004}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{F7701ABA-C77A-496F-8C28-5248A976876F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E6573D1F-D6EF-46C3-AE80-E1D409CC578D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C723B025-4B54-44CE-B893-5BC2F6AEE908}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{C0FE67A4-CE07-4D54-B399-B51E6112E4F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{E1077BC1-C6FA-47D7-AB19-66505CAF444B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{540E61FE-500B-4526-A5A2-DB50BC1F9015}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"{0A250C5D-FAA2-42DC-98A8-E5A8FF20DBF7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{DA13687D-D0E8-4132-8CD0-B74D1DCE72F0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{95D206CB-EDCF-4B6A-8808-60C6B9F6083E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{39C769ED-4B55-41C1-8CD1-2B7F7576390A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{33CE1F2E-4DFA-4190-807F-C3713025FC03}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{D49A89B4-352E-44C1-A6AA-5797E106FE59}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A358433E-CDE9-42DF-BAC6-1C03B86F7873}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{91069196-3B8A-47F7-8943-5DF5800E846A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{6825808F-F97B-45B4-A0E6-2C442FA4BB1E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{46EA7947-894A-4FC1-B25A-1378574B7595}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{FE185843-306E-4DE6-B7A4-35901C1D9B5F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{7A02F47D-3C65-48CA-8917-506760DCB014}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{CFC07E7C-577E-48F8-992A-9E902E3EC495}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{059A12F5-B36C-4DD8-BF3F-DFC4FD845A32}c:\\program files\\oneeko\\oneeko.exe"= UDP:c:\program files\oneeko\oneeko.exe:ONEEKO
"UDP Query User{92982878-84B4-441E-BAA3-044A9A8652F7}c:\\program files\\oneeko\\oneeko.exe"= TCP:c:\program files\oneeko\oneeko.exe:ONEEKO
"TCP Query User{B3A516B5-63E9-41D5-8493-BC9564DF299E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{ADECA9D6-A705-49F2-B646-CD166D01120C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/06/2009 02:00 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [08/02/2009 22:07 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 22:07 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [19/12/2008 12:45 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/02/2009 22:06 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 22:06 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/06/2009 01:59 348752]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [19/12/2008 20:39 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 16:03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [19/12/2008 20:39 7424]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [15/02/2009 19:41 136448]
S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/12/2008 15:14 30192]
S4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 05:40 217088]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-06-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 04:35]

2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001.job
- c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 02:48]

2009-06-19 c:\windows\Tasks\Norton Security Scan for kelen.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:20]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://br.yahoo.com/?fr=fp-yie8
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\adriano\AppData\Roaming\Mozilla\Firefox\Profiles\fn6il6mb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/?fr=fp-yie8
FF - prefs.js: keyword.URL - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\adriano\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\adriano\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 13:03
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\program files\Scpad\scpLIB.dll
c:\program files\Scpad\scpMIB.dll
c:\program files\Scpad\sshib.dll
.
Tempo para conclusão: 2009-06-20 13:05
ComboFix-quarantined-files.txt 2009-06-20 16:05

Pré-execução: 40.432.459.776 bytes disponíveis
Pós execução: 40.785.211.392 bytes disponíveis

292 --- E O F --- 2009-06-18 20:47