ComboFix 08-03-21.1 - adm 2008-03-21 22:20:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1568 [GMT -3:00]
Executando de: C:\Documents and Settings\adm\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adm\Dados de aplicativos\inst.exe
.
((((((((((((((((((((((( Ficheiros criados de 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))
.
2008-03-21 22:27 . 2008-03-21 22:27 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-21 17:27 . 2008-03-21 17:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-21 17:22 . 2008-03-21 17:22 <DIR> d-------- C:\Arquivos de programas\Sierra
2008-03-21 15:38 . 2008-03-21 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab
2008-03-21 15:38 . 2008-03-21 15:38 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab
2008-03-21 15:38 . 2008-03-21 22:33 2,472,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-21 15:38 . 2008-03-21 15:38 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-21 15:38 . 2008-03-21 15:38 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-21 15:38 . 2008-03-21 22:33 13,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-21 15:38 . 2008-03-21 15:51 1,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-21 15:38 . 2008-03-21 15:51 1,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-21 15:37 . 2008-03-21 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7
2008-03-21 15:35 . 2008-03-21 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2008-03-21 09:33 . 2008-03-21 09:33 <DIR> d-------- C:\Arquivos de programas\CCleaner
2008-03-20 22:52 . 2008-03-20 22:52 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\Tibia
2008-03-20 22:52 . 2008-03-20 22:52 <DIR> d-------- C:\Arquivos de programas\Aquaria
2008-03-20 21:58 . 2008-03-20 22:50 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\Tibia(2)
2008-03-20 21:50 . 2008-03-20 21:58 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\TuxPaint
2008-03-20 20:21 . 2008-03-20 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion
2008-03-20 14:17 . 2008-03-20 14:17 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\Microsoft Games
2008-03-20 13:25 . 2008-03-20 13:25 <DIR> d-------- C:\Arquivos de programas\Microsoft Games
2008-03-20 11:47 . 2008-03-20 11:47 <DIR> d-------- C:\Arquivos de programas\Activision Value
2008-03-20 09:26 . 2008-03-20 09:28 5,402,851 --a------ C:\Arquivos de programas\Arquivos comuns\Comedinha_Sever.zip
2008-03-20 08:20 . 2008-03-20 08:20 49,152 --a------ C:\WINDOWS\system32\apache.dll
2008-03-16 14:36 . 2008-03-21 17:03 <DIR> d-------- C:\Arquivos de programas\Asprate
2008-03-16 13:51 . 2008-03-16 13:51 22 --a------ C:\WINDOWS\system32\mcstate.bin
2008-03-16 13:43 . 2008-03-16 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip
2008-03-16 13:25 . 2008-03-16 13:25 <DIR> d-------- C:\Arquivos de programas\JMF2.1.1e
2008-03-16 13:24 . 2008-03-16 13:24 <DIR> d-------- C:\Documents and Settings\adm\WINDOWS
2008-03-15 21:12 . 2008-03-18 21:10 <DIR> d-------- C:\WINDOWS\system32\dt
2008-03-15 21:08 . 2008-03-18 21:10 56,710 --a------ C:\WINDOWS\system32\bpk.dat
2008-03-15 21:08 . 2008-03-16 18:44 39,774 --a------ C:\WINDOWS\system32\bpkch.dat
2008-03-15 18:58 . 2008-03-15 18:58 <DIR> d-------- C:\Arquivos de programas\Hamachi
2008-03-14 19:31 . 2008-03-14 19:31 268 --ah----- C:\sqmdata08.sqm
2008-03-14 19:31 . 2008-03-14 19:31 244 --ah----- C:\sqmnoopt08.sqm
2008-03-10 20:14 . 2008-03-10 20:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Xfire
2008-03-09 18:25 . 2008-03-09 18:25 <DIR> d-------- C:\WINDOWS\nview
2008-03-09 18:25 . 2008-02-13 11:56 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-09 18:25 . 2008-02-13 21:34 360,448 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-09 18:25 . 2008-03-21 15:53 166,004 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-09 18:25 . 2008-02-13 21:34 17,848 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-08 20:23 . 2007-12-11 08:00 785,464 -ra------ C:\WINDOWS\system32\tmp492.tmp
2008-03-08 20:23 . 2007-12-11 08:00 785,464 -ra------ C:\WINDOWS\system32\tmp491.tmp
2008-03-08 19:53 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-03-08 19:53 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-08 19:53 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-03-08 19:53 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-03-08 19:53 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-03-08 19:53 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-08 12:06 . 2008-03-08 12:06 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-08 12:06 . 2008-03-08 12:06 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-08 11:53 . 2008-03-08 12:34 <DIR> d-------- C:\Arquivos de programas\The Witcher
2008-03-08 10:59 . 2008-03-09 09:31 32 --a------ C:\WINDOWS\CD_Start.INI
2008-03-07 21:19 . 2008-03-20 20:13 <DIR> d-------- C:\Arquivos de programas\Soulseek
2008-03-02 18:47 . 2008-03-02 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft
2008-03-02 18:47 . 2008-03-02 18:47 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\Ubisoft
2008-03-01 14:22 . 2008-03-01 14:22 <DIR> d-------- C:\Arquivos de programas\CDBurnerXP
2008-03-01 13:08 . 2008-03-01 13:08 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-01 13:08 . 2008-03-01 13:08 <DIR> d-------- C:\Arquivos de programas\AGEIA Technologies
2008-03-01 13:04 . 2008-03-01 13:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-03-01 12:37 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-01 12:37 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-01 12:37 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-01 12:37 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-01 12:37 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-23 16:10 . 2008-03-08 13:35 <DIR> d-------- C:\Arquivos de programas\HALF LIFE 2
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:08 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-03-21 22:51 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\Free Download Manager
2008-03-21 20:22 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-03-21 20:08 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\LimeWire
2008-03-21 18:09 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\uTorrent
2008-03-21 12:33 --------- d-----w C:\Arquivos de programas\Yahoo!
2008-03-19 23:50 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-19 23:50 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-16 16:24 --------- d-----w C:\Arquivos de programas\Java
2008-03-16 02:31 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\Hamachi
2008-03-15 21:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-10 23:15 --------- d-----w C:\Arquivos de programas\BrowsingProgram
2008-03-09 17:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-09 17:41 22,328 ----a-w C:\Documents and Settings\adm\Dados de aplicativos\PnkBstrK.sys
2008-03-09 17:40 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-09 17:40 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-09 17:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-08 12:23 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\InstallShield
2008-02-23 10:03 --------- d-----w C:\Arquivos de programas\LimeWire
2008-02-11 19:12 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\Vso
2008-02-11 00:32 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\DVDFab
2008-02-11 00:29 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-11 00:29 47,360 ----a-w C:\Documents and Settings\adm\Dados de aplicativos\pcouffin.sys
2008-02-11 00:29 --------- d-----w C:\Arquivos de programas\DVDFab Platinum 4
2008-02-10 14:09 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\SEGA
2008-02-09 22:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
2008-02-08 22:58 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2008-02-08 22:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe
2008-02-08 21:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 21:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-02-08 19:05 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\ATI
2008-02-07 21:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Test Drive Unlimited
2008-02-04 18:26 --------- d-----w C:\Arquivos de programas\DVD Decrypter
2008-02-02 14:33 --------- d-----w C:\Arquivos de programas\Thoosje Sidebar V2.3
2008-02-02 14:32 --------- d-----w C:\Arquivos de programas\Spyware Terminator
2008-02-01 21:32 --------- d-----w C:\Arquivos de programas\uTorrent
2008-02-01 21:27 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\Azureus
2008-02-01 21:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Azureus
2008-01-30 22:15 --------- d-----w C:\Arquivos de programas\Alwil Software
2008-01-29 18:34 --------- d-----w C:\Arquivos de programas\CapCom
2008-01-27 23:21 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback
2008-01-26 21:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-01-26 21:52 --------- d-----w C:\Arquivos de programas\Crawler
2008-01-26 20:47 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\Talkback
2008-01-22 13:27 --------- d-----w C:\Arquivos de programas\DIFX
2008-01-19 11:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-19 11:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-15 22:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-15 21:36 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-12-24 16:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:45 15360]
"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2007-12-29 09:05 486856]
"ISUSPM"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2006-09-10 22:56 218032]
"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 18:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-01-19 08:43 185896]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-13 21:34 13500416]
"nwiz"="nwiz.exe" [2008-02-13 21:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-13 21:34 86016]
"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 18:45 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Arquivos de programas\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Arquivos de programas\\Sierra\\FEAR\\FEARMP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64087:TCP"= 64087:TCP:crysisbrasilserver
R2 NMSAccessU;NMSAccessU;C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
*Newly Created Service* - KL1
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-03-21 23:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-21 22:33:13
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2008-03-21 22:34:37
ComboFix-quarantined-files.txt 2008-03-22 01:34:29
