ComboFix 09-09-03.02 - Administrador 03/09/2009 19:29.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.605 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\update93828.exe
c:\windows\UA000071.DLL
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-03 to 2009-09-03 ))))))))))))))))))))))))))))
.
2009-09-01 23:12 . 2009-09-01 23:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2009-09-01 23:11 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 23:11 . 2009-09-01 23:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-01 23:11 . 2009-09-01 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-09-01 23:11 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 01:31 . 2009-08-27 01:31 12 ----a-w- c:\windows\Emcmm.dat
2009-08-25 01:42 . 2009-08-25 01:47 -------- d-----w- c:\documents and settings\Administrador\.rainlendar2
2009-08-25 01:41 . 2009-08-25 01:47 -------- d-----w- c:\arquivos de programas\Rainlendar2
2009-08-22 00:50 . 2009-08-28 02:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ulead Systems
2009-08-22 00:48 . 2009-08-22 00:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX
2009-08-22 00:38 . 2009-08-22 00:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InterVideo
2009-08-22 00:37 . 2007-01-03 21:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-08-22 00:37 . 2007-01-03 21:58 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-22 00:37 . 2009-08-28 02:04 -------- d-----w- c:\arquivos de programas\DivX
2009-08-22 00:37 . 2009-08-22 00:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\LightScribe
2009-08-22 00:35 . 2009-08-28 02:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems
2009-08-22 00:34 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-08-11 19:35 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 23:31 . 2009-08-04 23:31 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2009-08-04 23:31 . 2009-08-04 23:31 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2009-08-04 23:27 . 2009-08-04 23:27 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2009-08-04 23:16 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-04 23:16 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-04 23:16 . 2009-08-04 23:16 -------- d-----w- c:\windows\ie8updates
2009-08-04 23:16 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-04 23:14 . 2009-08-04 23:16 -------- dc-h--w- c:\windows\ie8
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 01:47 . 2008-04-23 01:53 -------- d-----w- c:\arquivos de programas\Circle Developement
2009-08-28 19:43 . 2008-09-30 17:59 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-08-28 02:30 . 2008-04-04 11:39 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-21 02:46 . 2008-08-28 17:44 -------- d-----w- c:\arquivos de programas\Alldj_DVD_To_AVI
2009-08-12 03:09 . 2008-04-04 11:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-08-05 09:00 . 2004-08-04 01:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-22 20:27 . 2009-03-05 18:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-07-20 21:46 . 2008-04-23 01:53 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-07-17 19:03 . 2004-08-04 01:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 02:43 . 2004-08-04 01:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-04 01:45 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-08-04 01:45 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-04 01:45 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-04 01:45 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-04 01:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-08-04 01:45 732672 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-04 01:45 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 23:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:39 . 2004-08-04 01:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-04 01:45 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-04 01:45 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-08-04 01:45 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:21 . 2008-04-03 19:49 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-04 01:45 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1631:UDP"= 1631:UDP:Windows Media Format SDK (iexplore.exe)
"1630:UDP"= 1630:UDP:Windows Media Format SDK (iexplore.exe)
"1632:UDP"= 1632:UDP:Windows Media Format SDK (iexplore.exe)
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/5/2007 13:30 508160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{B5B75B04-9D3F-4EC5-89D1-00F64AD34F8D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Picasa Media Detector - c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe
HKCU-Run-Rainlendar2 - c:\arquivos de programas\Rainlendar2\Rainlendar2.exe
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {AF32D210-948A-4A63-BD02-8938A15D4750} = 200.225.197.34 200.225.197.37
DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} - hxxp://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-03 19:32
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-842925246-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,c9,1c,c3,4f,0d,45,a3,92,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,9b,c9,1c,c3,4f,0d,45,a3,92,c0,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,5f,4e,ce,03,43,
03,3d,b0,2e,e8,e1,00,eb,16,2b,de,eb,81,b1,2d,26,63,54,81,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b2,3e,12,48,36,
fb,7d,f7,46,47,15,b0,92,4b,c7,ef,f8,4c,75,ab,af,6c,44,e7,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f0,be,bc,5c,de,
9d,2a,f3,7a,45,05,fd,91,e8,6f,31,f6,1f,4e,18,25,df,97,3e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,5e,53,a5,ed,
45,78,c4,6b,65,49,6a,7e,99,74,f7,0c,64,a9,89,48,99,49,d0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,56,16,9d,4d,85,
f8,cc,9c,e9,02,6c,fa,fb,1d,47,57,ec,86,40,d5,2e,ae,ab,81,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2a,3f,13,d4,ac,
0b,59,85,50,93,e5,ab,ec,6a,4e,ab,85,f8,21,33,f4,e8,40,d9,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,aa,39,23,a2,
b3,f7,52,97,20,4e,9a,c7,f1,35,ee,63,f5,37,18,e7,30,21,c9,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,44,b8,ce,c6,70,
f5,37,1d,aa,52,c6,00,84,3c,26,64,2e,6c,f0,0e,83,fd,e8,21,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ea,4b,a0,22,11,
12,bc,2f,b2,46,9a,e2,1b,fe,1b,94,96,25,79,db,b2,72,57,da,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e5,50,a6,a1,e0,
68,d8,92,37,a4,aa,c3,a6,15,56,0a,1d,25,02,05,3c,c2,dd,c1,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,66,2e,85,84,9d,
1e,8c,26,f8,31,0f,a9,5f,a0,ec,fb,08,ad,5a,1b,da,a7,7b,32,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,6f,ee,29,30,d0,
28,83,84,05,73,21,dd,54,d8,4a,c5,74,25,74,9f,36,05,7a,9a,6c,43,2d,1e,aa,22,\
.
Tempo para conclusão: 2009-09-03 19:34
ComboFix-quarantined-files.txt 2009-09-03 22:34
ComboFix2.txt 2008-11-24 08:54
Pré-execução: 9 pasta(s) 20.910.829.568 bytes disponíveis
Pós execução: 9 pasta(s) 25.194.983.424 bytes disponíveis
221 --- E O F --- 2009-09-02 03:04