combofix log
ComboFix 08-06-05.3 - Proprietário 2008-06-10 21:54:25.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.571 [GMT 1:00]
Executando de: C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((( Ficheiros criados de 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))
.
2008-06-10 21:39 . 2008-06-10 21:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-09 21:21 . 2008-06-09 21:21 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Sports Interactive
2008-06-09 21:18 . 2008-06-09 21:19 <DIR> d--h----- C:\Programas\Zero G Registry
2008-06-09 21:18 . 2008-06-09 21:18 <DIR> d-------- C:\Programas\Sports Interactive
2008-06-09 19:37 . 2008-06-09 19:37 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-09 19:36 . 2008-06-09 19:37 <DIR> d-------- C:\Programas\COMODO
2008-06-09 19:36 . 2008-06-09 19:36 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Comodo
2008-06-09 19:36 . 2008-06-09 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-09 19:36 . 2008-06-09 19:36 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-06-09 19:36 . 2008-06-09 19:36 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-09 19:36 . 2008-06-09 19:36 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-09 19:31 . 2008-06-09 19:35 <DIR> d-------- C:\Programas\firewall
2008-06-09 00:08 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 00:07 . 2008-06-09 00:07 <DIR> d-------- C:\Programas\Ficheiros comuns\Java
2008-06-07 18:32 . 2008-06-07 18:32 <DIR> d--h----- C:\Documents and Settings\Proprietário\InstallAnywhere
2008-06-07 18:32 . 2008-06-07 18:32 <DIR> d--h----- C:\Documents and Settings\Proprietário\InstallAnywhere
2008-06-07 18:31 . 2008-06-07 18:32 883 --a------ C:\WINDOWS\system32\msupdatgms.exe
2008-06-07 16:47 . 2008-06-07 16:46 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-06-07 12:23 . 2008-06-07 12:23 <DIR> d-------- C:\Programas\Ficheiros comuns\DirectX
2008-06-06 22:37 . 2008-06-06 22:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 22:37 . 2008-06-06 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 12:14 . 2008-06-06 12:18 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware
2008-06-06 12:14 . 2008-06-06 12:14 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Malwarebytes
2008-06-06 12:14 . 2008-06-06 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 12:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 12:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-05 23:31 . 2008-06-05 23:31 <DIR> d-------- C:\Nova pasta
2008-06-05 23:10 . 2008-06-09 00:00 <DIR> d-------- C:\Programas\Sun
2008-06-05 23:10 . 2008-06-10 15:07 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Proprietßrio
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\LocalService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Administrador\Definiþ§es locais
2008-06-01 04:23 . 2008-06-01 04:23 21,504 --a------ C:\WINDOWS\editpad.exe
2008-06-01 04:23 . 2008-06-01 04:23 19,712 --a------ C:\WINDOWS\quicken.exe
2008-06-01 04:03 . 2008-06-05 23:04 <DIR> d-------- C:\Programas\Spyware Doctor
2008-05-31 23:40 . 2008-06-05 23:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 22:56 . 2008-06-02 01:29 15,104 --a------ C:\WINDOWS\qttasks.exe
2008-05-31 22:55 . 2008-05-31 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-31 21:26 . 2008-05-31 21:27 <DIR> d-------- C:\Programas\Internet Explorer 7
2008-05-31 21:10 . 2006-03-02 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-31 21:08 . 2006-03-02 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-31 21:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 21:07 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-05-31 21:07 . 2004-05-13 00:39 184,435 --a--c--- C:\WINDOWS\system32\dllcache\fp4amsft.dll
2008-05-31 21:07 . 2003-03-24 15:52 147,513 --a--c--- C:\WINDOWS\system32\dllcache\fp4apws.dll
2008-05-31 21:07 . 2003-03-24 15:52 82,035 --a--c--- C:\WINDOWS\system32\dllcache\fp4anscp.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-31 21:01 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-31 21:01 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-05-31 21:01 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-31 21:01 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-31 19:28 . 2008-05-31 19:28 <DIR> d-------- C:\Programas\Yahoo!
2008-05-31 19:19 . 2008-05-31 19:19 26,624 --a------ C:\WINDOWS\helpcvs.exe
2008-05-31 04:04 . 2008-05-31 04:04 16,384 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 23:54 . 2008-05-30 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-30 00:02 . 2008-05-30 00:11 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 23:45 . 2008-05-30 00:12 <DIR> d-------- C:\Programas\BitDefender
2008-05-29 23:42 . 2008-06-05 22:26 <DIR> d-------- C:\Temp
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Programas\uTorrent
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\uTorrent
2008-05-29 23:41 . 2008-05-29 23:41 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos
2008-05-29 23:34 . 2008-05-29 23:45 <DIR> d-------- C:\Programas\Ficheiros comuns\BitDefender
2008-05-29 14:30 . 2008-05-29 14:30 <DIR> dr-h----- C:\MSOCache
2008-05-29 00:59 . 2008-05-30 15:02 613 --a------ C:\WINDOWS\wininit.ini
2008-05-28 23:33 . 2008-05-28 23:39 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\AVGTOOLBAR
2008-05-28 23:31 . 2008-05-29 00:12 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-28 23:22 . 2008-06-02 01:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy
2008-05-28 23:22 . 2008-06-02 02:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 18:59 . 2008-05-28 18:59 <DIR> dr-h----- C:\Documents and Settings\Proprietário\Application Data\SecuROM
2008-05-28 14:49 . 2008-05-28 14:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Programas\Apple Software Update
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-27 19:08 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Apple Computer
2008-05-27 18:45 . 2008-05-27 18:45 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\skypePM
2008-05-27 18:45 . 2008-05-27 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Programas\Ficheiros comuns\Skype
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-27 18:25 . 2008-05-27 18:25 379 --a------ C:\WINDOWS\ODBC.INI
2008-05-27 18:24 . 2008-05-27 18:24 <DIR> d-------- C:\Programas\Microsoft.NET
2008-05-27 18:24 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-27 18:23 . 2008-05-27 18:24 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-05-27 18:12 . 2008-05-27 18:12 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Creative
2008-05-27 16:55 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-27 16:54 . 2000-05-22 09:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-05-27 16:54 . 2004-08-04 00:57 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-27 16:54 . 2004-08-04 00:57 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-27 16:54 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-27 16:54 . 2004-08-04 00:57 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-27 16:54 . 1999-10-10 18:00 41,984 --a------ C:\WINDOWS\Ctregrun.exe
2008-05-27 16:54 . 2004-08-04 00:57 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-27 16:21 . 2008-06-10 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-27 16:03 . 2008-05-27 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 16:00 . 2008-05-27 16:00 <DIR> d-------- C:\WINDOWS\WinRAR
2008-05-27 14:52 . 2008-05-27 19:13 <DIR> d-------- C:\Programas\QuickTime
2008-05-27 14:51 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 14:51 . 2004-12-18 21:32 38,229 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-05-27 14:46 . 2008-05-27 14:51 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 01:04 . 2008-06-07 17:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 00:31 . 2008-05-27 18:13 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-05-27 00:30 . 2008-06-07 17:09 <DIR> d-------- C:\Programas\Windows Live
2008-05-27 00:30 . 2008-06-07 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 00:10 . 2008-05-27 00:10 <DIR> d-------- C:\Programas\Windows Media Connect 2
2008-05-27 00:09 . 2008-05-27 00:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 00:09 . 2008-05-27 00:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\WINDOWS\system32\pt-pt
2008-05-26 23:18 . 2008-06-06 13:14 1,073,037,312 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-26 22:29 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-26 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-26 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João\Os meus documentos
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João
2008-05-26 20:30 . 2008-06-10 18:58 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Azureus
2008-05-26 20:30 . 2008-05-26 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:55 --------- d-----w C:\Programas\Serviços online
2008-05-26 13:23 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-05-26 13:23 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-05-26 13:23 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-05-26 13:23 499,712 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-05-26 13:23 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
2008-05-26 13:23 4,381,184 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-05-26 13:23 364,544 ----a-w C:\WINDOWS\RtlUpd.exe
2008-05-26 13:23 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-05-26 13:23 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-05-26 13:23 2,155,008 ----a-w C:\WINDOWS\MicCal.exe
2008-05-26 13:23 16,264,192 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-26 13:01 9,728 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-05-26 13:01 11,264 ----a-w C:\WINDOWS\system32\drivers\xfilt.sys
2008-05-26 09:06 --------- d-----w C:\Programas\microsoft frontpage
2008-03-19 20:29 21,760 ----a-w C:\Documents and Settings\João\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-06-06_ 0.31.36,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 21:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 20:38:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 16:09:00 29,926 ----a-r C:\WINDOWS\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe
+ 2008-06-09 22:29:30 632,320 ----a-r C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F66110.exe
+ 2008-06-09 22:29:30 29,184 ----a-r C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F6617.exe
+ 2008-06-09 18:36:09 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
- 2008-06-02 08:48:39 193,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 12:39:41 190,592 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 00:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 00:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 01:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-01-19 11:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-10-18 10:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-09 18:51:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_450.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 16:20 171448]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Creative WebCam Tray"="C:\Programas\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"DWQueuedReporting"="C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2008-05-26 14:23 2879488 C:\WINDOWS\SkyTel.exe]
"Google Desktop Search"="C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 16:20 1862144]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 14:23 16264192 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2004-05-13 15:54 159744 C:\WINDOWS\system32\stmctrl.dll]
"SunJavaUpdateSched"="C:\Programas\Java\jre6\bin\jusched.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programas\\soulseek\\slsk.exe"=
"C:\\Programas\\azureus\\Azureus.exe"=
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programas\\Sports Interactive\\Football Manager 2008\\fm.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-05-26 14:01]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2008-05-26 14:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-09 19:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-09 19:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-08 10:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-04 09:15]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-05-30 12:28:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-10 21:55:37
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Tempo para conclusão: 2008-06-10 21:56:17
ComboFix-quarantined-files.txt 2008-06-10 20:56:13
ComboFix2.txt 2008-06-10 20:52:40
ComboFix3.txt 2008-06-06 16:09:25
ComboFix4.txt 2008-06-06 14:19:00
ComboFix5.txt 2008-06-06 01:03:44
Pre-Run: 86,173,523,968 bytes livres
Post-Run: 86,163,378,176 bytes livres
261 --- E O F --- 2008-06-10 18:04:30
HJT SCAN
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:23, on 10-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.pt/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.pt/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programas\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1828591125O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 1829019109O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/ ... /CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8297 bytes