ComboFix 10-02-09.01 - CYBER 09/02/2010 19:12:28.1.

1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.314 [GMT -2:00
]
Executando de: c:\documents and settings\CYBER\Meus documentos\Downloads\ComboFi
x.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\HMYI.001
c:\windows\system32\28463\HMYI.002
c:\windows\system32\28463\HMYI.005
c:\windows\system32\28463\HMYI.006
c:\windows\system32\28463\HMYI.007
c:\windows\system32\28463\HMYI.exe
c:\windows\system32\28463\key.bin
c:\windows\system32\28463\LHAV.001
c:\windows\system32\28463\LHAV.002
c:\windows\system32\28463\LHAV.005
c:\windows\system32\28463\LHAV.006
c:\windows\system32\28463\LHAV.007
c:\windows\system32\28463\LHAV.exe
c:\windows\system32\28463\WSLH.001
c:\windows\system32\28463\WSLH.002
c:\windows\system32\28463\WSLH.005
c:\windows\system32\28463\WSLH.006
c:\windows\system32\28463\WSLH.007
c:\windows\system32\28463\WSLH.009
c:\windows\system32\28463\WSLH.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))
))))))))))))))))))))))))))))
.
-------\Legacy_AIC32P
-------\Service_aic32p

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-09 to 2010-02-09 )))))

)))))))))))))))))))))))
.
2010-02-05 20:53 . 2010-02-05 20:53 -------- d-----w- c:\docum
ents and settings\CYBER\Dados de aplicativos\pdf995
2010-02-05 20:00 . 2010-02-05 20:54 59 ----a-w- c:\windows\wpd99
.drv
2010-02-05 20:00 . 2010-02-05 20:54 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\pdf995
2010-02-05 20:00 . 2010-02-05 20:00 51716 ----a-w- c:\windows\syste
m32\pdf995mon.dll
2010-02-05 20:00 . 2010-02-05 20:00 249856 ----a-w- c:\windows\syste
m32\pdfmona.dll
2010-02-05 20:00 . 2010-02-05 20:00 -------- d-----w- c:\arqui
vos de programas\pdf995
2010-01-20 20:55 . 2003-08-08 20:00 32640 ----a-w- c:\windows\syste
m32\drivers\sisidex.sys
2010-01-20 20:53 . 2005-05-06 09:14 48128 ----a-w- c:\windows\syste
m32\drivers\SiSRaid.sys
2010-01-20 20:53 . 2001-03-30 14:58 135168 ----a-w- c:\windows\syste
m32\property.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-02-09 21:08 . 2010-02-09 13:41 -------- d-----w- c:\docum
ents and settings\CYBER\Dados de aplicativos\GetRightToGo
2010-02-09 21:05 . 2010-02-09 21:05 -------- d-----w- c:\arqui
vos de programas\Ashampoo
2010-02-05 20:47 . 2009-07-31 16:14 2516 --sha-w- c:\documents and
settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2010-02-05 20:47 . 2009-07-31 16:14 2516 --sha-w- c:\documents and
settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2010-02-05 19:53 . 2010-02-05 19:53 5120 --sha-w- c:\arquivos de p
rogramas\Thumbs.db
2010-02-04 18:12 . 2009-07-31 16:13 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Corel
2010-01-21 13:49 . 2009-07-31 17:25 -------- d-----w- c:\arqui
vos de programas\Hewlett-Packard
2010-01-20 20:55 . 2009-07-31 21:30 -------- d--h--w- c:\arqui
vos de programas\InstallShield Installation Information
2009-12-30 20:19 . 2009-12-30 20:19 -------- d-----w- c:\arqui
vos de programas\KYE
2009-12-30 20:19 . 2009-12-30 20:19 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\snpstd
2009-12-30 20:19 . 2009-07-31 21:13 -------- d-----w- c:\arqui
vos de programas\Arquivos comuns\InstallShield
2009-07-31 16:23 . 2009-07-31 16:23 2359350 -c--a-w- c:\arquivos de p
rogramas\walp.bmp
2008-04-14 11:00 . 2008-04-14 11:00 159179 --sha-r- c:\windows\syste
m32\ifgvkiul.dll
.
------- Sigcheck -------
[-] 2008-06-14 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512]
. . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\DfLogon]
2007-06-28 17:39 65536 ----a-w- c:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFa
ultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Compo
nent Manager]
2003-10-23 21:51 294912 ----a-w- c:\arquivos de programas\HP\hpco
retech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Softw
are Update]
2003-06-25 13:24 110592 ----a-w- c:\arquivos de programas\Hewlett
-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Tas
kbar Utility]
2006-01-13 06:39 237568 ----a-w- c:\windows\system32\spool\driver
s\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 15:48 348160 ----a-w- c:\windows\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"hpdj3500"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Valve\\Condition Zero\\czero.exe"=
"c:\\Arquivos de programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"\\\\Servidor-01\\Programas uteis\\Serial da Gravadora LG.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"=
"c:\\Arquivos de programas\\Hewlett-Packard\\hpz\\glue\\util\\common\\hpzghl09.e
xe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Protexis\\License Service\\PsiServi
ce_2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"8863:TCP"= 8863:TCP:qcuix
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [31/7/2009 16:55 1551
36]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [31/7/2009 16:55 5248
]
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/6/2007 15:45 1314
72]
S2 hsikw;Update Config;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 09:
00 14336]
S4 hpdj3500;hpdj3500;c:\docume~1\CYBER\CONFIG~1\Temp\hpdj3500.exe -servicerunnin
g=true -uninstall=hp deskjet 3500 series -product=3500 --> c:\docume~1\CYBER\CON
FIG~1\Temp\hpdj3500.exe -servicerunning=true -uninstall=hp deskjet 3500 series -
product=3500 [?]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - AIC32P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
hsikw
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3
000
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-LHAV Agent - c:\windows\system32\28463\LHAV.exe
MSConfigStartUp-SiSRaid - c:\arquivos de programas\Silicon Integrated Systems\Si
SRaidPackage\SRaid.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-02-09 19:20
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\LogonDll.dll
- - - - - - - > 'explorer.exe'(584)
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.e
xe
c:\arquivos de programas\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-02-09 19:22:56 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-02-09 21:22
Pré-execução: 5 pasta(s) 63.762.018.304 bytes disponíveis
Pós execução: 7 pasta(s) 63.850.246.144 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - 417F4656BCFD8B11CE7612C548A49657