ComboFix 09-04-13.A2 - Administrator 2009-04-15 11:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.314 [GMT -10:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
E:\d6fagcs8.cmd
F:\MICKEY.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 04:34 . 2009-04-15 04:34 12292 ----a-w c:\windows\system\.DS_Store
2009-04-15 04:34 . 2009-04-15 04:34 24580 ----a-w c:\windows\.DS_Store
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 05:43 . 2008-07-17 22:39 12292 ----a-w C:\.DS_Store
2009-04-15 04:32 . 2009-02-06 03:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 21:44 . 2008-07-17 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-13 20:54 . 2008-07-24 18:44 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-07 01:32 . 2009-02-06 03:10 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 01:32 . 2009-02-06 03:10 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 10:19 . 2004-08-04 11:00 1846272 ----a-w c:\windows\system32\win32k.sys
2008-07-22 23:37 . 2008-07-17 20:50 68456 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot_2009-04-14_17.36.29.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-06 03:10 . 2009-04-07 01:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys
- 2009-02-06 03:10 . 2009-01-15 02:11 38496 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-02-06 03:10 . 2009-04-07 01:32 15504 c:\windows\system32\drivers\mbam.sys
- 2009-02-06 03:10 . 2009-01-15 02:11 15504 c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Parallels Tools"="c:\program files\Parallels\Parallels Tools\ParallelsToolsCenter.exe" [2007-12-27 1064960]
"SharedInternetApplication"="c:\program files\Parallels\Parallels Tools\SIA\sharedintapp.exe" [2007-12-27 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-06 167936]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-17 9344]
S1 PrlNP;PrlNP;c:\windows\system32\DRIVERS\prlfs.sys [2007-12-27 138368]
S2 cohrence;Parallels Coherence Service;c:\program files\Parallels\Parallels Tools\cohrence.exe [2007-12-27 53346]
S2 prl_paravirt_32;Parallels Paravirtualization Driver;c:\windows\system32\drivers\prl_paravirt_32.sys [2007-12-27 14957]
S2 PrlTime;Parallels Time Synchronization Driver;c:\windows\system32\drivers\PrlTime.sys [2007-12-27 2550]
S2 toolsrv;Parallels Tools Utility Service;c:\program files\Parallels\Parallels Tools\toolsrv.exe [2007-12-27 90112]
S3 PCITG;PCITG;c:\windows\system32\drivers\pcitg.sys [2007-12-27 15232]
S3 prleth;Parallels Network Adapter;c:\windows\system32\DRIVERS\prleth.sys [2007-12-27 6112]
S3 PrlMouse;Parallels Mouse Synchronization Tool;c:\windows\system32\DRIVERS\PrlMouse.sys [2007-12-27 5341]
S3 PrlVideo;PrlVideo;c:\windows\system32\DRIVERS\PrlVideo.sys [2007-12-27 16384]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://search.myheritage.commStart Page =
hxxp://search.myheritage.comuInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-15 11:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3336)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\program files\Parallels\Parallels Tools\menuhook.sc
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2009-04-15 11:25
ComboFix-quarantined-files.txt 2009-04-15 21:25
ComboFix2.txt 2009-04-15 05:31
ComboFix3.txt 2009-04-15 03:37
ComboFix4.txt 2009-04-13 21:06
Pre-Run: 13,198,901,248 bytes free
Post-Run: 13,190,250,496 bytes free
105 --- E O F --- 2009-04-13 21:46