Email Enviado...
Log ComboFix
Log ComboFix
ComboFix 09-09-22.03 - Bruno 23/09/2009 17:56.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.657 [GMT -3:00]
Executando de: c:\documents and settings\Bruno\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Bruno\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"C:\ROOT.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\Yahoo!
C:\PenClean
c:\penclean\Leiame.txt
c:\penclean\PenClean.txt
C:\ROOT.exe
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))
.
2009-09-22 20:29 . 2009-09-22 20:29 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-09-22 20:27 . 2009-09-22 20:27 -------- d-----w- c:\windows\ERUNT
2009-09-22 20:22 . 2009-09-23 19:39 -------- d-----w- c:\arquivos de programas\COMODO
2009-09-17 17:08 . 2009-09-23 18:50 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\dvdcss
2009-09-17 17:04 . 2009-09-23 18:50 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\vlc
2009-09-17 17:03 . 2009-09-17 17:03 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-09-13 03:57 . 2009-09-13 03:57 -------- d-----w- c:\arquivos de programas\MIKSOFT
2009-09-03 01:18 . 2009-09-03 01:19 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Notepad++
2009-09-03 01:18 . 2009-09-03 01:18 -------- d-----w- c:\arquivos de programas\Notepad++
2009-09-01 19:48 . 2009-09-01 19:48 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Corel
2009-09-01 19:46 . 2009-09-01 19:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis
2009-09-01 19:46 . 2009-09-01 19:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel
2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2009-09-01 19:42 . 2009-09-01 19:42 -------- d-----w- c:\arquivos de programas\Corel
2009-08-31 18:00 . 2009-08-31 18:04 -------- d-----w- c:\windows\SHELLNEW
2009-08-31 17:58 . 2009-08-31 17:58 -------- d-----w- c:\arquivos de programas\Microsoft Synchronization Services
2009-08-31 17:57 . 2009-08-31 18:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2009-08-31 17:57 . 2009-08-31 17:57 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework
2009-08-31 17:57 . 2009-08-31 17:57 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-08-31 17:54 . 2009-08-31 17:54 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 8
2009-08-31 17:52 . 2009-08-31 17:52 -------- d-----w- c:\arquivos de programas\Microsoft Analysis Services
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:13 . 2009-03-26 18:16 -------- d-----w- c:\arquivos de programas\Java
2009-09-22 15:25 . 2009-08-29 18:46 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2009-09-21 13:23 . 2009-07-30 17:38 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Orbit
2009-09-20 02:09 . 2009-07-15 20:25 -------- d-----w- c:\arquivos de programas\iLuminaPO
2009-09-17 01:36 . 2001-10-28 18:07 79866 ----a-w- c:\windows\system32\perfc016.dat
2009-09-17 01:36 . 2001-10-28 18:07 471012 ----a-w- c:\windows\system32\perfh016.dat
2009-09-14 22:10 . 2009-03-16 17:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-09-10 21:03 . 2009-08-23 18:02 -------- d-----w- c:\arquivos de programas\Opera
2009-09-04 16:01 . 2009-03-17 03:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-01 19:48 . 2009-08-29 18:46 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\A8D0BBD4AC.sys
2009-08-31 17:59 . 2009-03-27 19:01 -------- d-----w- c:\arquivos de programas\MSBuild
2009-08-29 18:50 . 2009-04-22 16:16 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\uTorrent
2009-08-24 19:37 . 2009-05-21 18:24 -------- d-----w- c:\arquivos de programas\Winamp
2009-08-24 19:36 . 2009-05-21 18:24 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Winamp
2009-08-18 15:15 . 2009-04-03 16:53 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\BSplayer Pro
2009-08-17 11:12 . 2009-08-15 13:06 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Download Manager
2009-08-15 04:07 . 2009-07-30 17:38 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2009-08-05 18:59 . 2009-07-20 15:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 16:26 . 2009-03-27 19:10 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-30 17:38 . 2009-07-30 17:38 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\GrabPro
2009-06-29 02:55 . 2009-03-26 20:00 3082 ----a-w- c:\windows\system32\affv208325p1now.sys
2009-03-18 01:39 . 2009-03-18 01:39 2 ------w- c:\arquivos de programas\.windows-serial
.
((((((((((((((((((((((((((((( SnapShot@2009-09-23_20.01.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-26 18:17 . 2009-03-26 18:17 148888 c:\windows\system32\javaws.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 148888 c:\windows\system32\javaws.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\javaw.exe
- 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\javaw.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\java.exe
- 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\java.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 19:05 739688 ----a-w- c:\arquiv~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\arquivos de programas\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/7/2009 12:47 108289]
R2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [8/4/2009 15:37 4319136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [25/4/2009 18:18 33480048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&end to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Bruno\Dados de aplicativos\Mozilla\Firefox\Profiles\m8ftgrj1.default\
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-23 18:00
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Tempo para conclusão: 2009-09-23 18:02
ComboFix-quarantined-files.txt 2009-09-23 21:02
ComboFix2.txt 2009-09-23 20:05
Pré-execução: 535.339.008 bytes disponíveis
Pós execução: 500.408.320 bytes disponíveis
258
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.657 [GMT -3:00]
Executando de: c:\documents and settings\Bruno\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Bruno\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"C:\ROOT.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\Yahoo!
C:\PenClean
c:\penclean\Leiame.txt
c:\penclean\PenClean.txt
C:\ROOT.exe
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))
.
2009-09-22 20:29 . 2009-09-22 20:29 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-09-22 20:27 . 2009-09-22 20:27 -------- d-----w- c:\windows\ERUNT
2009-09-22 20:22 . 2009-09-23 19:39 -------- d-----w- c:\arquivos de programas\COMODO
2009-09-17 17:08 . 2009-09-23 18:50 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\dvdcss
2009-09-17 17:04 . 2009-09-23 18:50 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\vlc
2009-09-17 17:03 . 2009-09-17 17:03 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-09-13 03:57 . 2009-09-13 03:57 -------- d-----w- c:\arquivos de programas\MIKSOFT
2009-09-03 01:18 . 2009-09-03 01:19 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Notepad++
2009-09-03 01:18 . 2009-09-03 01:18 -------- d-----w- c:\arquivos de programas\Notepad++
2009-09-01 19:48 . 2009-09-01 19:48 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Corel
2009-09-01 19:46 . 2009-09-01 19:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis
2009-09-01 19:46 . 2009-09-01 19:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel
2009-09-01 19:43 . 2009-09-01 19:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2009-09-01 19:42 . 2009-09-01 19:42 -------- d-----w- c:\arquivos de programas\Corel
2009-08-31 18:00 . 2009-08-31 18:04 -------- d-----w- c:\windows\SHELLNEW
2009-08-31 17:58 . 2009-08-31 17:58 -------- d-----w- c:\arquivos de programas\Microsoft Synchronization Services
2009-08-31 17:57 . 2009-08-31 18:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2009-08-31 17:57 . 2009-08-31 17:57 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework
2009-08-31 17:57 . 2009-08-31 17:57 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-08-31 17:54 . 2009-08-31 17:54 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 8
2009-08-31 17:52 . 2009-08-31 17:52 -------- d-----w- c:\arquivos de programas\Microsoft Analysis Services
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:13 . 2009-03-26 18:16 -------- d-----w- c:\arquivos de programas\Java
2009-09-22 15:25 . 2009-08-29 18:46 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2009-09-21 13:23 . 2009-07-30 17:38 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Orbit
2009-09-20 02:09 . 2009-07-15 20:25 -------- d-----w- c:\arquivos de programas\iLuminaPO
2009-09-17 01:36 . 2001-10-28 18:07 79866 ----a-w- c:\windows\system32\perfc016.dat
2009-09-17 01:36 . 2001-10-28 18:07 471012 ----a-w- c:\windows\system32\perfh016.dat
2009-09-14 22:10 . 2009-03-16 17:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-09-10 21:03 . 2009-08-23 18:02 -------- d-----w- c:\arquivos de programas\Opera
2009-09-04 16:01 . 2009-03-17 03:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-09-01 19:48 . 2009-08-29 18:46 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\A8D0BBD4AC.sys
2009-08-31 17:59 . 2009-03-27 19:01 -------- d-----w- c:\arquivos de programas\MSBuild
2009-08-29 18:50 . 2009-04-22 16:16 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\uTorrent
2009-08-24 19:37 . 2009-05-21 18:24 -------- d-----w- c:\arquivos de programas\Winamp
2009-08-24 19:36 . 2009-05-21 18:24 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Winamp
2009-08-18 15:15 . 2009-04-03 16:53 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\BSplayer Pro
2009-08-17 11:12 . 2009-08-15 13:06 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\Download Manager
2009-08-15 04:07 . 2009-07-30 17:38 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2009-08-05 18:59 . 2009-07-20 15:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 16:26 . 2009-03-27 19:10 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-30 17:38 . 2009-07-30 17:38 -------- d-----w- c:\documents and settings\Bruno\Dados de aplicativos\GrabPro
2009-06-29 02:55 . 2009-03-26 20:00 3082 ----a-w- c:\windows\system32\affv208325p1now.sys
2009-03-18 01:39 . 2009-03-18 01:39 2 ------w- c:\arquivos de programas\.windows-serial
.
((((((((((((((((((((((((((((( SnapShot@2009-09-23_20.01.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-26 18:17 . 2009-03-26 18:17 148888 c:\windows\system32\javaws.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 148888 c:\windows\system32\javaws.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\javaw.exe
- 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\javaw.exe
+ 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\java.exe
- 2009-03-26 18:17 . 2009-03-26 18:17 144792 c:\windows\system32\java.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 19:05 739688 ----a-w- c:\arquiv~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\arquivos de programas\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^OfficeSAS.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/7/2009 12:47 108289]
R2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [8/4/2009 15:37 4319136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [25/4/2009 18:18 33480048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&end to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Bruno\Dados de aplicativos\Mozilla\Firefox\Profiles\m8ftgrj1.default\
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-23 18:00
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Tempo para conclusão: 2009-09-23 18:02
ComboFix-quarantined-files.txt 2009-09-23 21:02
ComboFix2.txt 2009-09-23 20:05
Pré-execução: 535.339.008 bytes disponíveis
Pós execução: 500.408.320 bytes disponíveis
258
