ComboFix 09-07-14.05 - S25 15-07-2009 1:20.1.1 - NTFSx86 NETWORK Executando de: c:\documents and settings\S25\Os meus documentos\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1220945662-1425521274-725345543-1003 c:\recycler\S-1-5-21-1229272821-1957994488-1060284298-1003 c:\recycler\S-1-5-21-1229272821-1957994488-1060284298-500 c:\recycler\S-1-5-21-1482476501-839522115-1060284298-1003 c:\recycler\S-1-5-21-823518204-329068152-725345543-1003 c:\recycler\S-1-5-21-854245398-789336058-1708537768-1003 c:\windows\Installer\56b44.msi c:\windows\system32\_000115_.tmp.dll c:\windows\system32\_000116_.tmp.dll c:\windows\system32\_000117_.tmp.dll c:\windows\system32\_000118_.tmp.dll c:\windows\system32\_000119_.tmp.dll c:\windows\system32\_000124_.tmp.dll c:\windows\system32\_000125_.tmp.dll c:\windows\system32\_000126_.tmp.dll c:\windows\system32\afaduleb.ini c:\windows\system32\afekelin.ini c:\windows\system32\ajibukaf.ini c:\windows\system32\ajobosiv.ini c:\windows\system32\ajuvalav.ini c:\windows\system32\anoyuwar.ini c:\windows\system32\apatozaf.ini c:\windows\system32\apusinaw.ini c:\windows\system32\asazufig.ini c:\windows\system32\awofulow.ini c:\windows\system32\deposit.dll c:\windows\system32\ebiwaliw.ini c:\windows\system32\eboropug.ini c:\windows\system32\edahimuz.ini c:\windows\system32\edesimas.ini c:\windows\system32\efuritor.ini c:\windows\system32\egidoyod.ini c:\windows\system32\ehujemoz.ini c:\windows\system32\ekepuhar.ini c:\windows\system32\eleyusop.ini c:\windows\system32\evatuyur.ini c:\windows\system32\ewanadep.ini c:\windows\system32\ewumivuv.ini c:\windows\system32\ezasudiy.ini c:\windows\system32\ezosavam.ini c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\erma.inf c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\jinstall-6u1.inf c:\windows\system32\ifowuvuv.ini c:\windows\system32\ihohekom.ini c:\windows\system32\ilakiwas.ini c:\windows\system32\ilefozip.ini c:\windows\system32\ilikafuf.ini c:\windows\system32\ipifadar.ini c:\windows\system32\irofilid.ini c:\windows\system32\iwilihad.ini c:\windows\system32\iyopojen.ini c:\windows\system32\izahadur.ini c:\windows\system32\obuyubiz.ini c:\windows\system32\odapitep.ini c:\windows\system32\okapadib.ini c:\windows\system32\okunasan.ini c:\windows\system32\omirafoz.ini c:\windows\system32\oporolor.ini c:\windows\system32\orusiyuz.ini c:\windows\system32\otevipiy.ini c:\windows\system32\owuzazug.ini c:\windows\system32\reg_0001.txt c:\windows\system32\ufuviyey.ini c:\windows\system32\ugujasof.ini c:\windows\system32\ujeremil.ini c:\windows\system32\umihukav.ini c:\windows\system32\umilagar.ini c:\windows\system32\unodigel.ini c:\windows\system32\upadefok.ini c:\windows\system32\upumafad.ini c:\windows\system32\urihikat.ini c:\windows\system32\uvikarep.ini c:\windows\system32\uwayawov.ini c:\windows\system32\uyikofus.ini c:\windows\system32\uyovitis.ini c:\windows\system32\xpob2res.dll c:\windows\winload.inf . (((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))) . 2009-07-14 21:09 . 2009-07-14 21:09 -------- d-----w- c:\documents and settings\S25\Application Data\ImgBurn 2009-07-14 18:54 . 2009-07-14 18:54 -------- d-----w- c:\programas\ImgBurn 2009-07-14 18:39 . 2009-07-14 18:39 2040451 ----a-w- C:\SetupImgBurn_2.4.4.0.exe 2009-07-14 18:36 . 2009-07-14 18:37 401408 ----a-w- C:\wget.exe 2009-07-09 11:40 . 2009-07-09 11:40 -------- d-----w- c:\documents and settings\Sharpshooter\Application Data\Winamp 2009-07-07 09:58 . 2009-07-07 09:58 -------- d-----w- c:\documents and settings\Sharpshooter\Application Data\BitTorrent 2009-07-04 01:15 . 2009-07-04 01:15 -------- d-----w- c:\programas\Smart Projects 2009-07-02 00:37 . 2009-07-04 19:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-07-02 00:37 . 2009-07-02 00:38 -------- d-----w- c:\programas\Spybot - Search & Destroy 2009-07-02 00:36 . 2009-07-02 00:36 -------- d-----w- c:\programas\Zone Labs 2009-07-02 00:35 . 2009-07-02 00:36 -------- d-----w- c:\windows\Internet Logs 2009-06-30 08:44 . 2009-06-30 08:44 -------- d-----w- c:\documents and settings\Administrador\Tracing 2009-06-29 17:19 . 2009-07-14 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-29 09:46 . 2008-04-14 16:09 78848 ----a-w- c:\windows\system32\msiexec.exe 2009-06-29 09:46 . 2008-04-14 16:09 2843136 ----a-w- c:\windows\system32\msi.dll 2009-06-29 09:46 . 2008-04-14 16:09 271360 ----a-w- c:\windows\system32\msihnd.dll 2009-06-29 09:46 . 2008-04-14 16:09 15360 ----a-w- c:\windows\system32\msisip.dll 2009-06-29 09:46 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\msimsg.dll 2009-06-29 09:30 . 2009-06-29 09:31 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-06-21 14:00 . 2009-06-21 14:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TVU Networks 2009-06-21 13:22 . 2009-06-27 20:46 -------- d-----w- c:\programas\TVUPlayer 2009-06-18 17:32 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-06-18 17:32 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-06-18 17:32 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-06-18 17:32 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-06-18 17:32 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-06-18 17:32 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-06-18 17:31 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-15 00:30 . 2009-03-14 21:59 -------- d-----w- c:\documents and settings\S25\Application Data\BitTorrent 2009-07-14 22:12 . 2006-06-15 23:11 -------- d-----w- c:\programas\Google 2009-07-12 22:55 . 2007-04-09 21:51 98304 ----a-w- c:\windows\DUMP9df5.tmp 2009-07-12 10:02 . 2008-09-02 18:26 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\BitTorrent 2009-07-10 23:40 . 2008-06-28 10:45 -------- d-----w- c:\programas\mylfs 2009-07-09 21:58 . 2007-04-09 21:51 98304 ----a-w- c:\windows\DUMP9cdc.tmp 2009-07-09 11:44 . 2009-03-14 21:56 -------- d-----w- c:\programas\DNA 2009-07-09 11:44 . 2008-12-24 00:10 -------- d-----w- c:\documents and settings\Sharpshooter\Application Data\DNA 2009-07-08 19:54 . 2008-11-18 23:46 -------- d-----w- c:\programas\Windows Media Connect 2 2009-07-08 19:54 . 2008-02-27 18:41 -------- d-----w- c:\programas\VDMSound 2009-07-08 19:54 . 2007-12-20 15:09 -------- d-----w- c:\programas\Sierra On-Line 2009-07-08 19:54 . 2008-06-20 18:47 -------- d-----w- c:\programas\mylfsfiles 2009-07-05 21:18 . 2009-05-21 12:12 253952 ------w- c:\windows\Setup1.exe 2009-07-05 21:18 . 2007-08-21 08:55 74752 ----a-w- c:\windows\ST6UNST.EXE 2009-07-04 01:15 . 2009-02-12 23:31 -------- d-----w- c:\programas\Alcohol Soft 2009-07-04 00:29 . 2009-04-02 22:43 -------- d-----w- c:\programas\Internet Download Manager 2009-07-04 00:04 . 2008-10-20 18:45 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\IDM 2009-07-03 17:08 . 2008-09-12 15:24 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\DMCache 2009-07-02 14:49 . 2008-11-30 12:41 -------- d-----w- c:\documents and settings\S25\Application Data\DMCache 2009-06-30 08:46 . 2008-04-17 12:38 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-06-29 17:51 . 2009-02-22 14:09 1100 ----a-w- c:\windows\system32\d3d8caps.dat 2009-06-29 08:29 . 2008-07-13 18:42 -------- d-----w- c:\programas\HyperSnap 6 2009-06-29 08:06 . 2007-04-09 21:51 106496 ----a-w- c:\windows\DUMPc042.tmp 2009-06-27 22:34 . 2009-04-02 22:44 -------- d-----w- c:\documents and settings\S25\Application Data\IDM 2009-06-26 08:47 . 2006-06-15 20:55 -------- d-----w- c:\programas\ATI Technologies 2009-06-26 08:44 . 2009-06-05 18:20 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\play2p 2009-06-26 08:44 . 2009-06-05 18:17 -------- d--h--w- c:\programas\InstallJammer Registry 2009-06-17 11:47 . 2007-04-09 21:51 106496 ----a-w- c:\windows\DUMPa4ac.tmp 2009-06-16 20:40 . 2009-06-09 18:52 -------- d-----w- c:\documents and settings\S25\Application Data\play2p 2009-06-14 18:56 . 2008-11-17 00:56 -------- d-----w- c:\programas\Teamspeak2_RC2 2009-06-13 15:46 . 2009-06-13 15:46 -------- d-----w- c:\documents and settings\Sharpshooter\Application Data\play2p 2009-06-13 15:41 . 2007-04-09 21:51 106496 ----a-w- c:\windows\DUMPa519.tmp 2009-06-12 23:32 . 2009-05-28 18:03 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\Winamp 2009-06-06 12:50 . 2009-06-06 12:50 61 --sh--w- c:\windows\cnerolf.dat 2009-06-06 12:36 . 2007-12-18 20:07 -------- d-----w- c:\programas\Microsoft Games 2009-06-01 23:20 . 2009-05-30 13:53 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\FUJIFILM 2009-06-01 09:18 . 2009-06-01 09:18 -------- d-----w- c:\programas\Pidgin 2009-06-01 09:17 . 2009-06-01 09:17 -------- d-----w- c:\programas\Ficheiros comuns\GTK 2009-05-31 22:31 . 2009-05-31 22:31 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\Malwarebytes 2009-05-31 16:07 . 2008-02-16 23:06 -------- d-----w- c:\programas\GPM2Real1996 2009-05-31 16:07 . 2007-04-12 14:09 -------- d-----w- c:\programas\eMule 2009-05-31 01:27 . 2008-10-12 14:50 167376 ----a-w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\Mozilla\Firefox\Profiles\9a8a2hjt.default\FlashGot.exe 2009-05-30 13:55 . 2006-06-15 20:45 -------- d--h--w- c:\programas\InstallShield Installation Information 2009-05-28 20:43 . 2009-05-28 20:42 -------- d-----w- c:\documents and settings\Teresa.RPSOFT-4\Application Data\Media Player Classic 2009-05-28 19:51 . 2009-05-28 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus! 2009-05-28 19:47 . 2009-05-28 18:33 -------- d-----w- c:\programas\Messenger Plus! Live 2009-05-28 10:48 . 2007-04-09 21:51 98304 ----a-w- c:\windows\DUMP954a.tmp 2009-05-27 21:34 . 2009-05-27 21:34 -------- d-----w- c:\documents and settings\S25\Application Data\Creative 2009-05-27 21:19 . 2006-06-15 23:10 -------- d-----w- c:\programas\Creative 2009-05-23 11:41 . 2009-05-23 11:41 -------- d-----w- c:\programas\Real 2009-05-21 12:12 . 2009-05-21 12:12 318 ----a-r- c:\documents and settings\S25\Application Data\Microsoft\Installer\{80024281-741D-47C3-84C9-953019B8BB5E}\NewShortcut1_2.exe 2009-05-21 12:12 . 2009-05-21 12:12 318 ----a-r- c:\documents and settings\S25\Application Data\Microsoft\Installer\{80024281-741D-47C3-84C9-953019B8BB5E}\ARPPRODUCTICON.exe 2009-05-20 11:33 . 2009-02-12 22:38 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-20 11:03 . 2009-03-23 23:50 -------- d-----w- c:\documents and settings\S25\Application Data\Winamp 2009-05-19 20:47 . 2009-01-22 23:26 -------- d-----w- c:\documents and settings\S25\Application Data\Xfire 2009-05-19 20:28 . 2008-11-17 12:05 -------- d-----w- c:\programas\Xfire 2009-05-19 18:29 . 2007-04-09 21:51 106496 ----a-w- c:\windows\DUMP34d6.tmp 2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll 2009-02-25 01:12 . 2009-02-24 21:31 1077761079 ----a-w- c:\programas\rFactorSetup.zip 2008-02-16 23:20 . 2008-02-16 23:20 29312638 ----a-w- c:\programas\Grand Prix 2 [CGN].exe 2009-07-05 09:38 . 2008-08-07 12:46 134648 ----a-w- c:\programas\mozilla firefox\components\brwsrcmp.dll 2009-01-18 01:00 . 2009-01-18 01:00 2172 --sh--w- c:\windows\system32\dobazusi.dll 2009-01-28 00:21 . 2009-01-28 00:21 2172 --sh--w- c:\windows\system32\kayukore.exe 2009-01-27 12:18 . 2009-01-27 12:18 2172 --sh--w- c:\windows\system32\tarozahi.exe 2009-01-28 12:19 . 2009-01-28 12:19 2172 --sh--w- c:\windows\system32\tuzoyono.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "ccleaner"="c:\programas\CCleaner\CCleaner.exe" [2008-12-01 1406192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520] "googletalk"="c:\programas\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-22 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 ----a-w- c:\programas\Ficheiros comuns\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background "MSMSGS"="c:\programas\Messenger\msmsgs.exe" /background "BitTorrent DNA"="c:\programas\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto "Adobe Photo Downloader"="c:\programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "StartCCC"="c:\programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programas\\BitTorrent\\bittorrent.exe"= R1 aswSP;avast! Self Protection; [x] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952] R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800] S1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [1998-10-06 1984] . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-Start WingMan Profiler - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl Notify-AtiExtEvent - (no file) . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/ptb/drivers.html IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download all links with IDM - c:\programas\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\programas\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\programas\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\S25\Application Data\Mozilla\Firefox\Profiles\ckadav76.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://co101w.col101.mail.live.com/mail/InboxLight.aspx?n=853329986 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\S25\Application Data\Mozilla\Firefox\Profiles\ckadav76.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\programas\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 01:36 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{26ab5c1b-f632-47cb-9412-6fe686339bb9}] @Denied: (Full) (Everyone) "Model"=dword:0000011c "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):86,9c,1a,95,84,36,be,8e,ae,ec,99,d8,a1,28,87,22,d1,f4,b2,af,b0, cc,4a,8e,7a,8a,96,79,8a,4d,fc,60,5d,1a,36,0c,72,2a,80,8d,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7434bddc-75de-4e62-9ffb-a290e3fd57b8}] @Denied: (Full) (Everyone) "Model"=dword:000000a6 "Therad"=dword:00000014 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d6,ec,3a,64,5d,32,80,82,64,42,eb,2d,73,bf,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):fa,32,a5,d6,ec,8c,e0,2c,9a,7e,79,0d,79,de,1a,32,87,c7,d6,df,13, ba,31,7b,0e,ee,5d,2c,38,48,64,ca,da,79,74,08,47,b7,86,89,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*’|{*] "DisplayName"="?\11???" "DeviceDesc"="?\11???" "ProviderName"="" "MFG"="?_?_®" "DeviceInstanceIds"=multi:"\0c\00" [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\Eventlog\Security\Security\ObjectNames****] "Channel"=dword:00001400 "Desktop"=dword:00001a10 "Device"=dword:00001100 "Directory"=dword:00001110 "Event"=dword:00001120 "EventPair"=dword:00001130 "File"=dword:00001140 "IoCompletion"=dword:00001300 "Job"=dword:00001410 "Key"=dword:00001150 "MailSlot"=dword:00001140 "Mutant"=dword:00001160 "NamedPipe"=dword:00001140 "Port"=dword:00001170 "Process"=dword:00001180 "Profile"=dword:00001190 "Section"=dword:000011a0 "Semaphore"=dword:000011b0 "SymbolicLink"=dword:000011c0 "Thread"=dword:000011d0 "Timer"=dword:000011e0 "Token"=dword:000011f0 "Type"=dword:00001200 "WaitablePort"=dword:00001170 "WindowStation"=dword:00001a00 [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****] "ServiceDll"=expand:"%SystemRoot%\\System32\\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "c:\\Programas\\Windows Live\\Messenger\\livecall.exe"="c:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002" [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "c:\\Programas\\Grisoft\\AVG7\\avginet.exe"="c:\\Programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "c:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe"="c:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "c:\\Programas\\Grisoft\\AVG7\\avgcc.exe"="c:\\Programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "c:\\Programas\\eMule\\emule.exe"="c:\\Programas\\eMule\\emule.exe:*:Enabled:eMule" "c:\\Program Files\\Microprose\\Grand Prix 3\\GP3.exe"="c:\\Program Files\\Microprose\\Grand Prix 3\\GP3.exe:*:Enabled:GP3" "c:\\Programas\\eMule\\Incoming\\SMG MODS\\Mdracers\\Camp[1]._Reg._2008_Md_Racers0\\Campeonato Regional 2008\\MdRacers 2008 Mod v1\\F1 Challenge 99-02.exe"="c:\\Programas\\eMule\\Incoming\\SMG MODS\\Mdracers\\Camp[1]._Reg._2008_Md_Racers0\\Campeonato Regional 2008\\MdRacers 2008 Mod v1\\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02" "c:\\Programas\\Internet Explorer\\IEXPLORE.EXE"="c:\\Programas\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "c:\\Programas\\Hamachi\\hamachi.exe"="c:\\Programas\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "c:\\Programas\\uTorrent\\uTorrent.exe"="c:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "c:\\Programas\\mylfs\\LFS.exe"="c:\\Programas\\mylfs\\LFS.exe:*:Enabled:LFS" "c:\\Programas\\eMule\\Incoming\\SMG MODS\\US2\\F1 Challenge 99-02.exe"="c:\\Programas\\eMule\\Incoming\\SMG MODS\\US2\\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "c:\\Programas\\BitTorrent\\bittorrent.exe"="c:\\Programas\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent" "c:\\Programas\\DNA\\btdna.exe"="c:\\Programas\\DNA\\btdna.exe:*:Disabled:DNA" "c:\\Programas\\Xfire\\xfire.exe"="c:\\Programas\\Xfire\\xfire.exe:*:Enabled:Xfire" "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "c:\\Programas\\Messenger\\msmsgs.exe"="c:\\Programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "c:\\Programas\\Windows Live\\Messenger\\livecall.exe"="c:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\SharedAccess\Parameters****\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP>LocalSubNet:Enabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" "139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" "56360:TCP"="56360:TCP:*:Enabled:Pando P2P TCP Listening Port" "56360:UDP"="56360:UDP:*:Enabled:Pando P2P UDP Listening Port" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(784) c:\programas\ficheiros comuns\logitech\bluetooth\LBTWlgn.dll c:\programas\ficheiros comuns\logitech\bluetooth\LBTServ.dll . Tempo para conclusão: 2009-07-15 1:43 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-07-15 00:43 Pré-execução: 15.445.086.208 bytes livres Pós execução: 15.248.420.864 bytes livres WindowsXP-KB310994-SP2-Home-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11 382