[Resolvido!] sality aa

[andersonekarol 0]

li o topico http://forum.imasters.com.br/index.php?/topic/357716-sality-aa/

mas me parece que pra cada pc é um procedimento diferente?

se for alguem me ajude.

o avira detectou o win32 sality aa, mas não consigo desinfectar o pc, já passei o kaspersky virus removal too2010

e depois o hijackthis e retirei o virus mas na 2ª vez que iniciei meu pc o sality aa apareceu de novo, e sumiu com o acesso ao painel de controle e ao executar, e meu pc esta muito lento.

obs: meu pc e do serviço e esta liga em rede. mas faço login como administrador do pc.

 

O que devo fazer?

[wings 22]

Boa tarde andersonekarol

 

 

*Baixe o SalityKiller e salve-o no desktop

*Desinstale seus antivírus

*Extraia o seu conteúdo para C:\

*Desative a Restauração do Sistema

 

Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim

*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > digite: C:\salitykiller.exe -m

*Clique [OK]

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique em [iniciar] > [Executar] > digite: C:\salitykiller.exe -y -x -j -l sality.txt -v

*Clique [OK]

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

*Cole o resumo localizado no final do arquivo conforme o texto em destaque:

Infected files: 6382

19:59:42 Infected processes: 0

19:59:42 Infected threads: 0

19:59:42 Cured files: 5808

19:59:42 Executed registry scripts: 1

[andersonekarol 0]

bpm dia!!

desde ja agradeço a resposta mas...

eu não estou achando o execultar me parece que o virus o desabilitou assim como o acesso ao painel de controle e suas funções.

como faço agora?

[wings 22]

Bom dia andersonekarol

 

1.Para a primeira janela

*Acesse o prompt de comando

*Digite:

cd c:\

*Tecle ENTER

*Digite:

salitykiller.exe -m

*Tecle ENTER

 

2. Para a segunda janela

*Abra outro prompt de comando

*Digite:

cd c:\

*Tecle ENTER

*Digite:

salitykiller.exe -y -x -j -l sality.txt -v <- preste atenção nos espaços!

*Tecle ENTER

[andersonekarol 0]

vamos lá!

"monitoring thread stopped

 

completed

infected files: 0

infected processes: 0

infected threads: 0

cured files: 0

executed registry scripts: 1"

 

mas no prompt de comamdo só é possivel colocar no c:\documents and senttings\administrador

aguardo.

[wings 22]

É possível que não seja o Sality.aa.

 

Cole um log do hijack.

[andersonekarol 0]

bom, será?

mas o avira acusa isso toda vez que inicio o pc infectado com win32.sality.aa e o arquivo esta no c: o nome é sdat4900,

mas será que o lugar que ficou o salitykiller.exe não influenciou não?

pois eu o coloquei no c\documents and senttings\administrador.

 

 

segue o relatorio do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34:16, on 21/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\ARQUIV~1\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lexmark\ErrorApp\LMab1err.exe

C:\WINDOWS\system32\LMabcoms.exe

C:\WINDOWS\system32\proquota.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE

C:\Arquivos de programas\BrOffice.org 3\program\swriter.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pmmg.mg.gov.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.20.234.3/proxy.pac

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.7.0\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LMab1err] C:\Arquivos de programas\Lexmark\ErrorApp\LMab1err.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.7.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.7.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258442371546

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgfws8.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe

 

--

End of file - 6700 bytes

[wings 22]

O log está limpo...

 

 

1.

*Baixe o Norman Malware Cleaner e salve-o no desktop

*Renomei o arquivo para Norman_Malware_Cleaner.cmd

*Duplo clique em Norman_Malware_Cleaner.cmd

*Instale o programa

*Para adicionar unidades fixas (C:\, D:\....) de seu computador clique em [Add]

*Clique em [start Scan] e aguarde o término

*Cole o relatório criado no desktop

[andersonekarol 0]

quando abrir o norman não consegui acessar nada nele e deu uma mensagem

unable to extract resource: nsak.sys.error. (0x00000002)

 

o que devo fazer?

[wings 22]

*Acesse o link abaixo:

http://securityresponse.symantec.com/avcenter/UnHookExec.inf

*Clique com o botão direito do mouse na página e selecione "Salvar como"...

*Salve no desktop

*Dê um clique com o botão direito do mouse no arquivo UnHookExec.inf e selecione "Instalar".

 

Tente agora execdutar o Norman.

[andersonekarol 0]

ainda da a mesma mensagem no norman

e agora?

[wings 22]

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[andersonekarol 0]

o negocio aqui não ta facil não!!!

não consegui instalar o console de recuperação do windows, diz que eu não estou conectado e nem parar/desisntalar/exluir o "avg internet securit"

mas o relatorio é o seguinte:

 

 

ComboFix 09-12-20.08 - Administrador 21/12/2009 13:10:52.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.250 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

c:\arquivos de programas\FunWebProducts

c:\arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\arquivos de programas\MyWebSearch

c:\arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG

c:\arquivos de programas\MyWebSearch\bar\2.bin\F3SPACER.WMV

c:\arquivos de programas\MyWebSearch\bar\2.bin\F3WALLPP.DAT

c:\arquivos de programas\MyWebSearch\bar\2.bin\FWPBUDDY.PNG

c:\arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

c:\arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\avatar.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common-x.css

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common.css

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\include.js

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\index.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loader.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loading.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\logo.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\noflash.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.swf

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

c:\arquivos de programas\MyWebSearch\bar\Cache\012A49D1

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5124

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5460.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A572E.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5951.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5AF7.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5C8D.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A5E81.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A6075.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\012A6289.bin

c:\arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S

c:\arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S

c:\arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S

c:\arquivos de programas\MyWebSearch\bar\History\search3

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\center.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\index.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\logo_ZJ.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\logo_ZR.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\protect.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\reb_bg.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnbg.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnn1.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnn2.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtny1.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtny2.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebclose.png

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebut.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\rebut2.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\shocked.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\stop.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systray.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systrayp.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\warn.gif

c:\arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S

c:\arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

c:\documents and settings\Administrador\Dados de aplicativos\FunWebProducts

c:\documents and settings\Administrador\Dados de aplicativos\FunWebProducts\Data\Administrador\avatar.dat

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))

.

 

2009-12-21 11:48 . 2009-12-04 12:41 151816 ----a-w- c:\documents and settings\Administrador\SalityKiller.exe.exe

2009-12-21 11:26 . 2009-12-21 11:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-21 10:33 . 2009-12-21 15:05 13202107 ----a-w- C:\sdat4900.exe

2009-12-18 19:58 . 2009-12-18 19:58 -------- d-----w- c:\documents and settings\Administrador\DoctorWeb

2009-12-18 19:04 . 2009-12-21 10:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autorun Eater

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-sh--w- c:\documents and settings\s123456\IETldCache

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456\Menu Iniciar

2009-12-18 18:05 . 2009-12-18 18:10 7168 ----a-w- c:\windows\system32\drivers\uteznzg0.sys

2009-12-18 17:29 . 2009-12-18 17:29 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-12-18 13:17 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\66125102.sys

2009-12-18 13:17 . 2009-10-10 00:31 315408 ----a-w- c:\windows\system32\drivers\6612510.sys

2009-12-18 13:17 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\66125101.sys

2009-12-18 11:08 . 2009-12-18 11:08 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-12-18 11:06 . 2008-10-09 11:02 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\CONFIG\aebb.dll

2009-12-18 10:42 . 2009-12-18 10:42 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000600002i\AcroRd32Info.exe

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\1000000b00002i\verclsid.exe

2009-12-15 15:59 . 2009-12-15 15:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AnvSoft

2009-12-15 10:58 . 2009-12-18 18:56 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-14 17:11 . 2009-12-18 18:57 -------- d--h--w- c:\documents and settings\Administrador\Recent(2)

2009-12-12 03:55 . 2005-07-25 18:57 4779 ----a-w- c:\windows\mozilla.vbs

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\system\grouppol.dll

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\grouppol.dll

2009-12-11 17:30 . 1999-02-04 20:24 515598 ----a-w- C:\Darius Force.zip

2009-12-11 17:25 . 2000-04-17 16:13 347480 ----a-w- C:\Super Mario World (Brasil).zip

2009-12-11 17:25 . 1999-02-03 22:03 1325273 ----a-w- C:\Super Mario World 2.zip

2009-12-11 17:22 . 1999-02-20 13:58 347560 ----a-w- C:\Super Mario World.zip

2009-12-11 17:19 . 2009-12-18 18:57 -------- d-----w- C:\super ness

2009-12-11 17:17 . 2009-12-18 18:57 -------- d-----w- C:\jogos

2009-12-11 04:49 . 2009-12-11 04:54 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos\Media Player Classic

2009-12-11 04:23 . 2009-12-21 15:15 -------- d--h--w- c:\documents and settings\s123456\Configurações locais

2009-12-11 04:23 . 2009-12-11 04:49 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos

2009-12-11 04:23 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456

2009-12-11 04:23 . 2009-12-14 17:11 -------- d-----w- c:\documents and settings\s123456\Favoritos

2009-12-04 14:51 . 2009-12-04 12:41 151816 ----a-w- C:\SalityKiller.exe.exe

2009-12-02 13:31 . 2009-12-02 13:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-12-02 04:13 . 2009-12-02 04:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-12-01 12:37 . 2009-12-01 12:39 -------- d-----w- c:\arquivos de programas\Readiris Pro 11

2009-12-01 12:36 . 2009-12-01 12:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-12-01 12:35 . 2009-12-01 12:35 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-12-01 12:35 . 2009-12-02 04:13 -------- d-----w- C:\Program Files

2009-12-01 12:35 . 2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

2009-12-01 12:33 . 2009-12-01 12:34 -------- d-----w- c:\arquivos de programas\HP

2009-12-01 12:33 . 2008-04-13 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-01 12:33 . 2008-04-13 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-01 12:33 . 2001-09-05 19:20 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-12-01 12:33 . 2001-09-05 19:20 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-12-01 12:14 . 2005-10-07 23:29 445440 ----a-w- c:\windows\system32\ltimg13n.dll

2009-12-01 12:12 . 2009-12-01 12:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-11-28 08:58 . 2009-12-15 10:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-28 08:58 . 2009-01-13 13:12 113968 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-11-28 08:56 . 2009-11-28 08:56 -------- d-----w- c:\windows\Sun

2009-11-28 07:08 . 2009-11-28 07:08 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000ea00002i\AdobeARM.exe

2009-11-28 07:07 . 2009-11-28 07:07 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\4000005400002i\AcroRd32.exe

2009-11-28 07:02 . 2009-11-28 07:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall

2009-11-27 09:38 . 2009-12-10 04:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-27 09:38 . 2009-03-30 06:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-27 09:38 . 2009-02-13 07:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-27 09:38 . 2009-02-13 07:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-27 09:34 . 2009-11-27 09:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-11-27 09:33 . 2009-12-21 14:18 -------- d-----w- c:\windows\system32\drivers\Avg

2009-11-27 09:33 . 2009-11-27 09:33 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVGTOOLBAR

2009-11-27 09:33 . 2009-11-27 09:33 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\AVGTOOLBAR

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\arquivos de programas\Avira

2009-11-24 10:10 . 2009-11-24 10:10 -------- d-----w- c:\arquivos de programas\7-Zip

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-21 15:05 . 2009-12-12 03:55 14 ----a-w- C:\Dir.Tmp

2009-12-21 13:08 . 2009-12-14 17:15 2754 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2009-12-21 13:08 . 2008-04-14 10:00 62474 ----a-w- c:\windows\system32\perfc016.dat

2009-12-21 13:08 . 2008-04-14 10:00 416384 ----a-w- c:\windows\system32\perfh016.dat

2009-12-21 11:22 . 2009-11-17 13:12 1 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-15 16:39 . 2009-11-19 05:39 1744 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-04 11:55 . 2009-11-17 07:00 1632 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-03 07:09 . 2009-11-17 12:40 -------- d-----w- c:\arquivos de programas\IBM3270

2009-12-01 12:14 . 2009-12-01 12:12 -------- d--h--w- c:\arquivos de programas\Agilent-HP

2009-11-27 07:26 . 2009-11-09 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-11-24 13:30 . 2009-11-17 09:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-19 05:09 . 2009-11-19 05:09 -------- d-----w- c:\arquivos de programas\Lexmark

2009-11-18 11:04 . 2009-11-18 11:04 -------- d-----w- c:\arquivos de programas\Lexmark_HostCD

2009-11-18 05:51 . 2009-11-09 17:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\arquivos de programas\GPLGS

2009-11-18 05:14 . 2009-11-18 05:14 -------- d-----w- c:\arquivos de programas\Acro Software

2009-11-17 13:10 . 2009-11-17 13:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org

2009-11-17 11:50 . 2009-11-17 11:50 -------- d-----w- c:\arquivos de programas\EPSON

2009-11-17 10:03 . 2001-12-31 19:34 1 ----a-w- c:\documents and settings\AET-\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-11 05:27 . 2009-11-09 16:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\CCleaner

2009-11-11 04:44 . 2009-11-09 17:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-11 04:44 . 2009-11-09 17:13 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-11 04:44 . 2009-11-09 17:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-11 04:44 . 2009-11-11 04:46 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-11 04:44 . 2009-11-11 04:46 1090224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\AVGToolbarInstall.exe

2009-11-11 04:44 . 2009-11-11 04:46 3513624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-11-11 04:44 . 2009-11-11 04:46 2028312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\Media Player Classic

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\bsplayer

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-09 17:28 . 2009-11-09 17:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Ahead

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-11-09 17:23 . 2009-11-09 17:20 -------- d-----w- c:\arquivos de programas\Java

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\arquivos de programas\BrOffice.org 3

2009-11-09 17:13 . 2009-11-11 04:45 11952 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsstx.dll

2009-11-09 17:13 . 2009-11-09 17:13 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-11-09 17:13 . 2009-11-09 17:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-09 17:13 . 2009-11-11 04:46 325896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys

2009-11-09 17:13 . 2009-11-11 04:45 27784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmfx86.sys

2009-11-09 17:05 . 2009-11-09 17:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WinZip

2009-11-09 16:37 . 2009-11-09 16:37 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-11-09 16:33 . 2009-11-09 16:33 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-09 16:32 . 2009-11-09 16:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-11-09 16:31 . 2009-11-09 16:31 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-05 04:09 . 2009-11-18 05:14 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 07:28 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LMab1err"="c:\arquivos de programas\Lexmark\ErrorApp\LMab1err.exe" [2007-05-11 713648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-22 98304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideShutdownScripts"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"ProfileQuotaMessage"= Você ultrapassou o espaço de armazenamento de seu perfil. Para poder efetuar logoff, você precisa mover alguns itens do perfil para a rede ou para o armazenamento local.

"HideLogonScripts"= 1 (0x1)

"MaxProfileSize"= 30000 (0x7530)

"WarnUserTimeout"= 15 (0xf)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSetTaskbar"= 1 (0x1)

"NoFileAssociate"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-11 04:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.12.2009_14-46.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\setup_9.0.0.722_18.12.2009_14-46.lnk

backup=c:\windows\pss\setup_9.0.0.722_18.12.2009_14-46.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 07:38 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-02 23:38 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

2009-11-27 04:04 2029336 ----a-w- c:\arquiv~1\AVG\AVG8\avgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OrderReminder Cleaner]

2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2006-04-23 14:32 36864 ----a-w- c:\arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\LMabcoms.exe"=

 

R0 66125102;66125102 Boot Guard Driver;c:\windows\system32\drivers\66125102.sys [18/12/2009 11:17 37392]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/11/2009 15:13 12552]

R1 66125101;66125101;c:\windows\system32\drivers\66125101.sys [18/12/2009 11:17 128016]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2009 15:13 108552]

R1 setup_9.0.0.722_18.12.2009_14-46drv;setup_9.0.0.722_18.12.2009_14-46drv;c:\windows\system32\drivers\6612510.sys [18/12/2009 11:17 315408]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/11/2009 07:38 108289]

R2 avgfws8;AVG8 Firewall;c:\arquiv~1\AVG\AVG8\avgfws8.exe [9/11/2009 15:12 1370488]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9/11/2009 15:12 29208]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2009 15:13 335240]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [9/11/2009 15:12 297752]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9/11/2009 15:12 29208]

S3 uteznzg0;AVZ Kernel Driver;c:\windows\system32\drivers\uteznzg0.sys [18/12/2009 16:05 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31IOP6M8-1DAB-81AD-BOK1-26OC5H3565645}]

2001-12-31 19:31 0 ----a-w- c:\tender\InterPol\NkeY.exe

.

------- Scan Suplementar -------

.

uStart Page = www.pmmg.mg.gov.br

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\

FF - prefs.js: browser.startup.homepage - hxxps://intranet.policiamilitar.mg.gov.br/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjpi170.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npoji610.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-21 13:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-117609710-796845957-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

.

Tempo para conclusão: 2009-12-21 13:17:42

ComboFix-quarantined-files.txt 2009-12-21 15:17

 

Pré-execução: 8 pasta(s) 24.534.437.888 bytes disponíveis

Pós execução: 12 pasta(s) 24.502.841.344 bytes disponíveis

 

- - End Of File - - 4AEA8D1222951112A586663005960C45

[andersonekarol 0]

BOA TARDE!!

já comecei a ver diferença pois ja consegui acessa o execultar no menu iniciar e ja consigo acessar a propriedades de video na area de trabalho!!!

tem mais alguma coisa?

Pois ainda estou sem controle de propriedades do menu iniciar e da barra de tarefas também, mas ja agradeço a ajuda!!!

[andersonekarol 0]

vixi

o executar sumiu de novo e tambem o acesso ao miniaplicatico video,

ai, e agora?

[wings 22]

1. Por quê não instalou o Console de Recuperação conforme solicitei?

O combofix informa:

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

2. Você tem 2 antivírus instalados. Desinstale um.

 

3. Rode novamente o combofix, instale o console de recuperação e cole um novo log.

[andersonekarol 0]

obrigado, amanha a gente continua pq estão fechando aqui e tenho que ir embora,

mas desde já agradeço!!!

Até amanha!

[wings 22]

Seria bom você ter um cd do Windows. Pode haver a necessidade de fazer uma reparação, pois seu SO deve estar bem comprometido.

[andersonekarol 0]

bom dia!

vou tentar arrumar o cd, mas acho que o proxy aqui ta bloqueando pois não consigo baixar o console de recupreação do windows. Me esclareça uma duvida, posso salvar meu backup seguro sem esse virus? tem outro jeito de baixar o console de recuperação?

 

 

segue o relatorio do combofix de hoje.

 

 

ComboFix 09-12-20.08 - Administrador 22/12/2009 8:33.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.313 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Dir.Tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-22 to 2009-12-22 ))))))))))))))))))))))))))))

.

 

2009-12-22 10:29 . 2006-11-21 14:18 13284027 ----a-w- C:\sdat4900.exe

2009-12-21 11:48 . 2009-12-04 12:41 151816 ----a-w- c:\documents and settings\Administrador\SalityKiller.exe.exe

2009-12-21 11:26 . 2009-12-21 11:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-18 19:58 . 2009-12-18 19:58 -------- d-----w- c:\documents and settings\Administrador\DoctorWeb

2009-12-18 19:04 . 2009-12-21 10:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autorun Eater

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-sh--w- c:\documents and settings\s123456\IETldCache

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456\Menu Iniciar

2009-12-18 18:05 . 2009-12-18 18:10 7168 ----a-w- c:\windows\system32\drivers\uteznzg0.sys

2009-12-18 17:29 . 2009-12-18 17:29 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-12-18 13:17 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\66125102.sys

2009-12-18 13:17 . 2009-10-10 00:31 315408 ----a-w- c:\windows\system32\drivers\6612510.sys

2009-12-18 13:17 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\66125101.sys

2009-12-18 11:08 . 2009-12-18 11:08 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-12-18 11:06 . 2008-10-09 11:02 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\CONFIG\aebb.dll

2009-12-18 10:42 . 2009-12-18 10:42 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000600002i\AcroRd32Info.exe

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\1000000b00002i\verclsid.exe

2009-12-15 15:59 . 2009-12-15 15:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AnvSoft

2009-12-15 10:58 . 2009-12-18 18:56 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-14 17:11 . 2009-12-18 18:57 -------- d--h--w- c:\documents and settings\Administrador\Recent(2)

2009-12-12 03:55 . 2005-07-25 18:57 4779 ----a-w- c:\windows\mozilla.vbs

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\system\grouppol.dll

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\grouppol.dll

2009-12-11 17:30 . 1999-02-04 20:24 515598 ----a-w- C:\Darius Force.zip

2009-12-11 17:25 . 2000-04-17 16:13 347480 ----a-w- C:\Super Mario World (Brasil).zip

2009-12-11 17:25 . 1999-02-03 22:03 1325273 ----a-w- C:\Super Mario World 2.zip

2009-12-11 17:22 . 1999-02-20 13:58 347560 ----a-w- C:\Super Mario World.zip

2009-12-11 17:19 . 2009-12-18 18:57 -------- d-----w- C:\super ness

2009-12-11 17:17 . 2009-12-18 18:57 -------- d-----w- C:\jogos

2009-12-11 04:49 . 2009-12-11 04:54 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos\Media Player Classic

2009-12-11 04:23 . 2009-12-22 10:37 -------- d--h--w- c:\documents and settings\s123456\Configurações locais

2009-12-11 04:23 . 2009-12-11 04:49 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos

2009-12-11 04:23 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456

2009-12-11 04:23 . 2009-12-14 17:11 -------- d-----w- c:\documents and settings\s123456\Favoritos

2009-12-04 14:51 . 2009-12-04 12:41 151816 ----a-w- C:\SalityKiller.exe.exe

2009-12-02 13:31 . 2009-12-02 13:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-12-02 04:13 . 2009-12-02 04:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-12-01 12:37 . 2009-12-01 12:39 -------- d-----w- c:\arquivos de programas\Readiris Pro 11

2009-12-01 12:36 . 2009-12-01 12:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-12-01 12:35 . 2009-12-01 12:35 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-12-01 12:35 . 2009-12-02 04:13 -------- d-----w- C:\Program Files

2009-12-01 12:35 . 2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

2009-12-01 12:33 . 2009-12-01 12:34 -------- d-----w- c:\arquivos de programas\HP

2009-12-01 12:33 . 2008-04-13 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-01 12:33 . 2008-04-13 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-01 12:33 . 2001-09-05 19:20 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-12-01 12:33 . 2001-09-05 19:20 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-12-01 12:14 . 2005-10-07 23:29 445440 ----a-w- c:\windows\system32\ltimg13n.dll

2009-12-01 12:12 . 2009-12-01 12:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-11-28 08:58 . 2009-12-15 10:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-28 08:58 . 2009-01-13 13:12 113968 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-11-28 08:56 . 2009-11-28 08:56 -------- d-----w- c:\windows\Sun

2009-11-28 07:08 . 2009-11-28 07:08 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000ea00002i\AdobeARM.exe

2009-11-28 07:07 . 2009-11-28 07:07 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\4000005400002i\AcroRd32.exe

2009-11-28 07:02 . 2009-11-28 07:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall

2009-11-27 09:38 . 2009-12-10 04:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-27 09:38 . 2009-03-30 06:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-27 09:38 . 2009-02-13 07:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-27 09:38 . 2009-02-13 07:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\arquivos de programas\Avira

2009-11-24 10:10 . 2009-11-24 10:10 -------- d-----w- c:\arquivos de programas\7-Zip

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-21 20:07 . 2009-11-09 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-12-21 19:12 . 2009-11-17 13:12 1 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-21 13:08 . 2009-12-14 17:15 2754 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2009-12-21 13:08 . 2008-04-14 10:00 62474 ----a-w- c:\windows\system32\perfc016.dat

2009-12-21 13:08 . 2008-04-14 10:00 416384 ----a-w- c:\windows\system32\perfh016.dat

2009-12-15 16:39 . 2009-11-19 05:39 1744 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-04 11:55 . 2009-11-17 07:00 1632 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-03 07:09 . 2009-11-17 12:40 -------- d-----w- c:\arquivos de programas\IBM3270

2009-12-01 12:14 . 2009-12-01 12:12 -------- d--h--w- c:\arquivos de programas\Agilent-HP

2009-11-24 13:30 . 2009-11-17 09:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-19 05:09 . 2009-11-19 05:09 -------- d-----w- c:\arquivos de programas\Lexmark

2009-11-18 11:04 . 2009-11-18 11:04 -------- d-----w- c:\arquivos de programas\Lexmark_HostCD

2009-11-18 05:51 . 2009-11-09 17:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\arquivos de programas\GPLGS

2009-11-18 05:14 . 2009-11-18 05:14 -------- d-----w- c:\arquivos de programas\Acro Software

2009-11-17 13:10 . 2009-11-17 13:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org

2009-11-17 11:50 . 2009-11-17 11:50 -------- d-----w- c:\arquivos de programas\EPSON

2009-11-17 10:03 . 2001-12-31 19:34 1 ----a-w- c:\documents and settings\AET-\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-11 05:27 . 2009-11-09 16:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\CCleaner

2009-11-11 04:44 . 2009-11-11 04:46 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-11 04:44 . 2009-11-11 04:46 1090224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\AVGToolbarInstall.exe

2009-11-11 04:44 . 2009-11-11 04:46 3513624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-11-11 04:44 . 2009-11-11 04:46 2028312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\Media Player Classic

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\bsplayer

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-09 17:28 . 2009-11-09 17:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Ahead

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-11-09 17:23 . 2009-11-09 17:20 -------- d-----w- c:\arquivos de programas\Java

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\arquivos de programas\BrOffice.org 3

2009-11-09 17:13 . 2009-11-11 04:45 11952 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsstx.dll

2009-11-09 17:13 . 2009-11-11 04:46 325896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys

2009-11-09 17:13 . 2009-11-11 04:45 27784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmfx86.sys

2009-11-09 17:05 . 2009-11-09 17:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WinZip

2009-11-09 16:37 . 2009-11-09 16:37 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-11-09 16:33 . 2009-11-09 16:33 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-09 16:32 . 2009-11-09 16:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-11-09 16:31 . 2009-11-09 16:31 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-05 04:09 . 2009-11-18 05:14 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LMab1err"="c:\arquivos de programas\Lexmark\ErrorApp\LMab1err.exe" [2007-05-11 713648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-22 98304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideShutdownScripts"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"ProfileQuotaMessage"= Você ultrapassou o espaço de armazenamento de seu perfil. Para poder efetuar logoff, você precisa mover alguns itens do perfil para a rede ou para o armazenamento local.

"HideLogonScripts"= 1 (0x1)

"MaxProfileSize"= 30000 (0x7530)

"WarnUserTimeout"= 15 (0xf)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSetTaskbar"= 1 (0x1)

"NoFileAssociate"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.12.2009_14-46.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\setup_9.0.0.722_18.12.2009_14-46.lnk

backup=c:\windows\pss\setup_9.0.0.722_18.12.2009_14-46.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 07:38 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-02 23:38 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OrderReminder Cleaner]

2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2006-04-23 14:32 36864 ----a-w- c:\arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\LMabcoms.exe"=

 

R0 66125102;66125102 Boot Guard Driver;c:\windows\system32\drivers\66125102.sys [18/12/2009 11:17 37392]

R1 66125101;66125101;c:\windows\system32\drivers\66125101.sys [18/12/2009 11:17 128016]

R1 setup_9.0.0.722_18.12.2009_14-46drv;setup_9.0.0.722_18.12.2009_14-46drv;c:\windows\system32\drivers\6612510.sys [18/12/2009 11:17 315408]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/11/2009 07:38 108289]

S3 uteznzg0;AVZ Kernel Driver;c:\windows\system32\drivers\uteznzg0.sys [18/12/2009 16:05 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31IOP6M8-1DAB-81AD-BOK1-26OC5H3565645}]

2001-12-31 19:31 0 ----a-w- c:\tender\InterPol\NkeY.exe

.

------- Scan Suplementar -------

.

uStart Page = www.pmmg.mg.gov.br

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\

FF - prefs.js: browser.startup.homepage - hxxps://intranet.policiamilitar.mg.gov.br/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjpi170.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npoji610.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-AVG8_TRAY - c:\arquiv~1\AVG\AVG8\avgtray.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 08:37

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-117609710-796845957-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

.

Tempo para conclusão: 2009-12-22 08:39:10

ComboFix-quarantined-files.txt 2009-12-22 10:39

ComboFix2.txt 2009-12-21 19:54

ComboFix3.txt 2009-12-21 15:17

 

Pré-execução: 11 pasta(s) 24.404.332.544 bytes disponíveis

Pós execução: 12 pasta(s) 24.373.854.208 bytes disponíveis

 

- - End Of File - - 92D3D52692CD3E9828C704DE0F74DCDD

[andersonekarol 0]

bom eu instalei o console de recuperação por fora e executei ele no combofix e tirei outro relatório

 

 

 

ComboFix 09-12-20.08 - Administrador 22/12/2009 9:22.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.303 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-22 to 2009-12-22 ))))))))))))))))))))))))))))

.

 

2009-12-22 10:29 . 2006-11-21 14:18 13284027 ----a-w- C:\sdat4900.exe

2009-12-21 11:48 . 2009-12-04 12:41 151816 ----a-w- c:\documents and settings\Administrador\SalityKiller.exe.exe

2009-12-21 11:26 . 2009-12-21 11:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-18 19:58 . 2009-12-18 19:58 -------- d-----w- c:\documents and settings\Administrador\DoctorWeb

2009-12-18 19:04 . 2009-12-21 10:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autorun Eater

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-sh--w- c:\documents and settings\s123456\IETldCache

2009-12-18 18:57 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456\Menu Iniciar

2009-12-18 18:05 . 2009-12-18 18:10 7168 ----a-w- c:\windows\system32\drivers\uteznzg0.sys

2009-12-18 17:29 . 2009-12-18 17:29 -------- d-----w- c:\arquivos de programas\Trend Micro

2009-12-18 13:17 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\66125102.sys

2009-12-18 13:17 . 2009-10-10 00:31 315408 ----a-w- c:\windows\system32\drivers\6612510.sys

2009-12-18 13:17 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\66125101.sys

2009-12-18 11:08 . 2009-12-18 11:08 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-12-18 11:06 . 2008-10-09 11:02 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\CONFIG\aebb.dll

2009-12-18 10:42 . 2009-12-18 10:42 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000600002i\AcroRd32Info.exe

2009-12-16 14:40 . 2009-12-16 14:40 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\1000000b00002i\verclsid.exe

2009-12-15 15:59 . 2009-12-15 15:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AnvSoft

2009-12-15 10:58 . 2009-12-18 18:56 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-14 17:11 . 2009-12-18 18:57 -------- d--h--w- c:\documents and settings\Administrador\Recent(2)

2009-12-12 03:55 . 2005-07-25 18:57 4779 ----a-w- c:\windows\mozilla.vbs

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\system\grouppol.dll

2009-12-12 03:55 . 2005-08-01 12:07 32768 ----a-w- c:\windows\grouppol.dll

2009-12-11 17:30 . 1999-02-04 20:24 515598 ----a-w- C:\Darius Force.zip

2009-12-11 17:25 . 2000-04-17 16:13 347480 ----a-w- C:\Super Mario World (Brasil).zip

2009-12-11 17:25 . 1999-02-03 22:03 1325273 ----a-w- C:\Super Mario World 2.zip

2009-12-11 17:22 . 1999-02-20 13:58 347560 ----a-w- C:\Super Mario World.zip

2009-12-11 17:19 . 2009-12-18 18:57 -------- d-----w- C:\super ness

2009-12-11 17:17 . 2009-12-18 18:57 -------- d-----w- C:\jogos

2009-12-11 04:49 . 2009-12-11 04:54 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos\Media Player Classic

2009-12-11 04:23 . 2009-12-22 11:26 -------- d--h--w- c:\documents and settings\s123456\Configurações locais

2009-12-11 04:23 . 2009-12-11 04:49 -------- d-----w- c:\documents and settings\s123456\Dados de aplicativos

2009-12-11 04:23 . 2009-12-18 18:57 -------- d-----w- c:\documents and settings\s123456

2009-12-11 04:23 . 2009-12-14 17:11 -------- d-----w- c:\documents and settings\s123456\Favoritos

2009-12-04 14:51 . 2009-12-04 12:41 151816 ----a-w- C:\SalityKiller.exe.exe

2009-12-02 13:31 . 2009-12-02 13:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-12-02 04:13 . 2009-12-02 04:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2009-12-01 12:37 . 2009-12-01 12:39 -------- d-----w- c:\arquivos de programas\Readiris Pro 11

2009-12-01 12:36 . 2009-12-01 12:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-12-01 12:35 . 2009-12-01 12:35 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-12-01 12:35 . 2009-12-02 04:13 -------- d-----w- C:\Program Files

2009-12-01 12:35 . 2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

2009-12-01 12:33 . 2009-12-01 12:34 -------- d-----w- c:\arquivos de programas\HP

2009-12-01 12:33 . 2008-04-13 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-01 12:33 . 2008-04-13 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-01 12:33 . 2001-09-05 19:20 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2009-12-01 12:33 . 2001-09-05 19:20 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-12-01 12:14 . 2005-10-07 23:29 445440 ----a-w- c:\windows\system32\ltimg13n.dll

2009-12-01 12:12 . 2009-12-01 12:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-11-28 08:58 . 2009-12-15 10:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-28 08:58 . 2009-01-13 13:12 113968 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-11-28 08:56 . 2009-11-28 08:56 -------- d-----w- c:\windows\Sun

2009-11-28 07:08 . 2009-11-28 07:08 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\400000ea00002i\AdobeARM.exe

2009-11-28 07:07 . 2009-11-28 07:07 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\PDF Editor 2\4000005400002i\AcroRd32.exe

2009-11-28 07:02 . 2009-11-28 07:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall

2009-11-27 09:38 . 2009-12-10 04:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-27 09:38 . 2009-03-30 06:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-27 09:38 . 2009-02-13 07:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-27 09:38 . 2009-02-13 07:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-11-27 07:29 . 2009-11-27 07:29 -------- d-----w- c:\arquivos de programas\Avira

2009-11-24 10:10 . 2009-11-24 10:10 -------- d-----w- c:\arquivos de programas\7-Zip

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-21 20:07 . 2009-11-09 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-12-21 19:12 . 2009-11-17 13:12 1 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-21 13:08 . 2009-12-14 17:15 2754 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2009-12-21 13:08 . 2008-04-14 10:00 62474 ----a-w- c:\windows\system32\perfc016.dat

2009-12-21 13:08 . 2008-04-14 10:00 416384 ----a-w- c:\windows\system32\perfh016.dat

2009-12-15 16:39 . 2009-11-19 05:39 1744 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-04 11:55 . 2009-11-17 07:00 1632 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-03 07:09 . 2009-11-17 12:40 -------- d-----w- c:\arquivos de programas\IBM3270

2009-12-01 12:14 . 2009-12-01 12:12 -------- d--h--w- c:\arquivos de programas\Agilent-HP

2009-11-24 13:30 . 2009-11-17 09:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-19 05:09 . 2009-11-19 05:09 -------- d-----w- c:\arquivos de programas\Lexmark

2009-11-18 11:04 . 2009-11-18 11:04 -------- d-----w- c:\arquivos de programas\Lexmark_HostCD

2009-11-18 05:51 . 2009-11-09 17:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\arquivos de programas\GPLGS

2009-11-18 05:14 . 2009-11-18 05:14 -------- d-----w- c:\arquivos de programas\Acro Software

2009-11-17 13:10 . 2009-11-17 13:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org

2009-11-17 11:50 . 2009-11-17 11:50 -------- d-----w- c:\arquivos de programas\EPSON

2009-11-17 10:03 . 2001-12-31 19:34 1 ----a-w- c:\documents and settings\AET-\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-17 10:00 . 2009-11-17 10:00 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-11 05:27 . 2009-11-09 16:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-11-11 04:59 . 2009-11-11 04:59 -------- d-----w- c:\arquivos de programas\CCleaner

2009-11-11 04:44 . 2009-11-11 04:46 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-11 04:44 . 2009-11-11 04:46 1090224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\AVGToolbarInstall.exe

2009-11-11 04:44 . 2009-11-11 04:46 3513624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-11-11 04:44 . 2009-11-11 04:46 2028312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\Media Player Classic

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\documents and settings\AET-\Dados de aplicativos\bsplayer

2009-11-09 17:30 . 2009-11-09 17:30 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-09 17:28 . 2009-11-09 17:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Ahead

2009-11-09 17:24 . 2009-11-09 17:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-11-09 17:23 . 2009-11-09 17:20 -------- d-----w- c:\arquivos de programas\Java

2009-11-09 17:19 . 2009-11-09 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-11-09 17:18 . 2009-11-09 17:18 -------- d-----w- c:\arquivos de programas\BrOffice.org 3

2009-11-09 17:13 . 2009-11-11 04:45 11952 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgrsstx.dll

2009-11-09 17:13 . 2009-11-11 04:46 325896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgldx86.sys

2009-11-09 17:13 . 2009-11-11 04:45 27784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgmfx86.sys

2009-11-09 17:05 . 2009-11-09 17:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WinZip

2009-11-09 16:37 . 2009-11-09 16:37 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-11-09 16:33 . 2009-11-09 16:33 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-09 16:32 . 2009-11-09 16:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-11-09 16:31 . 2009-11-09 16:31 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-05 04:09 . 2009-11-18 05:14 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LMab1err"="c:\arquivos de programas\Lexmark\ErrorApp\LMab1err.exe" [2007-05-11 713648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-22 98304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideShutdownScripts"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"ProfileQuotaMessage"= Você ultrapassou o espaço de armazenamento de seu perfil. Para poder efetuar logoff, você precisa mover alguns itens do perfil para a rede ou para o armazenamento local.

"HideLogonScripts"= 1 (0x1)

"MaxProfileSize"= 30000 (0x7530)

"WarnUserTimeout"= 15 (0xf)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSetTaskbar"= 1 (0x1)

"NoFileAssociate"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

backup=c:\windows\pss\BrOffice.org 3.1.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.12.2009_14-46.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\setup_9.0.0.722_18.12.2009_14-46.lnk

backup=c:\windows\pss\setup_9.0.0.722_18.12.2009_14-46.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 07:38 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-02 23:38 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OrderReminder Cleaner]

2006-08-11 15:02 104960 ----a-r- c:\windows\hporclnr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2006-04-23 14:32 36864 ----a-w- c:\arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\LMabcoms.exe"=

 

R0 66125102;66125102 Boot Guard Driver;c:\windows\system32\drivers\66125102.sys [18/12/2009 11:17 37392]

R1 66125101;66125101;c:\windows\system32\drivers\66125101.sys [18/12/2009 11:17 128016]

R1 setup_9.0.0.722_18.12.2009_14-46drv;setup_9.0.0.722_18.12.2009_14-46drv;c:\windows\system32\drivers\6612510.sys [18/12/2009 11:17 315408]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [27/11/2009 07:38 108289]

S3 uteznzg0;AVZ Kernel Driver;c:\windows\system32\drivers\uteznzg0.sys [18/12/2009 16:05 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{31IOP6M8-1DAB-81AD-BOK1-26OC5H3565645}]

2001-12-31 19:31 0 ----a-w- c:\tender\InterPol\NkeY.exe

.

------- Scan Suplementar -------

.

uStart Page = www.pmmg.mg.gov.br

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\

FF - prefs.js: browser.startup.homepage - hxxps://intranet.policiamilitar.mg.gov.br/

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\fognkhzu.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npjpi170.dll

FF - plugin: c:\arquivos de programas\Java\jre1.7.0\bin\npoji610.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 09:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-117609710-796845957-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,cb,44,6f,99,b0,92,40,95,8b,58,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(464)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-12-22 09:27:46

ComboFix-quarantined-files.txt 2009-12-22 11:27

ComboFix2.txt 2009-12-22 10:39

ComboFix3.txt 2009-12-21 19:54

ComboFix4.txt 2009-12-21 15:17

 

Pré-execução: 11 pasta(s) 24.353.841.152 bytes disponíveis

Pós execução: 12 pasta(s) 24.347.983.872 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - EB9FA9299749F1CA1766B964D6A7D9F8