Não me parece que tenha de se preocupar, mas faça
isto para descargo de consciência e diga-me se o log final apresentou algo de errado.
Zee
Já fiz os passos todos que me indicaste e tudo parece bem, originou o seguinte ficheiro de texto:
SDFix: Version 1.240
Run by Administrator on 17-11-2008 at 16:01
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-17 16:07:27
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:1c,97,90,02,04,00,00,00,00,00,00,00,41,44,42,43,32,42,35,38,35,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:ec,7c,ad,85,4e,e1,99,ba,0e,94,c7,6c,a9,04,e5,04,b7,74,76,6c,fa,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,21,ac,6a,2c,54,4f,8f,83,c9,2d,ea,7b,3f,6b,0f,9b,a7,..
"hdf12"=hex:58,09,88,9a,f9,01,d4,c9,ea,04,78,83,5a,4e,6c,d0,de,e3,a1,f4,09,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:90,f8,f5,65,0a,c7,99,8c,16,0f,6f,fb,8e,fd,cc,7d,c9,ae,d7,35,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,5c,8f,68,2c,2d,ef,3b,7c,fc,b6,e3,99,81,43,52,a0,b1,..
"hdf12"=hex:ab,30,c6,b2,95,1c,fe,16,52,79,5c,8b,98,07,0f,be,78,cf,c1,bb,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:38,6e,d7,72,89,f5,e7,6e,27,57,74,c8,56,1c,78,62,53,e4,96,48,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,69,52,c4,2b,31,8a,ee,1f,bc,c2,b6,e8,fd,4b,8e,74,20,f6,34,09,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b5,26,fc,49,83,3e,25,0d,35,9d,b3,28,93,dd,61,31,4b,..
"khjeh"=hex:dc,a1,de,7f,0b,69,33,bb,c4,69,92,89,4e,99,ff,07,e8,5c,3b,8c,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:af,4f,8b,17,15,e0,b2,d9,f0,6b,63,9b,96,61,40,b8,b4,76,17,9b,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:1c,97,90,02,04,00,00,00,00,00,00,00,41,44,42,43,32,42,35,38,35,..
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:ec,7c,ad,85,4e,e1,99,ba,0e,94,c7,6c,a9,04,e5,04,b7,74,76,6c,fa,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,21,ac,6a,2c,54,4f,8f,83,c9,2d,ea,7b,3f,6b,0f,9b,a7,..
"hdf12"=hex:58,09,88,9a,f9,01,d4,c9,ea,04,78,83,5a,4e,6c,d0,de,e3,a1,f4,09,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:90,f8,f5,65,0a,c7,99,8c,16,0f,6f,fb,8e,fd,cc,7d,c9,ae,d7,35,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,5c,8f,68,2c,2d,ef,3b,7c,fc,b6,e3,99,81,43,52,a0,b1,..
"hdf12"=hex:ab,30,c6,b2,95,1c,fe,16,52,79,5c,8b,98,07,0f,be,78,cf,c1,bb,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:38,6e,d7,72,89,f5,e7,6e,27,57,74,c8,56,1c,78,62,53,e4,96,48,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,69,52,c4,2b,31,8a,ee,1f,bc,c2,b6,e8,fd,4b,8e,74,20,f6,34,09,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b5,26,fc,49,83,3e,25,0d,35,9d,b3,28,93,dd,61,31,4b,..
"khjeh"=hex:dc,a1,de,7f,0b,69,33,bb,c4,69,92,89,4e,99,ff,07,e8,5c,3b,8c,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:af,4f,8b,17,15,e0,b2,d9,f0,6b,63,9b,96,61,40,b8,b4,76,17,9b,8e,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="E6733C3F736AA1D7D1C380BE6551A5F2ABE9E443A577EB112B5ABB418F364537DF1705BC1B943F40A44913CAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D14075485315BD2C3819A893E56F7DDDDD97DEF672B5454033F050F3C85D1E2C99C63893DC056711D2DDF06619DA4A0DB2BDE359CB48ACA3F082959B87A501D9CB5946C6F508A3CED856E44EA2629FB318DC05C0032EAA713285E9B4C2B0BD2EEF8C9B78F21CF48940CDB21EB5EE2F66A7DCE8260D879015937865124B548CD07B5B7E7C7DAD3AFE3E854372A13049B879BC8063E408BF4DCEB96BA1F9AA5D89E5CABBEF287970F24E595EB9FF91279FC290509D1E54E215FA518DA514012C563838140A19570098F73F5E3F729E523B211E9740629BEAA1763A77B026FD1E878662C3798D606C254235988979C2E2E04DC74F1F64F30B7ABC977A82C567B9AF2DFB2AF5183D466972B3D0991326D35423EB47179FE4975B9A3CB310105FCB7DCF42EFAF6332FA16DE8B0D6B02F785930074EA513C6851254DCFEAA62F214A13549CDAEEA6738A564D9562AF1BAF7B906B1FB06FE163242FE067C6DE776553CEC28D223C17FE9A778A0E5F9085FEC80F0D8074E2BC1F33D3254C7145E50A870E97F94F5C34490631F84A986570E26D58FBB517CB981BF3FDBA0F4FE441FC8A907607C08EC5E4C133D7002D1F8984A68763FCED481736108DDE72D534D6AC75B1101897FEEDD147CAFF2E1A2BA36D36C2D6B08DC8E15F7D98BCAAE79619A87F6CC3B4EC4AD34AD6243C051011F031097B06B99E11DCC74FDAE8F4A1C9BFB40F7EC0D6F8441B7388EBCAD6A3CDA7F20A4F00F32F0A063A0BE059C65AC4B427D599D18A9317623A34FD3365D66570D7AD1D14B17DEC003946C3E80F7DE75021F9BFBA2C8FDCE94B377327A6CD633F3E8632B3721C256BD405A016C90AACEB35AC41B9630667D0F835AF6BA6FA53F60899D488F3C76EF0966616434D04C46B5B45C7E81D5256CF7FD53B4E0D1320061CDCDE9B26819D1BB1D5CF6D16DC3F7490B6F231745BDB61A643FF274929E31687A40C425390F7111502AB9E0AFD63A148D8D762A9A732DA4CB00ADA7C4D03ECFAB487F905800782C3EAE9FA3740B139EBF4E58360A50D4A81DFAD3CB1072C951CC3D37BD81D447907952947EADAE3E56794721D95922669E149A465631F2A90DA0F9FB9F05BEEEA5E80173F960502C0EE4169A5562F8CD5E424C5E65F40465843DDBD047C7B0B5B8C72A0FC2A5457F7904DB019014AA2BA70D01E5B5BE9ABDA18BC62EEE40601779A3BF2BAAABA40FB3A9BC88146F4FD49D2CAE9CAA08F1212FCAA001F1FC49C1FC613C012633CB6838FDE2D50E0CC551C52C"
"OOCC06.00.00.01WSSV"="208D0B0FDEA03BB09233889486FB459086E216EAFD342242801E6F1DF72CBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808E90BA3E89E1A16C0F0EE1ED7E68D2F088B435FED43F3FBE7DBC623A4E4680333A7F0C29B51A83A833537F9E50E7A4E5E4F953394646475B74F7664A736B65BBB30DF823860E513EA42F479802AAE1F855F433FAFCB9208CE37E8F1937C1E840FAC8203031A03AAF6B9677B2A55803ECCF14244207B9881E507E98943C31D9AF16518A574B085909CDE65A21B8B1ACBF4669A46F758E6AFABD4D531C7F70A40224C7390BB3EC8D5439B54563D2BFA6BB03B6B8C7FAB40EA42599F3365EC8B9A4D71FC2DB93CF814C6783241ADFAF5C3AB1764A431A4BE88BF74CD1C1659A1D3170E2F2B848A1862F7A80F53C023B18181C24BDC3E514CE72DA57A3C84D71A1A167B997CE4EB7C611AFC8EBE7B2F29D344AAF94B89AA2AE70A94D3A912659B9D55B95FD55809CEB36570E9FB998F2B6EF75F5DC6A9866A6D47891C3DD3661E9554EAB73310EC8EFE869CECC50919D9881696756C6BA574E1CAF42914919EEEB904566E5173870C6F1CC2779AEB042C5E0CA85A1C4EA686B1EEE6668FC73BAD494F66E1B21A2AED333B457E3E99EC6D30399232798491AECC8215D1D4A74951858D2A869DD20EADFBEAAD8A371CD3BC407475BCEB774ED129C75AFC4D153AA0B310D4E29C9ECD1880292737D1329E0BD70795C8A1BF2A26BD72340E25A8E6B89D193E12FC326AD17C6481349B4E13A140ACDDBE0A31D5B8882FC441CDAE080B91DEDE43D2F7C44D2E8132C6E8176019CB965815D9CB68E70A1A5162FDA83C5CE00E57BAF08D2556D7D74E4751671461CBE9375B8648DAE946C54455ABC985C4E0C46BCE7444B80AC03393A1AE4C253D99405031CF928A44C5392C8E187C4BB06B95FE6BBAA10D5AB2D3E056208AE94311261BCBB3C9395316EC391B41DB5762DD88A08FE45E958C7DEE3CF88917215D109CB5F5F5C08AC7C7D042966D3859ED9A187CCE5AE9AA3C732BCA32929C69CB7A19600CA10109A46EC4C2B4A596E03C8633E5CF456507D46AA4D93F257A46A1BA0300FE7EC3A241A42055BB37AF66898BBDD4CD13244A193E6CD96FF142A2C2B8BA1C5421F9A8CA852DBE0633EFC467188DE3987532F71ECB855E276BBAC9ECE68D64A5D9C64FBFB1A8E202EE77B8B99CEDD114E34B764FF6689D5EC75EEBAEB74328204481B174CD45CD30039B663A8F1E013618E293E82781F5A2025C9DE8A293DC843A36CB9083A9ABA8CC6452F4E951F88A8F1DFBFE46AE66925B965753A32C9AA8DB24000FFE6F4F156D8DE84AA9AEE3B08D534474C1C71263D5A4F4793BAD1F"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54101B79-98A7-13FA-5A62-412F889A2FD4}]
"bbifhcogbpefhfnicolkjkdbidglhanodjif"=hex:61,61,00,00
"abifhcogbpefhfnicogkimmdeampjbahfa"=hex:61,61,00,00
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\MirandaFusion 1M\\miranda32.exe"="C:\\Program Files\\MirandaFusion 1M\\miranda32.exe:*:Enabled:Miranda Fusion"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Steam\\steamapps\\common\\crysis wars\\Bin32\\Crysis.exe"="C:\\Program Files\\Steam\\steamapps\\common\\crysis wars\\Bin32\\Crysis.exe:*:Enabled:Crysis Wars"
"C:\\jogos\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"="C:\\jogos\\Sacred 2 - Fallen Angel\\system\\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\\jogos\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"="C:\\jogos\\Sacred 2 - Fallen Angel\\system\\sacred2.exe:*:Enabled:Sacred 2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe:*:Enabled:Flashget2"
"C:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"="C:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
Files with Hidden Attributes :
Thu 9 Oct 2008 536,870,912 A..H. --- "C:\san_test.tmp"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 3 Nov 2008 2,158 ...HR --- "C:\Documents and Settings\poolmania\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!