×
×
Ir ao conteúdo
  • Cadastre-se

Pc cheio de trojan´s


HSES

Posts recomendados

Bom dia !

Meu pc cfe. o RemoveIT Pro v7 Enterprise esta repleto de trojan´s. Quando estou em meus documentos abrindo um arquivo no word aparece a figura infra :

screenshot014v.th.png

Log do gmer enorme, por isto não posto aqui . Segue log do dds :

DDS (Ver_09-07-30.01) - FAT32x86

Run by edsom luis at 1:07:34,92 on 20/08/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.87 [GMT -3:00]

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe -k eapsvcs

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

D:\WINDOWS\system32\msfeedssync.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - d:\arquivos de programas\gbplugin\gbiehcef.dll

uRun: [msnmsgr] "d:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [Gadwin PrintScreen] d:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [RemoveIT Pro v7Ent] d:\arquivos de programas\incode solutions\removeit pro v7 enterprise\removeit.exe

mRun: [Google Desktop Search] "d:\arquivos de programas\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avgnt] "d:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [Malware Defender] d:\arquivos de programas\malware defender\malwaredefender.exe

uPolicies-explorer: NoRealMode = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Notify: GbPluginCef - d:\arquivos de programas\gbplugin\gbiehcef.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - d:\arquivos de programas\gbplugin\gbiehcef.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-14 11608]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [2009-7-27 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [2009-4-29 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [2009-8-17 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-8-14 108289]

R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-14 185089]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 55656]

R2 GbpSv;Gbp Service;d:\arquiv~1\gbplugin\GbpSv.exe [2008-6-18 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-4-16 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-4-16 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-4-16 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\malware defender\mdservice.exe [2009-7-27 84992]

R2 SeaPort;SeaPort;d:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S0 Lbd;Lbd;d:\windows\system32\drivers\lbd.sys --> d:\windows\system32\drivers\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [2009-8-15 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [2009-8-15 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\google\google desktop search\GoogleDesktop.exe [2009-4-11 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

============== File Associations ===============

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

=============== Created Last 30 ================

2009-08-19 22:04 <DIR> --d----- d:\arquivos de programas\InCode Solutions

2009-08-19 15:18 216,064 a------- d:\windows\PEV.exe

2009-08-19 15:18 161,792 a------- d:\windows\SWREG.exe

2009-08-19 15:18 98,816 a------- d:\windows\sed.exe

2009-08-19 13:17 <DIR> --d----- d:\arquivos de programas\Enigma Software Group

2009-08-18 12:35 <DIR> --d----- D:\!KillBox

2009-08-17 10:51 243,200 -------- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 20:12 396,288 a------- D:\HijackThis.exe

2009-08-16 16:36 <DIR> --d----- D:\ToolBar SD

2009-08-16 16:26 <DIR> --d----- D:\Lop SD

2009-08-15 23:11 <DIR> --dsh--- D:\FOUND.000

2009-08-15 19:31 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\iolo

2009-08-15 19:06 54,624 a------- d:\windows\system32\72568.sys

2009-08-15 19:06 2,335,270 a------- d:\windows\system32\bc867.mht

2009-08-15 18:51 128,352 a------- d:\windows\system32\9235D.dll

2009-08-15 18:51 54,624 a------- d:\windows\system32\9235D.sys

2009-08-15 18:50 2,335,270 a------- d:\windows\system32\47e5C.mht

2009-08-15 12:33 <DIR> --d----- d:\arquivos de programas\Malware Defender

2009-08-14 22:00 129 a------- d:\windows\Rav.inf

2009-08-14 22:00 47 a------- d:\windows\Rav.ini

2009-08-14 19:08 19,456 a------- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 19:07 19,456 a------- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 19:07 19,456 a------- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 16:47 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avira

2009-08-14 16:43 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-08-14 13:46 157,712 a------- d:\windows\system32\drivers\tmcomm.sys

2009-08-13 15:48 272 a------- d:\windows\system32\drivers\sfi.dat

2009-08-13 10:01 128,512 -------- d:\windows\system32\dllcache\dhtmled.ocx

2009-08-13 10:00 1,315,328 -------- d:\windows\system32\dllcache\msoe.dll

2009-08-12 13:08 <DIR> --d----- d:\arquivos de programas\Lavalys

2009-08-09 10:18 1,089,883 -------- d:\windows\system32\dllcache\ntprint.cat

2009-08-08 23:14 <DIR> --d----- D:\f3e64e655c4cf5ea0969946e

2009-08-05 06:00 205,312 -------- d:\windows\system32\dllcache\mswebdvd.dll

2009-07-31 15:51 <DIR> --d-h--- d:\windows\PIF

2009-07-30 14:07 <DIR> --d----- d:\windows\system32\CatRoot2

2009-07-30 14:06 <DIR> --d-h--- d:\arquivos de programas\WindowsUpdate

2009-07-27 14:28 148,496 a------- d:\windows\system32\drivers\12878755.sys

2009-07-27 00:52 95,744 a------- d:\windows\system32\mdhook.dll

2009-07-24 00:01 <DIR> --d----- d:\documents and settings\all users\Modelos

2009-07-23 12:10 <DIR> --d----- d:\arquivos de programas\blcorp

2009-07-21 23:46 <DIR> a-dshr-- D:\autorun.inf

2009-07-21 20:37 579,072 a------- d:\windows\system32\dllcache\user32.dll

2009-07-21 20:35 <DIR> --d----- d:\windows\ERUNT

==================== Find3M ====================

2009-08-19 23:25 32 a--sh--- d:\windows\system32\drivers\fidbox.idx

2009-08-19 23:25 32 a--sh--- d:\windows\system32\drivers\fidbox.dat

2009-08-12 11:44 468,108 a------- d:\windows\system32\perfh016.dat

2009-08-12 11:44 79,022 a------- d:\windows\system32\perfc016.dat

2009-08-05 06:00 205,312 a------- d:\windows\system32\mswebdvd.dll

2009-08-03 13:36 38,160 a------- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 13:36 19,096 a------- d:\windows\system32\drivers\mbam.sys

2009-07-28 16:33 55,656 a------- d:\windows\system32\drivers\avgntflt.sys

2009-07-19 18:45 11,067,392 a------- d:\windows\system32\dllcache\ieframe.dll

2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\mshtml.dll

2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\cache\mshtml.dll

2009-07-18 10:05 208 a------- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 16:03 58,880 a------- d:\windows\system32\atl.dll

2009-07-17 16:03 58,880 -------- d:\windows\system32\dllcache\atl.dll

2009-07-12 12:21 4,874,240 a------- d:\windows\system32\dllcache\wmp.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\dllcache\wmpdxm.dll

2009-07-03 08:01 173,056 a------- d:\windows\system32\dllcache\ie4uinit.exe

2009-06-16 11:39 119,808 a------- d:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- d:\windows\system32\fontsub.dll

2009-06-16 11:39 119,808 -------- d:\windows\system32\dllcache\t2embed.dll

2009-06-16 11:39 81,920 -------- d:\windows\system32\dllcache\fontsub.dll

2009-06-15 07:44 81,408 a------- d:\windows\system32\tlntsess.exe

2009-06-15 07:44 77,824 a------- d:\windows\system32\telnet.exe

2009-06-15 07:44 81,408 -------- d:\windows\system32\dllcache\tlntsess.exe

2009-06-15 07:44 77,824 -------- d:\windows\system32\dllcache\telnet.exe

2009-06-12 00:43 219,648 a------- d:\windows\system32\uxtheme.dll

2009-06-10 11:14 85,504 a------- d:\windows\system32\avifil32.dll

2009-06-10 11:14 85,504 -------- d:\windows\system32\dllcache\avifil32.dll

2009-06-10 09:21 2,066,432 a------- d:\windows\system32\mstscax.dll

2009-06-10 09:21 2,066,432 a------- d:\windows\system32\dllcache\mstscax.dll

2009-06-10 03:15 132,096 a------- d:\windows\system32\wkssvc.dll

2009-06-10 03:15 132,096 -------- d:\windows\system32\dllcache\wkssvc.dll

2009-06-03 16:10 1,295,872 a------- d:\windows\system32\quartz.dll

2009-06-03 16:10 1,295,872 a------- d:\windows\system32\dllcache\quartz.dll

2009-03-27 20:27 2,399 a------- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-02-26 11:04 234,477 a------- d:\arquivos de programas\arquivos comuns\english.lng

2009-02-26 11:04 8,250 a------- d:\arquivos de programas\arquivos comuns\license.rtf

2009-02-26 10:49 3,712,000 a------- d:\arquivos de programas\arquivos comuns\opera.dll

2009-02-26 10:49 20,480 a------- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-02-26 10:49 653,419 a------- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-02-26 10:49 99,328 a------- d:\arquivos de programas\arquivos comuns\opera.exe

2009-01-07 13:52 6,809 a------- d:\arquivos de programas\arquivos comuns\license.txt

2008-09-03 14:12 8,470 a------- d:\arquivos de programas\arquivos comuns\search.ini

2008-06-09 10:17 301 a------- d:\arquivos de programas\arquivos comuns\c3nform.vxml

2008-05-05 09:51 3,873 a------- d:\arquivos de programas\arquivos comuns\lngcode.txt

2004-02-26 13:35 7,904 a------- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2009-01-21 12:39 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-03-08 14:09 638,816 a--sh--- d:\windows\niwradsoft shell pack\backup\iexplore.exe

============= FINISH: 1:09:08,96 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2007 10:51:37

System Uptime: 19/08/2009 23:33:41 (2 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 7,516 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 39,219 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_AVG_ANTI-SPYWARE_DRIVER\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_AVG_ANTI-SPYWARE_DRIVER\0000

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_BOCDRIVE\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000

Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Dispositivo de áudio USB

Device ID: ROOT\LEGACY_IOLO_SRV\0000

Manufacturer: (Áudio USB genérico)

Name: Dispositivo de áudio USB

PNP Device ID: ROOT\LEGACY_IOLO_SRV\0000

Service: usbaudio

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Dispositivo de áudio USB

Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Manufacturer: (Áudio USB genérico)

Name: Dispositivo de áudio USB

PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Service: usbaudio

==== System Restore Points ===================

RP807: 10/08/2009 11:16:13 - Ponto de verificação do sistema

RP808: 12/08/2009 15:06:22 - Made by Regsofts

RP809: 12/08/2009 15:09:49 - Made by Regsofts

RP810: 12/08/2009 15:13:09 - Made by Regsofts

RP811: 13/08/2009 13:05:21 - Kaspersky Internet Security 2009 instalado.

RP812: 13/08/2009 16:57:11 - Revo Uninstaller's restore point - COMODO Internet Security

RP813: 13/08/2009 17:12:47 - Kaspersky Internet Security 2009 removido.

RP814: 13/08/2009 17:16:45 - Revo Uninstaller's restore point - Comodo HopSurf

RP815: 14/08/2009 00:00:15 - Software Distribution Service 3.0

RP816: 14/08/2009 15:24:53 - Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus

RP817: 14/08/2009 15:25:04 - Avira AntiVir Personal - 14/08/2009 15:25

RP818: 14/08/2009 15:29:20 - Instalado Kaspersky Anti-Virus 2010.

RP819: 14/08/2009 15:51:21 - Revo Uninstaller's restore point - Kaspersky Anti-Virus 2010

RP820: 14/08/2009 15:52:42 - Removido Kaspersky Anti-Virus 2010.

RP821: 14/08/2009 16:43:41 - Avira AntiVir Personal - 14/08/2009 16:43

RP822: 14/08/2009 18:25:34 - Revo Uninstaller's restore point - Exterminate It!

RP823: 14/08/2009 21:45:32 - Revo Uninstaller's restore point - Rising Antivirus

RP824: 14/08/2009 22:08:26 - Revo Uninstaller's restore point - Rising Antivirus

RP825: 15/08/2009 19:36:04 - Revo Uninstaller's restore point - FindyKill

RP826: 15/08/2009 20:54:43 - Revo Uninstaller's restore point - Malware Defender

RP827: 17/08/2009 10:57:02 - Revo Uninstaller's restore point - Malware Defender

RP828: 17/08/2009 11:02:47 - Revo Uninstaller's restore point - UsbFix

RP829: 18/08/2009 14:22:38 - Revo Uninstaller's restore point - MV RegClean 5.9

RP830: 19/08/2009 14:16:33 - Revo Uninstaller's restore point - SpyHunter

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.2 - Português

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows XP (KB942763)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB973815)

Avira AntiVir Personal - Free Antivirus

C-Media WDM Audio Driver

CCleaner (remove only)

Choice Guard

EVEREST Ultimate Edition v5.02

Free Window Registry Repair

Gadwin PrintScreen

Google Chrome

Google Desktop

GTOneCare

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

hp deskjet 3500

HP Photo and Imaging 2.0 - Deskjet Series

hp print screen utility

Java 6 Update 11

Java 6 Update 5

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Professional Edição 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.11)

Mozilla Firefox (3.5)

MSI to redistribute MS VS2005 CRT libraries

Opera 10.00

Opera 9.64

RemoveIT Pro v7 (Trial)

Revo Uninstaller 1.83

Seven Remix XP 2.1

Spelling Dictionaries Support For Adobe Reader 9

você 9.0 Runtime

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

14/08/2009 19:08:27, Informações: Windows File Protection [64001] - Tentativa de substituição do arquivo no arquivo do sistema protegido agt0804.dll. Esse arquivo foi restaurado para a versão original para manter a estabilidade do sistema. A versão do arquivo inválido é 2.0.0.2115, a versão do arquivo do sistema é 2.0.0.3422.

14/08/2009 19:07:50, Informações: Windows File Protection [64001] - Tentativa de substituição do arquivo no arquivo do sistema protegido agt0411.dll. Esse arquivo foi restaurado para a versão original para manter a estabilidade do sistema. A versão do arquivo inválido é 2.0.0.2115, a versão do arquivo do sistema é 2.0.0.3422.

14/08/2009 19:07:42, Informações: Windows File Protection [64001] - Tentativa de substituição do arquivo no arquivo do sistema protegido agt0404.dll. Esse arquivo foi restaurado para a versão original para manter a estabilidade do sistema. A versão do arquivo inválido é 2.0.0.2115, a versão do arquivo do sistema é 2.0.0.3422.

==== End Of File ===========================

Segue log do :

RemoveIT Pro v7 Enterprise (Build date: 11.11.2008) log.

Generated at: 19/08/2009 on 22:06:38

Microsoft Windows XP Professional Service Pack 3 (Build 2600)

22:06:38: Scanning, please wait...

22:13:51: Infected file (Sys32.eempty) D:\WINDOWS\system32\eempty.exe -> No action taken.

22:15:11: Infected file (Sys32.langdll) D:\WINDOWS\system32\langdll.dll -> No action taken.

22:18:12: Infected file (Sys32.xceedbkp) D:\WINDOWS\system32\xceedbkp.dll -> No action taken.

22:19:00: Infected file (Sys32.msajt200) D:\WINDOWS\system\msajt200.dll -> No action taken.

22:19:04: Infected file (Sys32.pev) D:\WINDOWS\pev.exe -> No action taken.

22:19:12: Infected file (Sys32.syssd) D:\WINDOWS\system\syssd.dll -> No action taken.

22:19:15: Infected file (Sys32.vbajet) D:\WINDOWS\system\vbajet.dll -> No action taken.

22:19:48: Infected file (Sys32.gbiehcef) D:\Arquivos de programas\GbPlugin\gbiehcef.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpdist) D:\Arquivos de programas\GbPlugin\gbpdist.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpsv) D:\Arquivos de programas\GbPlugin\gbpsv.exe -> No action taken.

22:19:51: 10 Dangerous files has been found on your computer.

Click on "Fix" button to fix selected tasks.

22:20:13: Scanning, please wait...

22:50:10: Infected file (Sys32.vbajet) C:\WINXP\system\VBAJET.DLL -> No action taken.

22:50:10: Infected file (Sys32.msajt200) C:\WINXP\system\MSAJT200.DLL -> No action taken.

22:51:39: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP826\A0077852.exe -> No action taken.

22:51:40: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP826\A0077916.exe -> No action taken.

22:51:43: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP830\A0079912.exe -> No action taken.

22:59:46: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135402-251.dll -> No action taken.

22:59:46: Infected file (Sys32.gbpdist) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135403-769.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135520-468.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135554-845.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135626-168.dll -> No action taken.

23:04:40: 20 Dangerous files has been found on your computer.

Grato

Link para o comentário
Compartilhar em outros sites

Boa Tarde !

Segue os logs :

DDS (Ver_09-07-30.01) - FAT32x86 NETWORK

Run by edsom luis at 12:52:36,37 on 23/08/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.211 [GMT -3:00]

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\WINDOWS\Explorer.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: G-Buster Browser Defense CEF: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - GbIehObj Class

uRun: [Gadwin PrintScreen] d:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [RemoveIT Pro v7Ent] d:\arquivos de programas\incode solutions\removeit pro v7 enterprise\removeit.exe

uRun: [msnmsgr] "d:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [Google Desktop Search] "d:\arquivos de programas\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avgnt] "d:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [GrooveMonitor] "d:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [DWQueuedReporting] "d:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\uolvoi~1.lnk - d:\arquivos de programas\uol\uim\uim.exe

StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\uolvoi~1.lnk - d:\arquivos de programas\uol\uim\uim.exe

uPolicies-explorer: NoRealMode = 0 (0x0)

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquiv~1\micros~2\office12\GR99D3~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

SEH: GbPlugin ShlObj: {e37cb5f0-51f5-4395-a808-5fa49e399003} - GbPluginObj Class

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

S0 Lbd;Lbd;d:\windows\system32\drivers\lbd.sys --> d:\windows\system32\drivers\Lbd.sys [?]

S1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-14 11608]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [2009-7-27 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [2009-4-29 148496]

S1 jafgomlk;jafgomlk;d:\windows\system32\drivers\jafgomlk.sys [2009-8-22 243200]

S1 nlaljkbk;nlaljkbk;d:\windows\system32\drivers\nlaljkbk.sys [2009-8-21 243200]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [2009-4-24 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-8-14 108289]

S2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-14 185089]

S2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 55656]

S2 GbpSv;Gbp Service; [x]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloProductUpdate;iolo Product Update Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S2 SeaPort;SeaPort;d:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

S3 0474A;0474A; [x]

S3 1de49;1de49; [x]

S3 40e4E;40e4E; [x]

S3 5dc48;5dc48; [x]

S3 72568;72568;d:\windows\system32\72568.sys [2009-8-15 54624]

S3 7d050;7d050; [x]

S3 9235D;9235D;d:\windows\system32\9235D.sys [2009-8-15 54624]

S3 9674F;9674F; [x]

S3 c4c43;c4c43; [x]

S3 c5744;c5744; [x]

S3 f4845;f4845; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\google\google desktop search\GoogleDesktop.exe [2009-4-11 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

UnknownUnknown vkquwexg;vkquwexg; [x]

============== File Associations ===============

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

=============== Created Last 30 ================

2009-08-23 01:47 <DIR> --dsh--- D:\Recycled

2009-08-22 19:11 <DIR> --dsh--- D:\FOUND.007

2009-08-22 19:03 <DIR> --dsh--- D:\FOUND.006

2009-08-22 18:49 229,376 a------- d:\windows\PEV.exe

2009-08-22 18:49 <DIR> --ds---- D:\ComboFix

2009-08-22 18:15 <DIR> --d----- d:\windows\system32\CatRoot2

2009-08-22 15:43 <DIR> --d----- D:\backups

2009-08-22 14:58 2,335,270 a------- d:\windows\system32\7154C.mht

2009-08-22 12:37 468,108 a------- d:\windows\system32\prfh0416.dat

2009-08-22 12:37 79,022 a------- d:\windows\system32\prfc0416.dat

2009-08-22 12:30 243,200 -------- d:\windows\system32\drivers\jafgomlk.sys

2009-08-22 12:26 <DIR> --dsh--- D:\FOUND.005

2009-08-22 12:23 <DIR> --dsh--- D:\FOUND.004

2009-08-22 11:52 <DIR> --dsh--- D:\FOUND.003

2009-08-22 11:37 <DIR> --dsh--- D:\FOUND.002

2009-08-22 11:32 <DIR> --dsh--- D:\FOUND.001

2009-08-22 11:01 12 a------- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-21 22:56 243,200 -------- d:\windows\system32\drivers\nlaljkbk.sys

2009-08-21 20:23 <DIR> --d----- d:\docume~1\edsoml~1\dadosd~1\UOL

2009-08-21 20:20 <DIR> --d----- d:\arquivos de programas\UOL

2009-08-20 23:53 32,592 a------- d:\windows\system32\msonpmon.dll

2009-08-20 23:44 <DIR> --d----- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-20 19:27 <DIR> --d----- D:\UsbFix

2009-08-20 19:13 <DIR> --d----- D:\SDFix

2009-08-20 12:39 161,792 a------- d:\windows\SWREG.exe

2009-08-20 12:39 98,816 a------- d:\windows\sed.exe

2009-08-20 11:22 <DIR> --d----- d:\arquivos de programas\HeavenWard

2009-08-19 22:04 <DIR> --d----- d:\arquivos de programas\InCode Solutions

2009-08-16 20:12 396,288 a------- D:\HijackThis.exe

2009-08-16 16:36 <DIR> --d----- D:\ToolBar SD

2009-08-16 16:26 <DIR> --d----- D:\Lop SD

2009-08-15 23:11 <DIR> --d----- D:\FOUND.000

2009-08-15 19:06 54,624 a------- d:\windows\system32\72568.sys

2009-08-15 19:06 2,335,270 a------- d:\windows\system32\bc867.mht

2009-08-15 18:51 128,352 a------- d:\windows\system32\9235D.dll

2009-08-15 18:51 54,624 a------- d:\windows\system32\9235D.sys

2009-08-15 18:50 2,335,270 a------- d:\windows\system32\47e5C.mht

2009-08-14 22:00 129 a------- d:\windows\Rav.inf

2009-08-14 22:00 47 a------- d:\windows\Rav.ini

2009-08-14 19:08 19,456 a------- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 19:07 19,456 a------- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 19:07 19,456 a------- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 16:47 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avira

2009-08-14 16:43 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-08-14 13:46 157,712 a------- d:\windows\system32\drivers\tmcomm.sys

2009-08-13 15:48 272 a------- d:\windows\system32\drivers\sfi.dat

2009-08-13 10:01 128,512 -------- d:\windows\system32\dllcache\dhtmled.ocx

2009-08-13 10:00 1,315,328 -------- d:\windows\system32\dllcache\msoe.dll

2009-08-12 13:08 <DIR> --d----- d:\arquivos de programas\Lavalys

2009-08-09 10:18 1,089,883 -------- d:\windows\system32\dllcache\ntprint.cat

2009-08-08 23:14 <DIR> --d----- D:\f3e64e655c4cf5ea0969946e

2009-08-05 06:00 205,312 -------- d:\windows\system32\dllcache\mswebdvd.dll

2009-07-31 15:51 <DIR> --d-h--- d:\windows\PIF

2009-07-30 14:06 <DIR> --d-h--- d:\arquivos de programas\WindowsUpdate

2009-07-27 14:28 148,496 a------- d:\windows\system32\drivers\12878755.sys

==================== Find3M ====================

2009-08-22 01:31 32 a--sh--- d:\windows\system32\drivers\fidbox.idx

2009-08-22 01:31 32 a--sh--- d:\windows\system32\drivers\fidbox.dat

2009-08-12 11:44 468,108 a------- d:\windows\system32\perfh016.dat

2009-08-12 11:44 79,022 a------- d:\windows\system32\perfc016.dat

2009-08-05 06:00 205,312 a------- d:\windows\system32\mswebdvd.dll

2009-08-03 13:36 38,160 a------- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 13:36 19,096 a------- d:\windows\system32\drivers\mbam.sys

2009-07-28 16:33 55,656 a------- d:\windows\system32\drivers\avgntflt.sys

2009-07-21 20:37 579,072 a------- d:\windows\system32\dllcache\user32.dll

2009-07-19 18:45 11,067,392 a------- d:\windows\system32\dllcache\ieframe.dll

2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\mshtml.dll

2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\cache\mshtml.dll

2009-07-18 10:05 208 a------- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 16:03 58,880 a------- d:\windows\system32\atl.dll

2009-07-17 16:03 58,880 -------- d:\windows\system32\dllcache\atl.dll

2009-07-12 12:21 4,874,240 a------- d:\windows\system32\dllcache\wmp.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\dllcache\wmpdxm.dll

2009-07-03 08:01 173,056 a------- d:\windows\system32\dllcache\ie4uinit.exe

2009-06-16 11:39 119,808 a------- d:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- d:\windows\system32\fontsub.dll

2009-06-16 11:39 119,808 -------- d:\windows\system32\dllcache\t2embed.dll

2009-06-16 11:39 81,920 -------- d:\windows\system32\dllcache\fontsub.dll

2009-06-15 07:44 81,408 a------- d:\windows\system32\tlntsess.exe

2009-06-15 07:44 77,824 a------- d:\windows\system32\telnet.exe

2009-06-15 07:44 81,408 -------- d:\windows\system32\dllcache\tlntsess.exe

2009-06-15 07:44 77,824 -------- d:\windows\system32\dllcache\telnet.exe

2009-06-12 00:43 219,648 a------- d:\windows\system32\uxtheme.dll

2009-06-10 11:14 85,504 a------- d:\windows\system32\avifil32.dll

2009-06-10 11:14 85,504 -------- d:\windows\system32\dllcache\avifil32.dll

2009-06-10 09:21 2,066,432 a------- d:\windows\system32\mstscax.dll

2009-06-10 09:21 2,066,432 a------- d:\windows\system32\dllcache\mstscax.dll

2009-06-10 03:15 132,096 a------- d:\windows\system32\wkssvc.dll

2009-06-10 03:15 132,096 -------- d:\windows\system32\dllcache\wkssvc.dll

2009-06-03 16:10 1,295,872 a------- d:\windows\system32\quartz.dll

2009-06-03 16:10 1,295,872 a------- d:\windows\system32\dllcache\quartz.dll

2009-03-27 20:27 2,399 a------- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-02-26 11:04 234,477 a------- d:\arquivos de programas\arquivos comuns\english.lng

2009-02-26 11:04 8,250 a------- d:\arquivos de programas\arquivos comuns\license.rtf

2009-02-26 10:49 3,712,000 a------- d:\arquivos de programas\arquivos comuns\opera.dll

2009-02-26 10:49 20,480 a------- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-02-26 10:49 653,419 a------- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-02-26 10:49 99,328 a------- d:\arquivos de programas\arquivos comuns\opera.exe

2009-01-07 13:52 6,809 a------- d:\arquivos de programas\arquivos comuns\license.txt

2008-09-03 14:12 8,470 a------- d:\arquivos de programas\arquivos comuns\search.ini

2008-06-09 10:17 301 a------- d:\arquivos de programas\arquivos comuns\c3nform.vxml

2008-05-05 09:51 3,873 a------- d:\arquivos de programas\arquivos comuns\lngcode.txt

2004-02-26 13:35 7,904 a------- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2009-01-21 12:39 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-03-08 14:09 638,816 a--sh--- d:\windows\niwradsoft shell pack\backup\iexplore.exe

============= FINISH: 12:52:47,79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2007 10:51:37

System Uptime: 22/08/2009 19:22:13 (17 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 7,518 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 35,823 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_AVG_ANTI-SPYWARE_DRIVER\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_AVG_ANTI-SPYWARE_DRIVER\0000

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_BOCDRIVE\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000

Service:

==== System Restore Points ===================

RP807: 10/08/2009 11:16:13 - Ponto de verificação do sistema

RP808: 12/08/2009 15:06:22 - Made by Regsofts

RP809: 12/08/2009 15:09:49 - Made by Regsofts

RP810: 12/08/2009 15:13:09 - Made by Regsofts

RP811: 13/08/2009 13:05:21 - Kaspersky Internet Security 2009 instalado.

RP812: 13/08/2009 16:57:11 - Revo Uninstaller's restore point - COMODO Internet Security

RP813: 13/08/2009 17:12:47 - Kaspersky Internet Security 2009 removido.

RP814: 13/08/2009 17:16:45 - Revo Uninstaller's restore point - Comodo HopSurf

RP815: 14/08/2009 00:00:15 - Software Distribution Service 3.0

RP816: 14/08/2009 15:24:53 - Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus

RP817: 14/08/2009 15:25:04 - Avira AntiVir Personal - 14/08/2009 15:25

RP818: 14/08/2009 15:29:20 - Instalado Kaspersky Anti-Virus 2010.

RP819: 14/08/2009 15:51:21 - Revo Uninstaller's restore point - Kaspersky Anti-Virus 2010

RP820: 14/08/2009 15:52:42 - Removido Kaspersky Anti-Virus 2010.

RP821: 14/08/2009 16:43:41 - Avira AntiVir Personal - 14/08/2009 16:43

RP822: 14/08/2009 18:25:34 - Revo Uninstaller's restore point - Exterminate It!

RP823: 14/08/2009 21:45:32 - Revo Uninstaller's restore point - Rising Antivirus

RP824: 14/08/2009 22:08:26 - Revo Uninstaller's restore point - Rising Antivirus

RP825: 15/08/2009 19:36:04 - Revo Uninstaller's restore point - FindyKill

RP826: 15/08/2009 20:54:43 - Revo Uninstaller's restore point - Malware Defender

RP827: 17/08/2009 10:57:02 - Revo Uninstaller's restore point - Malware Defender

RP828: 17/08/2009 11:02:47 - Revo Uninstaller's restore point - UsbFix

RP829: 18/08/2009 14:22:38 - Revo Uninstaller's restore point - MV RegClean 5.9

RP830: 19/08/2009 14:16:33 - Revo Uninstaller's restore point - SpyHunter

RP831: 20/08/2009 14:51:21 - Revo Uninstaller's restore point - Windows Live Messenger

RP832: 20/08/2009 14:51:37 - Removido Windows Live Messenger

RP833: 20/08/2009 14:52:34 - Revo Uninstaller's restore point - Windows Live installer

RP834: 20/08/2009 18:11:44 - Revo Uninstaller's restore point - Windows Live installer

RP835: 20/08/2009 21:02:35 - Instalado Windows Live installer

RP836: 20/08/2009 21:03:37 - Installed Windows Live

RP837: 20/08/2009 21:25:12 - Revo Uninstaller's restore point - UsbFix

RP838: 20/08/2009 21:38:53 - Revo Uninstaller's restore point - Windows Live Favorites para Windows Live Toolbar

RP839: 20/08/2009 21:39:02 - Removido Windows Live Favorites para Windows Live Toolbar

RP840: 20/08/2009 21:40:01 - Revo Uninstaller's restore point - Windows Live Toolbar

RP841: 20/08/2009 21:40:28 - Removido Windows Live Toolbar

RP842: 20/08/2009 21:41:38 - Revo Uninstaller's restore point - Windows Live installer

RP843: 20/08/2009 21:41:55 - Removido Windows Live installer

RP844: 20/08/2009 21:45:43 - Revo Uninstaller's restore point - Windows Live Messenger

RP845: 20/08/2009 21:46:00 - Removido Windows Live Messenger

RP846: 20/08/2009 23:40:12 - Installed Microsoft Office Enterprise 2007

RP847: 20/08/2009 23:53:38 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP848: 21/08/2009 23:17:30 - Revo Uninstaller's restore point - Malware Defender

RP849: 22/08/2009 00:00:52 - Software Distribution Service 3.0

RP850: 22/08/2009 01:06:54 - Revo Uninstaller's restore point - Unlocker 1.8.7

RP851: 22/08/2009 01:14:51 - Revo Uninstaller's restore point - Unlocker 1.8.7

RP852: 22/08/2009 01:30:39 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.2 - Português

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows XP (KB942763)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB973815)

Avira AntiVir Personal - Free Antivirus

C-Media WDM Audio Driver

CCleaner (remove only)

Choice Guard

EVEREST Ultimate Edition v5.02

Free Window Registry Repair

Gadwin PrintScreen

Google Chrome

Google Desktop

GTOneCare

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

hp deskjet 3500

HP Photo and Imaging 2.0 - Deskjet Series

hp print screen utility

Java 6 Update 11

Java 6 Update 5

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Professional Edição 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.11)

Mozilla Firefox (3.5)

MSI to redistribute MS VS2005 CRT libraries

Opera 10.00

Opera 9.64

RemoveIT Pro v7 (Trial)

Revo Uninstaller 1.83

Seven Remix XP 2.1

Spelling Dictionaries Support For Adobe Reader 9

UOL Voip (remover)

Update for 2007 Microsoft Office System (KB967642)

Update for Outlook 2007 Junk Email Filter (kb972691)

você 9.0 Runtime

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

21/08/2009 18:31:53, Informações: Windows File Protection [64004] - O sistema de arquivos protegidos mstask.dll não pôde ser restaurado para sua versão válida original. A versão do arquivo corrompido é desconhecido O código de erro específico é 0x800b0100 [Nenhuma assinatura estava presente na entidade. ].

==== End Of File ===========================

Log do gmer esta enorme, devido a isto não posto .

Grato

Link para o comentário
Compartilhar em outros sites

Boa noite !

Não Não; sempre executo ferramentas e inclusive o combofix ( e ele me ajuda muito ) por conta própria . Inclusive rodei ele neste exato momento; talvez nos ajuda em algo pois teve remoções .

Segue log do mesmo :

ComboFix 09-08-22.06 - edsom luis 23/08/2009 18:27.80.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.303 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\system32\_000095_.tmp.dll

d:\windows\system32\_000100_.tmp.dll

d:\windows\system32\_000101_.tmp.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))

.

2009-08-23 17:02 . 2009-08-23 17:02 -------- d-----w- d:\windows\system32\CatRoot_bak

2009-08-22 22:11 . 2009-08-22 22:11 -------- d-sh--w- D:\FOUND.007

2009-08-22 22:03 . 2009-08-22 22:03 -------- d-sh--w- D:\FOUND.006

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-23 14:07 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-22 15:37 . 2009-08-23 14:07 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:30 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\jafgomlk.sys

2009-08-22 15:26 . 2009-08-22 15:26 -------- d-sh--w- D:\FOUND.005

2009-08-22 15:23 . 2009-08-22 15:23 -------- d-sh--w- D:\FOUND.004

2009-08-22 14:52 . 2009-08-22 14:52 -------- d-sh--w- D:\FOUND.003

2009-08-22 14:37 . 2009-08-22 14:37 -------- d-sh--w- D:\FOUND.002

2009-08-22 14:32 . 2009-08-22 14:32 -------- d-sh--w- D:\FOUND.001

2009-08-22 01:56 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\nlaljkbk.sys

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 22:27 . 2009-08-20 22:27 -------- d-----w- D:\UsbFix

2009-08-20 22:13 . 2008-11-06 05:03 -------- d-----w- D:\SDFix

2009-08-20 14:22 . 2009-08-20 14:22 -------- d-----w- d:\arquivos de programas\HeavenWard

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-----w- D:\FOUND.000

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-22 22:22 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ------w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

------- Sigcheck -------

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[7] 2008-04-13 22:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-13 22:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-13 22:21 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[7] 2008-04-13 22:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="d:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

[bU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 jafgomlk;jafgomlk;d:\windows\system32\drivers\jafgomlk.sys [22/08/2009 12:30 243200]

S1 nlaljkbk;nlaljkbk;d:\windows\system32\drivers\nlaljkbk.sys [21/08/2009 22:56 243200]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service; [x]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloProductUpdate;iolo Product Update Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S3 0474A;0474A; [x]

S3 1de49;1de49; [x]

S3 40e4E;40e4E; [x]

S3 5dc48;5dc48; [x]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 7d050;7d050; [x]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 9674F;9674F; [x]

S3 c4c43;c4c43; [x]

S3 c5744;c5744; [x]

S3 f4845;f4845; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - aujasnkj

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- Associação de arquivos/ficheiros -------

.

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 18:32

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(588)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(644)

d:\windows\system32\SETUPAPI.dll

.

Tempo para conclusão: 2009-08-23 18:33

ComboFix-quarantined-files.txt 2009-08-23 21:33

ComboFix2.txt 2009-08-22 22:29

ComboFix3.txt 2009-08-20 17:15

ComboFix4.txt 2009-08-20 15:46

Pré-execução: 16 pasta(s) 33.862.123.520 bytes disponíveis

Pós execução: 16 pasta(s) 35.847.667.712 bytes disponíveis

342 --- E O F --- 2009-08-14 03:01

Grato

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Inclusive rodei ele neste exato momento; talvez nos ajuda em algo pois teve remoções .
Vamos combinar o seguinte, não execute nenhuma outra ferrameta além daquelas passadas por mim, certo! Assim teremos um bom andamente em seu caso.

Obrigado.

Etapa nº 1 #

Clique em iniciar > executar e digite cmd

Agora digite:

assoc .inf=inffile <enter>

assoc .ini=inifile <enter>

assoc .txt=txtfile <enter>

exit <enter>

Etapa nº 2 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

http://forum.clubedohardware.com.br/pc-cheio-trojan/705402

Collect::
d:\windows\system32\drivers\nlaljkbk.sys
d:\windows\system32\72568.sys
d:\windows\system32\9235D.dll
d:\windows\system32\9235D.sys
d:\windows\system32\drivers\jafgomlk.sys
d:\windows\system32\drivers\nlaljkbk.sys

File::
D:\FOUND.007
D:\FOUND.006
D:\FOUND.005
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
D:\FOUND.000

Dirlook::
d:\arquivos de programas\blcor

Driver::
9674F
c4c43
c5744
f4845
0474A
1de49
40e4E
5dc48
7d050
72568
9235D
jafgomlk

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

**Nota**

  • Quando o ComboFix terminar, o log surgirá junto com uma caixa de mensagem. De acordo com o script acima, o ComboFix irá coletar os arquivos para serem analisados.
  • Certifique-se de estar conectado à internet e clique em OK na mensagem.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa tarde !

Eis o log :

ComboFix 09-08-22.06 - edsom luis 24/08/2009 1:09.80.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.247 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::

"D:\FOUND.000"

"D:\FOUND.001"

"D:\FOUND.002"

"D:\FOUND.003"

"D:\FOUND.004"

"D:\FOUND.005"

"D:\FOUND.006"

"D:\FOUND.007"

file zipped: d:\windows\system32\72568.sys

file zipped: d:\windows\system32\9235D.dll

file zipped: d:\windows\system32\9235D.sys

file zipped: d:\windows\system32\drivers\jafgomlk.sys

file zipped: d:\windows\system32\drivers\nlaljkbk.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\system32\72568.sys

d:\windows\system32\9235D.dll

d:\windows\system32\9235D.sys

d:\windows\system32\drivers\jafgomlk.sys

d:\windows\system32\drivers\nlaljkbk.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_0474A

-------\Legacy_1DE49

-------\Legacy_40E4E

-------\Legacy_5DC48

-------\Legacy_72568

-------\Legacy_7D050

-------\Legacy_9235D

-------\Legacy_9674F

-------\Legacy_C4C43

-------\Legacy_C5744

-------\Legacy_F4845

-------\Service_0474A

-------\Service_1de49

-------\Service_40e4E

-------\Service_5dc48

-------\Service_72568

-------\Service_7d050

-------\Service_9235D

-------\Service_9674F

-------\Service_c4c43

-------\Service_c5744

-------\Service_f4845

-------\Service_jafgomlk

-------\Legacy_nlaljkbk

-------\Service_nlaljkbk

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))

.

2009-08-24 03:37 . 2009-08-24 03:37 -------- d-----w- d:\arquivos de programas\HD Tune Pro

2009-08-24 03:08 . 2008-04-13 22:19 102912 ------w- d:\windows\system32\dllcache\dpcdll.dll

2009-08-24 02:49 . 2009-08-24 02:49 -------- d-----w- d:\documents and settings\edsom luis\DoctorWeb

2009-08-24 01:00 . 2009-08-24 01:00 -------- d-----w- D:\!KillBox

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\arquivos de programas\Spybot - Search & Destroy

2009-08-23 17:02 . 2009-08-23 17:02 -------- d-----w- d:\windows\system32\CatRoot_bak

2009-08-22 22:11 . 2009-08-22 22:11 -------- d-sh--w- D:\FOUND.007

2009-08-22 22:03 . 2009-08-22 22:03 -------- d-sh--w- D:\FOUND.006

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-24 03:10 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:37 . 2009-08-24 03:10 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-22 15:26 . 2009-08-22 15:26 -------- d-sh--w- D:\FOUND.005

2009-08-22 15:23 . 2009-08-22 15:23 -------- d-sh--w- D:\FOUND.004

2009-08-22 14:52 . 2009-08-22 14:52 -------- d-sh--w- D:\FOUND.003

2009-08-22 14:37 . 2009-08-22 14:37 -------- d-sh--w- D:\FOUND.002

2009-08-22 14:32 . 2009-08-22 14:32 -------- d-sh--w- D:\FOUND.001

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 22:27 . 2009-08-20 22:27 -------- d-----w- D:\UsbFix

2009-08-20 22:13 . 2008-11-06 05:03 -------- d-----w- D:\SDFix

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-----w- D:\FOUND.000

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-24 04:24 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of d:\arquivos de programas\blcor ----

((((((((((((((((((((((((((((( SnapShot@2009-08-23_21.32.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-24 03:07 . 2008-04-13 19:36 44672 d:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\UAGP35.SYS

+ 2009-08-24 03:07 . 2008-04-14 02:51 41856 d:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\amdk7.sys

+ 2001-10-28 21:07 . 2009-08-24 03:10 67312 d:\windows\system32\perfc009.dat

- 2001-10-28 21:07 . 2009-08-23 14:07 67312 d:\windows\system32\perfc009.dat

+ 2004-08-04 10:44 . 2007-03-28 08:54 98304 d:\windows\system32\odbcint.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 90624 d:\windows\system32\mydocs.dll

- 2004-08-04 10:45 . 2008-04-14 03:20 90624 d:\windows\system32\mydocs.dll

+ 2004-08-04 10:45 . 2008-04-13 22:21 78848 d:\windows\system32\msiexec.exe

+ 2008-04-13 22:18 . 2008-04-13 22:18 24064 d:\windows\system32\dllcache\pidgen.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 27648 d:\windows\system32\conime.exe

+ 2004-08-04 10:45 . 2008-04-13 22:20 176640 d:\windows\system32\wintrust.dll

- 2004-08-04 10:45 . 2008-04-14 03:20 293888 d:\windows\system32\winsrv.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 293888 d:\windows\system32\winsrv.dll

+ 2004-08-04 10:45 . 2008-04-13 22:21 509952 d:\windows\system32\winlogon.exe

+ 2004-08-04 10:45 . 2008-04-13 22:20 219648 d:\windows\system32\uxtheme.dll

- 2004-08-04 10:45 . 2009-06-12 03:43 219648 d:\windows\system32\uxtheme.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 732160 d:\windows\system32\userenv.dll

- 2009-04-11 18:48 . 2008-04-14 03:20 579072 d:\windows\system32\user32.dll

+ 2009-04-11 18:48 . 2008-04-13 22:20 579072 d:\windows\system32\user32.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 388608 d:\windows\system32\themeui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 714752 d:\windows\system32\sxs.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 141312 d:\windows\system32\sfc_os.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 516768 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ativvaxx.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 870784 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ati3d1ag.dll

+ 2009-08-24 03:07 . 2004-08-04 03:36 701440 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ati2mtag.sys

+ 2009-08-24 03:07 . 2008-04-14 03:20 201728 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ati2dvag.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 229376 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ati2cqag.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 516768 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ativvaxx.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 870784 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ati3d1ag.dll

+ 2009-08-24 03:07 . 2004-08-04 03:36 701440 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ati2mtag.sys

+ 2009-08-24 03:07 . 2008-04-14 03:20 201728 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ati2dvag.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 229376 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ati2cqag.dll

+ 2001-10-28 21:07 . 2009-08-24 03:10 432356 d:\windows\system32\perfh009.dat

- 2001-10-28 21:07 . 2009-08-23 14:07 432356 d:\windows\system32\perfh009.dat

+ 2004-08-04 10:45 . 2008-04-13 22:20 145408 d:\windows\system32\ntshrui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 249344 d:\windows\system32\newdev.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 271360 d:\windows\system32\msihnd.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 155136 d:\windows\system32\modemui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 118784 d:\windows\system32\mdminst.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 346624 d:\windows\system32\hnetcfg.dll

+ 2007-09-19 13:32 . 2009-08-24 02:06 265416 d:\windows\system32\FNTCACHE.DAT

- 2007-09-19 13:32 . 2009-08-22 22:25 265416 d:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 10:45 . 2008-04-13 22:20 331776 d:\windows\system32\cscui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 102400 d:\windows\system32\cscdll.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 528384 d:\windows\system32\cryptui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 164352 d:\windows\system32\credui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 821760 d:\windows\system32\comres.dll

+ 2008-04-13 22:17 . 2008-04-13 22:17 1054208 d:\windows\WinSxS\InstallTemp\884784\comctl32.dll

+ 2004-08-04 10:45 . 2008-04-13 14:35 2945536 d:\windows\system32\xpsp2res.dll

- 2004-08-04 10:45 . 2008-04-14 03:20 1499136 d:\windows\system32\shdocvw.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 1499136 d:\windows\system32\shdocvw.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 1888992 d:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ati3duag.dll

+ 2009-08-24 03:07 . 2008-04-14 03:20 1888992 d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ati3duag.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 1287168 d:\windows\system32\ole32.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 1710592 d:\windows\system32\netshell.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 2843136 d:\windows\system32\msi.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 1000960 d:\windows\system32\msgina.dll

+ 2004-08-04 10:45 . 2008-04-13 22:20 1025536 d:\windows\system32\browseui.dll

+ 2004-08-04 10:45 . 2008-04-13 22:21 1035776 d:\windows\explorer.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="d:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll [bU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 lgalcafo;lgalcafo;\??\d:\windows\system32\drivers\lgalcafo.sys --> d:\windows\system32\drivers\lgalcafo.sys [?]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe --> d:\arquiv~1\GbPlugin\GbpSv.exe [?]

S2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\malware defender\mdservice.exe --> d:\arquivos de programas\malware defender\mdservice.exe [?]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-24 01:25

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1176)

d:\windows\system32\WININET.dll

d:\windows\system32\msi.dll

.

Tempo para conclusão: 2009-08-24 1:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-24 04:29

ComboFix2.txt 2009-08-23 21:33

ComboFix3.txt 2009-08-22 22:29

ComboFix4.txt 2009-08-20 17:15

ComboFix5.txt 2009-08-24 04:09

Pré-execução: 17 pasta(s) 40.704.212.992 bytes disponíveis

Pós execução: 17 pasta(s) 40.671.346.688 bytes disponíveis

407 --- E O F --- 2009-08-14 03:01

Grato e abraços .

Link para o comentário
Compartilhar em outros sites

Boa Tarde !

Eis o conteúdo de D:\Qoobox\ComboFix-quarantined-files.txt :

2009-08-24 04:13:38 . 2009-08-24 04:13:40 2,602 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_nlaljkbk.reg.dat

2009-08-24 04:13:38 . 2009-08-24 04:13:38 1,220 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_nlaljkbk.reg.dat

2009-08-24 04:13:18 . 2009-08-24 04:13:20 2,278 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_jafgomlk.reg.dat

2009-08-24 04:13:18 . 2009-08-24 04:13:20 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_f4845.reg.dat

2009-08-24 04:13:18 . 2009-08-24 04:13:20 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_c5744.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_c4c43.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_9674F.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 2,430 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_9235D.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_7d050.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 2,430 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_72568.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_5dc48.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_40e4E.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_1de49.reg.dat

2009-08-24 04:13:17 . 2009-08-24 04:13:18 1,962 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Service_0474A.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_F4845.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_C5744.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_C4C43.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_9674F.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_9235D.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_7D050.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_72568.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_5DC48.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_40E4E.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_1DE49.reg.dat

2009-08-24 04:13:16 . 2009-08-24 04:13:18 1,184 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Legacy_0474A.reg.dat

2009-08-24 04:09:56 . 2009-08-24 04:09:58 372,610 ----a-w- D:\Qoobox\Quarantine\[4]-Submit_2009-08-24_01.09.48.zip

2009-08-22 22:28:32 . 2009-08-22 22:28:34 646 ----a-w- D:\Qoobox\Quarantine\Registry_backups\Notify- GbPluginCef.reg.dat

2009-08-22 22:28:31 . 2009-08-24 04:27:52 594 ----a-w- D:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003}.reg.dat

2009-08-22 15:30:43 . 2009-07-27 03:52:34 243,200 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\jafgomlk.sys.vir

2009-08-22 01:56:01 . 2009-07-27 03:52:34 243,200 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\nlaljkbk.sys.vir

2009-08-20 15:43:55 . 2009-08-24 04:13:10 6,279 ----a-w- D:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2009-08-20 15:39:11 . 2009-08-24 04:09:12 306 ----a-w- D:\Qoobox\Quarantine\catchme.log

2009-08-15 22:06:21 . 2009-08-15 22:06:22 54,624 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\72568.sys.vir

2009-08-15 21:51:30 . 2009-08-15 21:52:34 128,352 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\9235D.dll.vir

2009-08-15 21:51:25 . 2009-08-15 21:51:26 54,624 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\9235D.sys.vir

2008-09-22 15:38:25 . 2008-09-22 15:38:26 63 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system\SYSPCB.dll.vir

2004-08-04 10:45:28 . 2008-04-13 22:20:42 2,569,728 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\_000095_.tmp.dll.vir

2004-08-04 10:45:22 . 2008-04-14 03:20:24 334,336 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\_000100_.tmp.dll.vir

2004-08-04 10:45:22 . 2008-04-14 03:20:24 643,072 ----a-w- D:\Qoobox\Quarantine\D\WINDOWS\system32\_000101_.tmp.dll.vir

Grato e abraços .

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

É isso aí :)

Por favor acesse o site

Preenchendo o formulário com o que está destacado em vermelho:

  • Link to topic where this file was requested:
    http://forum.clubedohardware.com.br/pc-cheio-trojan/705402

  • Browse to the file you want to submit: D:\Qoobox\Quarantine\[4]-Submit_2009-08-24_01.09.48.zip
  • Leave any comments, further information about this file, or contact information: Sample of the Clube do Hardware
  • Clique no botão Send File
  • Obrigado :joia:

Aguardo seu retorno.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa Tarde !

Conclui o pedido e constou a seguinte resposta :

Malware Submission

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

Como nós nos proçedemos agora ?

Grato e abraços .

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Como nós nos proçedemos agora ?
Vamos continuar... corrigir um equívoco meu :)

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Folder::
D:\FOUND.007
D:\FOUND.006
D:\FOUND.005
D:\FOUND.004
D:\FOUND.003
D:\FOUND.002
D:\FOUND.001
d:\arquivos de programas\blcorp

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa Tarde ! Eis o log do combofix :

ComboFix 09-08-24.06 - edsom luis 25/08/2009 13:58.80.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.239 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\arquivos de programas\blcorp

d:\documents and settings\edsom luis\Meus documentos\EDITOR DE REGISTRO.reg

D:\FOUND.001

d:\found.001\FILE0000.CHK

d:\found.001\FILE0001.CHK

d:\found.001\FILE0002.CHK

d:\found.001\FILE0003.CHK

d:\found.001\FILE0004.CHK

d:\found.001\FILE0005.CHK

d:\found.001\FILE0006.CHK

d:\found.001\FILE0007.CHK

d:\found.001\FILE0008.CHK

d:\found.001\FILE0009.CHK

d:\found.001\FILE0010.CHK

d:\found.001\FILE0011.CHK

d:\found.001\FILE0012.CHK

d:\found.001\FILE0013.CHK

d:\found.001\FILE0014.CHK

d:\found.001\FILE0015.CHK

d:\found.001\FILE0016.CHK

d:\found.001\FILE0017.CHK

d:\found.001\FILE0018.CHK

d:\found.001\FILE0019.CHK

d:\found.001\FILE0020.CHK

d:\found.001\FILE0021.CHK

d:\found.001\FILE0022.CHK

d:\found.001\FILE0023.CHK

d:\found.001\FILE0024.CHK

d:\found.001\FILE0025.CHK

d:\found.001\FILE0026.CHK

D:\FOUND.002

d:\found.002\FILE0000.CHK

D:\FOUND.003

d:\found.003\FILE0000.CHK

D:\FOUND.004

d:\found.004\FILE0000.CHK

d:\found.004\FILE0001.CHK

d:\found.004\FILE0002.CHK

d:\found.004\FILE0003.CHK

d:\found.004\FILE0004.CHK

d:\found.004\FILE0005.CHK

d:\found.004\FILE0006.CHK

d:\found.004\FILE0007.CHK

d:\found.004\FILE0008.CHK

D:\FOUND.005

d:\found.005\FILE0000.CHK

D:\FOUND.006

d:\found.006\FILE0000.CHK

d:\found.006\FILE0001.CHK

d:\found.006\FILE0002.CHK

d:\found.006\FILE0003.CHK

d:\found.006\FILE0004.CHK

d:\found.006\FILE0005.CHK

d:\found.006\FILE0006.CHK

d:\found.006\FILE0007.CHK

d:\found.006\FILE0008.CHK

d:\found.006\FILE0009.CHK

d:\found.006\FILE0010.CHK

d:\found.006\FILE0011.CHK

d:\found.006\FILE0012.CHK

d:\found.006\FILE0013.CHK

d:\found.006\FILE0014.CHK

d:\found.006\FILE0015.CHK

d:\found.006\FILE0016.CHK

d:\found.006\FILE0017.CHK

d:\found.006\FILE0018.CHK

d:\found.006\FILE0019.CHK

d:\found.006\FILE0020.CHK

d:\found.006\FILE0021.CHK

d:\found.006\FILE0022.CHK

d:\found.006\FILE0023.CHK

d:\found.006\FILE0024.CHK

d:\found.006\FILE0025.CHK

d:\found.006\FILE0026.CHK

d:\found.006\FILE0027.CHK

d:\found.006\FILE0028.CHK

d:\found.006\FILE0029.CHK

d:\found.006\FILE0030.CHK

D:\FOUND.007

d:\found.007\FILE0000.CHK

d:\found.007\FILE0001.CHK

d:\found.007\FILE0002.CHK

d:\found.007\FILE0003.CHK

d:\found.007\FILE0004.CHK

d:\found.007\FILE0005.CHK

d:\found.007\FILE0006.CHK

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))

.

2009-08-24 20:33 . 2009-08-24 20:33 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-08-24 03:37 . 2009-08-24 03:37 -------- d-----w- d:\arquivos de programas\HD Tune Pro

2009-08-24 03:08 . 2008-04-13 22:19 102912 ------w- d:\windows\system32\dllcache\dpcdll.dll

2009-08-24 02:49 . 2009-08-24 02:49 -------- d-----w- d:\documents and settings\edsom luis\DoctorWeb

2009-08-24 01:00 . 2009-08-24 01:00 -------- d-----w- D:\!KillBox

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\arquivos de programas\Spybot - Search & Destroy

2009-08-23 17:02 . 2009-08-23 17:02 -------- d-----w- d:\windows\system32\CatRoot_bak

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-24 15:12 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:37 . 2009-08-24 15:12 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-----w- D:\FOUND.000

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-24 15:17 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-08-24_04.25.46 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 21:07 . 2009-08-24 03:10 67312 d:\windows\system32\perfc009.dat

+ 2001-10-28 21:07 . 2009-08-24 15:12 67312 d:\windows\system32\perfc009.dat

+ 2001-10-28 21:07 . 2009-08-24 15:12 432356 d:\windows\system32\perfh009.dat

- 2001-10-28 21:07 . 2009-08-24 03:10 432356 d:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="d:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll [bU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 lgalcafo;lgalcafo;\??\d:\windows\system32\drivers\lgalcafo.sys --> d:\windows\system32\drivers\lgalcafo.sys [?]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe --> d:\arquiv~1\GbPlugin\GbpSv.exe [?]

S2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe --> d:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [?]

S2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\malware defender\mdservice.exe --> d:\arquivos de programas\malware defender\mdservice.exe [?]

S3 72568;72568;\??\d:\windows\system32\72568.sys --> d:\windows\system32\72568.sys [?]

S3 9235D;9235D;\??\d:\windows\system32\9235D.sys --> d:\windows\system32\9235D.sys [?]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - DwShield00007C8F

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-25 14:02

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-25 14:04

ComboFix-quarantined-files.txt 2009-08-25 17:04

ComboFix2.txt 2009-08-24 04:29

ComboFix3.txt 2009-08-23 21:33

ComboFix4.txt 2009-08-22 22:29

ComboFix5.txt 2009-08-24 14:58

Pré-execução: 13 pasta(s) 40.405.762.048 bytes disponíveis

Pós execução: 13 pasta(s) 40.398.258.176 bytes disponíveis

374 --- E O F --- 2009-08-14 03:01

Grato e abraços

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Folder::
D:\FOUND.000

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 2 #

Acesse o site 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • d:\windows\system32\72568.sys
    • d:\windows\system32\9235D.sys

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa Tarde ! Diego

Meu caro amigo os arquivos abaixo :

d:\windows\system32\72568.sys

d:\windows\system32\9235D.sys ; enviando um de cada vez,ao abrir a caixa de dialogo e clicando em enviar/abrir para o site acima constou a mensagem de erro dizendo que o sistema não os encontrava/verificar se o nome estava correto .

e eis o log do combofix :

ComboFix 09-08-25.01 - edsom luis 25/08/2009 17:21.81.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.175 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\FOUND.000

d:\found.000\FILE0000.CHK

d:\found.000\FILE0001.CHK

d:\found.000\FILE0002.CHK

d:\found.000\FILE0003.CHK

d:\found.000\FILE0004.CHK

d:\found.000\FILE0005.CHK

d:\found.000\FILE0006.CHK

d:\found.000\FILE0007.CHK

d:\found.000\FILE0008.CHK

d:\found.000\FILE0009.CHK

d:\found.000\FILE0010.CHK

d:\found.000\FILE0011.CHK

d:\found.000\FILE0012.CHK

d:\found.000\FILE0013.CHK

d:\found.000\FILE0014.CHK

d:\found.000\FILE0015.CHK

d:\found.000\FILE0016.CHK

d:\found.000\FILE0017.CHK

d:\found.000\FILE0018.CHK

d:\found.000\FILE0019.CHK

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))

.

2009-08-24 20:33 . 2009-08-24 20:33 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-08-24 03:37 . 2009-08-24 03:37 -------- d-----w- d:\arquivos de programas\HD Tune Pro

2009-08-24 03:08 . 2008-04-13 22:19 102912 ------w- d:\windows\system32\dllcache\dpcdll.dll

2009-08-24 02:49 . 2009-08-24 02:49 -------- d-----w- d:\documents and settings\edsom luis\DoctorWeb

2009-08-24 01:00 . 2009-08-24 01:00 -------- d-----w- D:\!KillBox

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\arquivos de programas\Spybot - Search & Destroy

2009-08-23 17:02 . 2009-08-23 17:02 -------- d-----w- d:\windows\system32\CatRoot_bak

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-24 15:12 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:37 . 2009-08-24 15:12 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-24 15:17 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="d:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

[bU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 lgalcafo;lgalcafo;\??\d:\windows\system32\drivers\lgalcafo.sys --> d:\windows\system32\drivers\lgalcafo.sys [?]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service; [x]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloProductUpdate;iolo Product Update Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S2 MalwareDefenderService;Malware Defender Service; [x]

S3 72568;72568;\??\d:\windows\system32\72568.sys --> d:\windows\system32\72568.sys [?]

S3 9235D;9235D;\??\d:\windows\system32\9235D.sys --> d:\windows\system32\9235D.sys [?]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - DwShield00004774

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-25 17:25

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-25 17:27

ComboFix-quarantined-files.txt 2009-08-25 20:27

ComboFix2.txt 2009-08-25 17:04

ComboFix3.txt 2009-08-24 04:29

ComboFix4.txt 2009-08-23 21:33

ComboFix5.txt 2009-08-25 20:20

Pré-execução: 13 pasta(s) 40.460.779.520 bytes disponíveis

Pós execução: 12 pasta(s) 40.450.260.992 bytes disponíveis

299 --- E O F --- 2009-08-14 03:01

Grato e abraços .

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
d:\windows\system32\72568.sys
d:\windows\system32\9235D.sys

Driver::
72568
9235D

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa tarde ! Diego

Eis o log do combofix :

ComboFix 09-08-25.05 - edsom luis 26/08/2009 13:35.82.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.227 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::

"d:\windows\system32\72568.sys"

"d:\windows\system32\9235D.sys"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_72568

-------\Service_9235D

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))

.

2009-08-26 16:15 . 2009-08-26 16:13 11233 ----a-w- d:\windows\system32\fm20enu.dll.zip

2009-08-26 16:04 . 2009-08-26 16:04 11233 ----a-w- d:\arquivos de programas\fm20enu.dll.zip

2009-08-26 04:15 . 2009-08-26 04:15 -------- d-----w- D:\Lop SD

2009-08-26 04:06 . 2009-08-26 04:06 -------- d-----w- D:\ToolBar SD

2009-08-26 00:18 . 2009-08-26 00:18 506248 ----a-w- d:\windows\system\msajt200(2).zip

2009-08-25 23:57 . 2009-08-25 23:35 202496 ----a-r- d:\windows\system\vbajet.zip

2009-08-25 23:33 . 2009-08-25 23:34 506248 ----a-w- d:\windows\msajt200.zip

2009-08-24 20:33 . 2009-08-24 20:33 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-08-24 03:37 . 2009-08-24 03:37 -------- d-----w- d:\arquivos de programas\HD Tune Pro

2009-08-24 03:08 . 2008-04-13 22:19 102912 ------w- d:\windows\system32\dllcache\dpcdll.dll

2009-08-24 02:49 . 2009-08-24 02:49 -------- d-----w- d:\documents and settings\edsom luis\DoctorWeb

2009-08-24 01:00 . 2009-08-24 01:00 -------- d-----w- D:\!KillBox

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-23 22:54 . 2009-08-23 22:54 -------- d-----w- d:\arquivos de programas\Spybot - Search & Destroy

2009-08-23 17:02 . 2009-08-23 17:02 -------- d-----w- d:\windows\system32\CatRoot_bak

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-24 15:12 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:37 . 2009-08-24 15:12 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 16:45 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="d:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 lgalcafo;lgalcafo;\??\d:\windows\system32\drivers\lgalcafo.sys --> d:\windows\system32\drivers\lgalcafo.sys [?]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service; [x]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloProductUpdate;iolo Product Update Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S2 MalwareDefenderService;Malware Defender Service; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 13:46

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1204)

d:\windows\system32\WININET.dll

d:\windows\system32\msi.dll

.

Tempo para conclusão: 2009-08-26 13:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-26 16:48

ComboFix2.txt 2009-08-25 20:27

ComboFix3.txt 2009-08-25 17:04

ComboFix4.txt 2009-08-24 04:29

ComboFix5.txt 2009-08-26 16:34

Pré-execução: 14 pasta(s) 40.426.766.336 bytes disponíveis

Pós execução: 14 pasta(s) 40.414.347.264 bytes disponíveis

291 --- E O F --- 2009-08-14 03:01

Grato e abraços

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

Outros links:

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa noite !

Eis o relatório do Kaspersky Removal Tool :

Scan

----

Scanned: 601490

Detected: 0

Untreated: 0

Start time: 26/08/2009 16:44:36

Duration: 03:40:13

Finish time: 26/08/2009 20:24:49

Detected

--------

Status Object

------ ------

Events

------

Time Name Status Reason

---- ---- ------ ------

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Grato e abraços .

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Log limpo :)

Pode desinstalar o programa.

>>>> Como está o computador?

Etapa nº 1 #

Vamos desinstalar o ComboFix:

Vá em,

iniciar > executar e digite Combofix /u e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!

Etapa nº 2 #

Faça download do OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Etapa nº 3 #

O seu Java está desatualizado.

Versões antigas e desatualizadas, são mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) e salve em seu Desktop.
  • Localize o Java Runtime Environment (JRE) 6 Update 16.
  • À sua direita clique em Download.
  • Selecione a sua Plataforma.
  • Marque a caixa I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement
  • Clique em Continue
  • Clique no link Windows Offline Installation e salve o arquivo em seu Desktop.
  • Feche todos os programas. especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em iniciar > painel de controle > clique duas vezes em adicionar/remover programas e desinstale todas as versões antigas do Java (JRE ou J2SE).Deverá ter um icone como este javaicon.jpg
  • Clique em Remover.
  • Repita tantas vezes for necessário até que tenha removido todas as versões antigas do Java que existam em seu PC.
  • Reinicie o computador...
  • Agora clique duas vezes em jre-6u16-windows-i586.exe que acabara de baixar e siga os passos de instalação da nova versão do Java!

Etapa nº 4 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Link para o comentário
Compartilhar em outros sites

Bom dia !

Meu amigo o windows xp não quer iniciar ( a tela apaga e consta a mensagem que o mesmo foi desligado para não danificar o pc ); apenas em modo seguro, seguro com rede e com pront de comando que o pc inicia .

E o java não instala nestes modos ; consta uma mensagem que o administrador criou diretrizes para não instalar o programa ( algo assim ) .

O CCleaner já uso ele diariamente .

Obrigado e abraços .

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Meu amigo o windows xp não quer iniciar ( a tela apaga e consta a mensagem que o mesmo foi desligado para não danificar o pc );
Como e quando aconteceu isso? Dá alguma mensagem de erro além disso?

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa Noite !

Durante estes dias; se você analisar bem os meus logs estão em modo seguro com rede .

Não, não consta mais mensagem nenhuma; o pc liga, quando se vai iniciar o windows xp; até aparece o logotipo do mesmo ( meio embaçado ) mas ai apaga se e ai somente com o famoso F8 .

Grato e abraços

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro HSES

Seus logs foram muito bem analisados, e eu percebi isso desde o segundo log que postou.

Um amigo meu tinha um computador nessa situação, entrava em Modo Normal só que não conseguia executar alguns programas, mas em Modo Seguro (c/s Net) ele conseguia. Para mim você estava na mesma situação... e no fim dei minha opinião para meu amigo: format C.

Agora é dever seu me comunicar sempre algo de anormal, sempre!

Quando perguntei sobre seu computador não mais inicia, era a respeito se não entrava em Modo Normal, pois até então eu achava que sim, só que nas condições que expliquei logo acima.

Você tem o CD de instalação do Windows?

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa Tarde !

Meu pc não inicia mais no modo normal ; pois o sistema nem inicia nele, quando aparece o logotipo do windows ele reinicia sozinho e varias vezes; as vezes nem aparece o logotipo e reinicia .

Não tenho mais o cd de instalação .

Poderia ser o tal vírus do boot ?

Obrigado pela tua atenção .

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...