Boa Noite! EDSSX

Constância de rootkits e trojan.Agent.Gen hiper camuflados; me dando dibles no sistema.

<!> Confirmou,realmente,a presença de rootkits?

00000000000000000000000

00000000000000000000000

<@> Baixe: < gmer.zip >

<@> Salve-o no Disco Local ( D ) e descompacte-o aí mesmo,em uma pasta própria. ( D:\gmer.exe )

<@> Ps: Observe a imagem: /applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif&key=2080517867649ca607abcf58539e61e9aa8d2402def608cfdfce886141d2d9d1" alt="gmer_zip.gif" />

<@> Por default,a caixa D:\ e Show All estarão desmarcadas.

<@> Possuindo,também,essa unidade,pode assinalar a caixa D:\.

<@> Feche todos os programas,que estejam abertos,e clique em Scan. <-- Aguarde!

<@> Permita a execução de gmer.sys,caso seja solicitado.

/applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/forums/gmer/gmerNoDialog.png&key=fefad69ecf2d6516c86f3bf1bf184dbd169ac6999e7c9932c361915b28e80920" alt="gmerNoDialog.png" />

<@> Caso surja,clique No na mensagem!

<@> Confirme a investigação na busca por rootkits,caso receba essa solicitação.

<@> Terminando poderá receber outro aviso sobre atividade rootkit,clique OK.

<@> Ao final,conclua clicando em "Save...".

<@> Coloque como "Nome do arquivo": Gmer.log

<@> Em "Salvar em:",escolha o Desktop! --> Clique em "Salvar" --> OK.

<@> Poste,na sua resposta: Gmer.log + HijackThis,atualizado.

Abraços!

Bom final de tarde ! DigRam

Sim , pois ao iniciar o sistema o guarda chuva do avira consta fechado, mesmo com o guard ativado; ás vezes ora abre sozinho ora eu tenho que desativar o guard e ativa-lo novamente para constar o guarda chuva aberto .

E o avira antirootkit não está abrindo .

Veja este print; inclusive dei Ok ( apenas constou esta opção ) .

/applications/core/interface/imageproxy/imageproxy.php?img=http://img689.imageshack.us/img689/7940/screenshot002udj.th.png&key=c99d41c17066d5ba6f1cb0743a790cab2a8c09be4ecae2a1db18d1a09c675c2f" alt="screenshot002udj.th.png" />

Itens vermelhos no gmer :

São estes os rootkits ?

D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x01E40000

D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x02D90000

D:\WINDOWS\system32\txmlutil.dll ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x02660000

D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x026E0000

D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x027C0000

Segue log do gmer :

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-02 18:32:43

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwAllocateVirtualMemory [0xF746FD02]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwAssignProcessToJobObject [0xF747006E]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwConnectPort [0xF747123C]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateFile [0xF7470A52]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateKey [0xF74716A6]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateProcess [0xF74701B8]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateProcessEx [0xF747023A]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateSection [0xF7470876]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwCreateThread [0xF746F904]

SSDT F83A34F3 ZwDeleteKey

SSDT F83A34FD ZwDeleteValueKey

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwDeviceIoControlFile [0xF74717A6]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwDuplicateObject [0xF747428C]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwFsControlFile [0xF74718E4]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwLoadDriver [0xF74721F6]

SSDT F83A3502 ZwLoadKey

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwOpenFile [0xF7470966]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwOpenProcess [0xF7473FDE]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwOpenSection [0xF7470796]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwOpenThread [0xF747410C]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwProtectVirtualMemory [0xF746FC00]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwQueueApcThread [0xF7470110]

SSDT F83A350C ZwReplaceKey

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwRequestPort [0xF74712CC]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwRequestWaitReplyPort [0xF7471088]

SSDT F83A3507 ZwRestoreKey

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSecureConnectPort [0xF7471456]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSetContextThread [0xF746F9F4]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSetSystemInformation [0xF746FE06]

SSDT F83A34F8 ZwSetValueKey

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSuspendProcess [0xF746FB62]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSuspendThread [0xF746FAC4]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwSystemDebugControl [0xF746FFCC]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwTerminateProcess [0xF7473F4E]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwTerminateThread [0xF747439A]

SSDT \??\D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys ZwWriteVirtualMemory [0xF746F802]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [62, FB, 46, F7, C4, FA, 46, ...]

? D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall\bdftdif.sys O sistema não pode encontrar o arquivo especificado. !

? system32\drivers\bdfsfltr.sys O sistema não pode encontrar o caminho especificado. !

? D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys O sistema não pode encontrar o arquivo especificado. !

? system32\drivers\bdfm.sys O sistema não pode encontrar o caminho especificado. !

? system32\drivers\BDHV.SYS O sistema não pode encontrar o caminho especificado. !

? D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys O sistema não pode encontrar o arquivo especificado. !

? D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys O sistema não pode encontrar o arquivo especificado. !

? System32\Drivers\d1c20812.sys O sistema não pode encontrar o caminho especificado. !

---- User code sections - GMER 1.0.15 ----

.text D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe[328] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 012C1080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe[328] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 012C1120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe[328] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 012C1030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\Explorer.EXE[1724] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 10001080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\Explorer.EXE[1724] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 10001120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\Explorer.EXE[1724] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 10001030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para gmer.zip\gmer.exe[2304] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 10001080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para gmer.zip\gmer.exe[2304] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 10001120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para gmer.zip\gmer.exe[2304] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 10001030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2616] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 015B1080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2616] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 015B1120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2616] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 015B1030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[3264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 D:\Arquivos de programas\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[3264] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 030E1080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[3264] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 030E1120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[3264] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 030E1030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys

AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat trufos.sys

---- Processes - GMER 1.0.15 ----

Library D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x01E40000

Library D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x02D90000

Library D:\WINDOWS\system32\txmlutil.dll ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x02660000

Library D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x026E0000

Library D:\Arquivos ( hidden ) @ D:\WINDOWS\Explorer.EXE [1724] 0x027C0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.cfexe@ cfexefile

Reg HKLM\SOFTWARE\Classes\cfexefile\shell

Reg HKLM\SOFTWARE\Classes\cfexefile\shell\open

Reg HKLM\SOFTWARE\Classes\cfexefile\shell\open\command

Reg HKLM\SOFTWARE\Classes\cfexefile\shell\open\command@ "%1" %*

Reg HKLM\SOFTWARE\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList@PackageName Dashboard.msi

Reg HKLM\SOFTWARE\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList\Media

Reg HKLM\SOFTWARE\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList\Media@1 Windows Live installer;

Reg HKLM\SOFTWARE\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList\Net

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList@PackageName Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList@LastUsedSource n;1;D:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller\MsiSources\

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList\Media

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList\Media@1 Messenger;

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList\Net

Reg HKLM\SOFTWARE\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList\Net@1 D:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller\MsiSources\

Reg HKLM\SOFTWARE\Classes\Microsoft.MSN.MCC.USNJSVC.1@ MSN USNSVC

Reg HKLM\SOFTWARE\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID

Reg HKLM\SOFTWARE\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID@ {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler@ WL Hardware Device Manager

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CLSID

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CLSID@ {D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CurVer

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CurVer@ MSN.V2SDeviceHandler.1

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler.1@ WL Hardware Device Manager

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler.1\CLSID

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler.1\CLSID@ {D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer@ LivecallDialer Class

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CLSID@ {6E2200B4-7C9E-44C6-96A3-F904A7AB8880}

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CurVer

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CurVer@ pcsexe.Dialer.1

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer.1@ LivecallDialer Class

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer.1\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer.1\CLSID@ {6E2200B4-7C9E-44C6-96A3-F904A7AB8880}

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer@ LivecallDialer Class

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CLSID@ {81C63250-607F-4e79-9FCB-F756C16C5AB9}

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CurVer

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CurVer@ pcsexe.Dialer.1

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer.1@ LivecallDialer Class

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer.1\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer.1\CLSID@ {81C63250-607F-4e79-9FCB-F756C16C5AB9}

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut@ PstnOut Class

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CLSID@ {630ED07B-04A5-4AB9-A73B-FD94F34D5F09}

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CurVer

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CurVer@ pcsexe.PstnOut.1

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut.1@ PstnOut Class

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut.1\CLSID

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut.1\CLSID@ {630ED07B-04A5-4AB9-A73B-FD94F34D5F09}

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer@ SoftphoneDialer Class

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CLSID@ {72770783-9801-43c4-9E1F-9084BAE210CF}

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CurVer

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CurVer@ Softphone.Dialer.1

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer.1@ SoftphoneDialer Class

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer.1\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer.1\CLSID@ {72770783-9801-43c4-9E1F-9084BAE210CF}

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow@ SoftphoneDialerWindow Class

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CLSID@ {37E192CB-B5C5-4487-9D66-2550B6F57B7A}

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CurVer

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CurVer@ Softphone.DialerWindow.1

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow.1@ SoftphoneDialerWindow Class

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow.1\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow.1\CLSID@ {37E192CB-B5C5-4487-9D66-2550B6F57B7A}

Reg HKLM\SOFTWARE\Classes\Softphone.Error@ SoftphoneError Class

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CLSID@ {C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CurVer

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CurVer@ Softphone.Error.1

Reg HKLM\SOFTWARE\Classes\Softphone.Error.1@ SoftphoneError Class

Reg HKLM\SOFTWARE\Classes\Softphone.Error.1\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.Error.1\CLSID@ {C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact@ SoftphonePhoneContact Class

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CLSID@ {52C92B9C-B117-4AC5-AD94-A6D8604608BB}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CurVer

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CurVer@ Softphone.PhoneContact.1

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact.1@ SoftphonePhoneContact Class

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact.1\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact.1\CLSID@ {52C92B9C-B117-4AC5-AD94-A6D8604608BB}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber@ SoftphonePhoneNumber Class

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CLSID@ {B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CurVer

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CurVer@ Softphone.PhoneNumber.1

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber.1@ SoftphonePhoneNumber Class

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber.1\CLSID

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber.1\CLSID@ {B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob@ Windows Live Setup Service

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CLSID

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CLSID@ {9B38B1AC-C774-46AB-AD99-0C19871F0714}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CurVer

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CurVer@ WindowsLive.SetupJob.1

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob.1@ Windows Live Setup Service

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob.1\CLSID

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob.1\CLSID@ {9B38B1AC-C774-46AB-AD99-0C19871F0714}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService@ Windows Live Setup Service

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CLSID

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CLSID@ {585D47D2-CF74-4869-BF4E-DF5662504F11}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CurVer

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CurVer@ WindowsLive.SetupService.1

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService.1@ Windows Live Setup Service

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService.1\CLSID

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService.1\CLSID@ {585D47D2-CF74-4869-BF4E-DF5662504F11}

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedCompression.1@ Xceed Compression Control

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedCompression.1\CLSID

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedCompression.1\CLSID@ {4C836512-BB70-11D2-A5A7-00105A9C91C6}

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedCompression.1\Insertable

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedZip.4@ Xceed Zip Control v4.1

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedZip.4\CLSID

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedZip.4\CLSID@ {DB797690-40E0-11D2-9BD5-0060082AE372}

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedZip.4\Insertable

---- EOF - GMER 1.0.15 ----

Segue log do HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:36:03, on 2/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para gmer.zip\gmer.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 4249 bytes

Obrigado e abraços

Boa Noite! EDSSX

<!> Ps: As detecções em gmer,não foram conclusivas!

000000000000000000

000000000000000000

<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png&key=efcb6256c364a131b84c2540036815df3193e54eaa95d4bf2b08ee3ce55f2d12" alt="rootRepealDesktopIcon.png" /> >

<!> Link-2 < RootRepeal.zip >

<!> Link-3 < RootRepeal.zip >

<@> Descompacte-o para o desktop.

<@> Abra a o programa,e clique em "Report" --> "Scan" < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/forums/rootRepeal/btnScan.png&key=c4a2a6b4e8eaa7b5ab0927306fe0a1cdd46ee6164550a81fdc9e94b429a8c388" alt="btnScan.png" /> >

/applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/forums/rootRepeal/checkBoxes2.png&key=be49a162d78a7dea044a47836faa06e3c6f8ee4a92e87485a209e3de82803a51" alt="checkBoxes2.png" />

<@> Marque,àcima,as 7 caixinhas. --> Clique OK.

<@> Escolha,à seguir,seu drive. ( C:\ ou D:\ ) --> OK.

<@> Dê início ao scan e,ao terminar,clique em "Save Report" < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/forums/rootRepeal/saveReport.png&key=399c3b103158911df77b6130a22f658f6a81c096fc1d0d8edc40246b2e278055" alt="saveReport.png" /> >

<@> Salve-o com o nome: "RootRepeal.txt" <-- Relatório! <-- Poste-o!

Abraços!

Boa Noite ! DigRam

Segue o log :

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/05/02 22:07

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: bdfm.sys

Image Path: D:\WINDOWS\system32\drivers\bdfm.sys

Address: 0xF6BB8000 Size: 145792 File Visible: No Signed: -

Status: -

Name: bdfsfltr.sys

Image Path: D:\WINDOWS\system32\drivers\bdfsfltr.sys

Address: 0xF6E9D000 Size: 282880 File Visible: No Signed: -

Status: -

Name: bdftdif.sys

Image Path: D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall\bdftdif.sys

Address: 0xF7ED2000 Size: 112640 File Visible: No Signed: -

Status: -

Name: BDHV.SYS

Image Path: D:\WINDOWS\system32\drivers\BDHV.SYS

Address: 0xF6B9F000 Size: 102400 File Visible: No Signed: -

Status: -

Name: bdselfpr.sys

Image Path: D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys

Address: 0xF746D000 Size: 64512 File Visible: No Signed: -

Status: -

Name: d1c20812.sys

Image Path: D:\WINDOWS\System32\Drivers\d1c20812.sys

Address: 0xF6A8B000 Size: 143744 File Visible: No Signed: -

Status: -

Name: profos.sys

Image Path: D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys

Address: 0xF6B4F000 Size: 14720 File Visible: No Signed: -

Status: -

Name: pxtdapoc.sys

Image Path: D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys

Address: 0xF6883000 Size: 93056 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF748D000 Size: 49152 File Visible: No Signed: -

Status: -

Name: trufos.sys

Image Path: D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys

Address: 0xF7CD2000 Size: 39808 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: d:\documents and settings\edsom luis\meus documentos\salvação..bkf

Status: Allocation size mismatch (API: 4294967295, Raw: 0)

Path: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\places.sqlite

Status: Allocation size mismatch (API: 1277952, Raw: 262144)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_001_

Status: Allocation size mismatch (API: 2621440, Raw: 1933312)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_002_

Status: Allocation size mismatch (API: 4259840, Raw: 3440640)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_003_

Status: Allocation size mismatch (API: 6389760, Raw: 5996544)

SSDT

-------------------

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746fd02

#: 019 Function Name: NtAssignProcessToJobObject

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747006e

#: 031 Function Name: NtConnectPort

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747123c

#: 037 Function Name: NtCreateFile

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7470a52

#: 041 Function Name: NtCreateKey

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74716a6

#: 047 Function Name: NtCreateProcess

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74701b8

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747023a

#: 050 Function Name: NtCreateSection

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7470876

#: 053 Function Name: NtCreateThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f904

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf83a34f3

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf83a34fd

#: 066 Function Name: NtDeviceIoControlFile

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74717a6

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747428c

#: 084 Function Name: NtFsControlFile

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74718e4

#: 097 Function Name: NtLoadDriver

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74721f6

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf83a3502

#: 116 Function Name: NtOpenFile

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7470966

#: 122 Function Name: NtOpenProcess

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7473fde

#: 125 Function Name: NtOpenSection

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7470796

#: 128 Function Name: NtOpenThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747410c

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746fc00

#: 180 Function Name: NtQueueApcThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7470110

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf83a350c

#: 199 Function Name: NtRequestPort

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf74712cc

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7471088

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf83a3507

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7471456

#: 213 Function Name: NtSetContextThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f9f4

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746fe06

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf83a34f8

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746fb62

#: 254 Function Name: NtSuspendThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746fac4

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746ffcc

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf7473f4e

#: 258 Function Name: NtTerminateThread

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf747439a

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f802

Shadow SSDT

-------------------

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f5e2

#: 347 Function Name: NtUserDdeSetQualityOfService

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f576

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f534

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f3f6

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f3b0

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f132

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746efbc

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f010

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746f190

#: 502 Function Name: NtUserSendInput

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746ef82

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746e90e

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xf746ec3c

==EOF==

Aproveitando esta oportunidade ref. à malwares,fineza ler ref. autorun.inf :

http://forum.imasters.com.br/index.php?/topic/393173-testando-bitdefender-free-2010/

Abraços

Bom Dia! EDSSX

<!> Desinstale,esperimentalmente,a suíte: D:\Arquivos de programas\BitDefender <--

<!> Ps: Voçê já possui o Avira....

000000000000000000000

000000000000000000000

<@> Submeta este ficheiro,abaixo,à uma análise em: < VirSCAN.org >

<!> D:\WINDOWS\System32\Drivers\d1c20812.sys

<@> Clique em "Enviar arquivo...".

<@> Localizado o ficheiro,em seu PC,clique em "Upload" --> Aguarde!

<@> Na mensagem,clique em: "Verificar novamente"

<@> Concluindo,copie e envie-nos o link ao relatório.

<@> Exemplo: Foi verificado o arquivo NodeRefresh.dll,cujo link ao relatório segue abaixo:

<@> Link: --> < /applications/core/interface/imageproxy/imageproxy.php?img=http://virscan.org/images/logo.gif&key=42c1b3989cde9b168c8e1d6d474621d56c0e65acf84fa774c36022528fdee13c" alt="logo.gif" /> >

000000000000000000000

000000000000000000000

<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://d.imagehost.org/0683/otm1.jpg&key=441638a6caf7ccd10e9fa578f4d67477449813b972fd575151ba7c9d9553e1e5" alt="otm1.jpg" /> > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

>
:Processesexplorer.exe

:Files

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys

:Services

pxtdapoc

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

<@> Copie e cole estas informações,que estão na Quote,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTM\MovedFiles\xxxx2010_xxxxxx.log <--

Abraços!

Boa noite ! DigRam

Sim, perçebi também muitos diretórios ocultos do bitdefender no log do ROOTREPEAL; pois/o estranho é que já tinha removido o bitdefender ás 19:00 h mais ou menos de ontem ; vossa pessoa leu os meus dois primeiros posts no tópico http://forum.imasters.com.br/index.php?/topic/393173-testando-bitdefender-free-2010/ ; para dar suporte à isto posto log da DDS logo infra.

O diretório D:\WINDOWS\System32\Drivers\d1c20812.sys , não existe mais no sistema, segundo a caixa de dialogo que abre no momento de enviar o arquivo .

Segue log do OTM :

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys not found.

========== SERVICES/DRIVERS ==========

Error: No service named pxtdapoc was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pxtdapoc deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33172 bytes

User: edsom luis

->Temp folder emptied: 1830177 bytes

->Temporary Internet Files folder emptied: 49420 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 67631209 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 661 bytes

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 66,00 mb

OTM by OldTimer - Version 3.1.11.0 log created on 05022010_233317

Segue DDS :

DDS (Ver_09-12-01.01) - FAT32x86

Run by edsom luis at 23:44:20,01 on dom 02/05/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.167 [GMT -3:00]

AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWindow Title =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "d:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [avgnt] "d:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

uPolicies-explorer: NoRealMode = 0 (0x0)

uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

uPolicies-explorer: NoFileUrl = 0 (0x0)

uPolicies-explorer: NoUpdateCheck = 0 (0x0)

mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: E&xportar para o Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

AppInit_DLLs: d:\windows\system32\wbsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-4-20 11608]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2010-4-20 135336]

R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-4-20 267432]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-4-20 60936]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584]

S3 rootrepeal;rootrepeal;\??\d:\windows\system32\drivers\rootrepeal.sys --> d:\windows\system32\drivers\rootrepeal.sys [?]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

=============== Created Last 30 ================

2010-05-03 02:33:17 0 d-----w- D:\_OTM

2010-05-03 01:06:39 0 ----a-w- d:\documents and settings\edsom luis\settings.dat

2010-05-02 21:04:24 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 21:04:21 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-05-02 20:53:20 0 d-----w- d:\arquivos de programas\navilog1

2010-05-02 20:45:41 69046 ----a-w- D:\BdUninstallTool2010.05.02-05.45.40.reg

2010-05-02 15:15:19 52 ----a-w- d:\windows\system32\ashttpstats.csv

2010-04-30 00:45:56 0 d-----w- d:\windows\system32\wbem\Repository

2010-04-29 23:16:40 54624 ----a-w- d:\windows\system32\9877.sys

2010-04-29 23:16:08 2335270 ----a-w- d:\windows\system32\0fc6.mht

2010-04-29 22:42:56 2335270 ----a-w- d:\windows\system32\0e81A.mht

2010-04-29 22:09:41 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys

2010-04-29 21:41:55 0 d-----w- D:\_OTL

2010-04-26 22:45:09 0 d-----w- d:\arquivos de programas\Yahoo!

2010-04-25 17:52:09 0 d--h--w- d:\windows\NiwradSoft Shell Pack

2010-04-24 20:13:19 0 d-----w- d:\windows\speech

2010-04-22 23:54:53 0 d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2010-04-22 23:41:42 171912 ----a-w- D:\BdUninstallTool2010.04.22-08.41.42.reg

2010-04-22 18:28:47 345600 ------w- d:\windows\system32\dllcache\mspaint.exe

2010-04-22 16:16:42 0 d-sha-r- D:\autorun.inf

2010-04-22 15:34:59 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys

2010-04-22 13:45:34 0 d---a-w- D:\Navilog1

2010-04-22 02:41:30 3 ----a-w- d:\windows\rrxx.dll

2010-04-22 02:19:35 0 d-sh--w- D:\Recycled

2010-04-22 02:11:17 98816 ----a-w- d:\windows\sed.exe

2010-04-21 18:09:36 0 d-----w- D:\Lop SD

2010-04-20 21:57:49 5760054 ----a-w- d:\windows\AW_1600x1200.bmp

2010-04-20 15:39:15 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Avira

2010-04-20 15:35:16 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-04-20 15:35:14 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Avira

2010-04-20 15:35:14 0 d-----w- d:\arquivos de programas\Avira

2010-04-18 21:13:09 3932214 ----a-w- d:\windows\AW_XenoMorph1280.bmp

2010-04-18 20:27:53 64 ----a-w- d:\windows\wb.ini

2010-04-18 20:27:53 0 d-----w- d:\arquivos de programas\arquivos comuns\Stardock

2010-04-18 00:33:59 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-04-18 00:33:59 411368 ----a-w- d:\windows\system32\deployJava1.dll

2010-04-17 17:51:02 0 d-----w- d:\windows\Crystal

2010-04-17 17:40:07 0 d-----w- D:\APTDatabase

2010-04-05 00:25:42 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Software Informer

2010-04-05 00:25:29 0 d--h--w- d:\documents and settings\edsom luis\Recent(8)

2010-04-04 19:14:32 0 d-----w- d:\arquivos de programas\arquivos comuns\Apple

==================== Find3M ====================

2010-05-03 02:35:22 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2010-04-25 21:25:08 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-04-04 16:04:58 537842 ----a-w- D:\HaxFix.exe

2010-03-19 21:05:50 4874240 ----a-w- d:\windows\system32\dllcache\wmp.dll

2010-03-12 21:02:40 261632 ----a-w- d:\windows\PEV.exe

2010-03-10 06:16:48 420352 ----a-w- d:\windows\system32\vbscript.dll

2010-03-10 06:16:48 420352 ----a-w- d:\windows\system32\dllcache\vbscript.dll

2010-03-04 01:54:22 80630 ----a-w- d:\windows\system32\perfc016.dat

2010-03-04 01:54:22 471828 ----a-w- d:\windows\system32\perfh016.dat

2010-02-25 14:47:48 11070976 ----a-w- d:\windows\system32\dllcache\ieframe.dll

2010-02-24 13:11:08 455680 ------w- d:\windows\system32\dllcache\mrxsmb.sys

2010-02-24 09:57:24 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe

2010-02-17 17:07:18 2354304 ----a-w- d:\windows\system32\ntoskrnl.exe

2010-02-17 17:07:18 2354304 ----a-w- d:\windows\system32\dllcache\ntoskrnl.exe

2010-02-17 04:06:58 126976 ----a-w- d:\windows\MSKeyStoreJNI.dll

2010-02-16 19:07:16 2231168 ----a-w- d:\windows\system32\ntkrnlpa.exe

2010-02-16 19:07:16 2231168 ----a-w- d:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 19:07:12 2150400 ------w- d:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 19:07:12 2028544 ------w- d:\windows\system32\dllcache\ntkrpamp.exe

2010-02-12 04:34:56 100864 ----a-w- d:\windows\system32\6to4svc.dll

2010-02-12 04:34:56 100864 ------w- d:\windows\system32\dllcache\6to4svc.dll

2010-02-11 12:02:16 226880 ------w- d:\windows\system32\dllcache\tcpip6.sys

2010-02-08 11:23:12 7725 ----a-w- d:\windows\system32\tcpip.reg

2010-02-02 12:27:42 3132 ----a-w- d:\windows\system32\Service_GoogleDesktopManager-060409-093314.reg.dat

2010-02-02 12:27:42 2404 ----a-w- d:\windows\system32\Service_pxkbf.reg.dat

2010-02-02 12:27:42 2380 ----a-w- d:\windows\system32\Service_CMC AntiRootkit Service.reg.dat

2010-02-02 12:27:42 2012 ----a-w- d:\windows\system32\Service_KProcWatch.reg.dat

2009-12-01 18:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini

2009-11-20 22:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf

2009-11-20 22:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe

2009-11-20 22:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll

2009-11-20 22:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-11-20 22:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-11-13 21:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-08-19 08:39:36 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20:00 621546 ----a-w- d:\arquivos de programas\arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20:00 3219 ----a-w- d:\arquivos de programas\arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir

2008-06-09 13:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2002-03-11 09:06:30 1822520 ------w- d:\arquivos de programas\instmsiw.exe

2002-03-11 08:45:04 1708856 ------w- d:\arquivos de programas\instmsia.exe

2009-01-21 15:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-09-11 17:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-11-24 09:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-03-08 17:09:26 638816 --sha-w- d:\windows\niwradsoft shell pack\backup\iexplore.exe

2008-04-14 03:21:24 73728 --sha-w- d:\windows\niwradsoft shell pack\backup\wmplayer.exe

============= FINISH: 23:45:40,51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/9/2007 10:51:37

System Uptime: 5/2/2010 23:35:08 (2064 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 9,516 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 38,957 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Service: ati2mtag

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Service: ati2mtag

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VirtualBox Bridged Networking Driver Miniport

Device ID: ROOT\SUN_VBOXNETFLTMP\0004

Manufacturer: Sun Microsystems, Inc.

Name: WAN Miniport (PPTP) - VirtualBox Bridged Networking Driver Miniport

PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0004

Service: VBoxNetFlt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VirtualBox Bridged Networking Driver Miniport

Device ID: ROOT\SUN_VBOXNETFLTMP\0005

Manufacturer: Sun Microsystems, Inc.

Name: Miniporta WAN (PPPOE) - VirtualBox Bridged Networking Driver Miniport

PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0005

Service: VBoxNetFlt

==== System Restore Points ===================

RP69: 2/5/2010 18:10:16 - LCCD C INFO C D

RP70: 2/5/2010 22:48:36 - Revo Uninstaller's restore point - MV RegClean 5.9

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

Apple Application Support

Apple Software Update

Atualização de Segurança para o Windows Media Player (KB979402)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB980232)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows Internet Explorer 8 (KB980182)

Avira AntiVir Personal - Free Antivirus

BrOffice.org 3.1

C-Media WDM Audio Driver

CCleaner

CursorXP

EVEREST Home Edition v2.20

Gadwin PrintScreen

Google Chrome

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

K-Meleon 1.5.4 en-US (remove only)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Speech Recognition Engine 4.0 (English)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6)

MSXML 4.0 SP2 (KB973688)

Opera 10.53

Revo Uninstaller 1.87

Safari

Seven Remix XP 2.4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

você 9.0 Runtime

VIA Rhine-Family Fast-Ethernet Adapter

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Internet Explorer 7

Windows Media Format 11 runtime

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Abraços

Bom Dia! EDSSX

Sim, perçebi também muitos diretórios ocultos do bitdefender no log do ROOTREPEAL; pois/o estranho é que já tinha removido o bitdefender ás 19:00 h mais ou menos de ontem ; vossa pessoa leu os meus dois primeiros posts no tópico http://forum.imaster...nder-free-2010/ ; para dar suporte à isto posto log da DDS logo infra.

<!> Não tinha lido o outro Tópico,mas se o software foi desinstalado,restam-lhe resquícios que são detectados,como rootkits.

00000000000000000000000000

00000000000000000000000000

D:\BdUninstallTool2010.05.02-05.45.40.reg

D:\BdUninstallTool2010.04.22-08.41.42.reg

<!> Ps: Encontrando-o(s),execute estes arquivos e aceite a inserção ao registro.

00000000000000000000000000

00000000000000000000000000

<@> Execute,novamente,OTM.exe e cole no campo,estas informações:

>
:Processesexplorer.exe

:services

bdselfpr

bdftdif

trufos

profos

bdfm

bdhv

:files

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall\bdftdif.sys

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner

D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall

D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys

D:\Arquivos de programas\BitDefender\BitDefender 2010

D:\Arquivos de programas\Arquivos comuns\BitDefender

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys

D:\BdUninstallTool2010.05.02-05.45.40.reg

D:\BdUninstallTool2010.04.22-08.41.42.reg

D:\WINDOWS\system32\drivers\bdfsfltr.sys

D:\WINDOWS\System32\Drivers\d1c20812.sys

D:\WINDOWS\system32\drivers\bdfm.sys

D:\WINDOWS\system32\drivers\BDHV.SYS

:reg

:commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

<@> Copie e cole estas informações,na Quote,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: D:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: D:\_OTM\MovedFiles\xxxx2010_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,novo relatório do RootRepeal.

Abraços!

Bom dia ! DigRam

Não tinha lido o outro Tópico,mas se o software foi desinstalado,restam-lhe resquícios que são detectados,como rootkits.

Vale - se lembrar que este tópico, foi criado um dia antes do tópico acima .

Estes arquivos logo abaixo, foram criados no sistema como um backup pela ferramenta cfe. consta no link infra; de remoção do próprio Bitdefender, já que com o revo ficaram estas sobras e as mesmas cfe. no log do ROOTREPEAL supra, pois inclusive foi muito trabalhoso/demorado/teve suspeitas de corromper o sistema operacional no ato de remover o Bitdefender free2010 com o revo uninstall ( tive que usar a ferramenta mencionada no link infra se não, não removia nem o programa; pois o revo travou;usei ambas juntos ) e teve até uma tela parada (azul) descarregando memória e desligando o win para não danifica - lo . Inclusive também ontem dei um shift+del nos mesmos .

D:\BdUninstallTool2010.05.02-05.45.40.reg

D:\BdUninstallTool2010.04.22-08.41.42.reg

http://uninstallers.blogspot.com/

Não recomendo instalar o Bitdefender free 2010 .

Nesta madrugada após o teu 1º comando com o OTM cfe. o log do ROOTREPEAL infra, já tinha sumido os diretórios restos do Bitdefender .

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/05/03 00:36

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: rootrepeal.sys

Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF7D4E000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: d:\documents and settings\edsom luis\meus documentos\salvação..bkf

Status: Allocation size mismatch (API: 4294967295, Raw: 0)

Path: D:\Documents and Settings\edsom luis\Configurações locais\Temp\~DFF186.TMP

Status: Invisible to the Windows API!

Path: D:\Documents and Settings\edsom luis\Configurações locais\Temp\~DFF192.TMP

Status: Invisible to the Windows API!

Path: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\places.sqlite

Status: Allocation size mismatch (API: 1245184, Raw: 229376)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\urlclassifier3.sqlite

Status: Allocation size mismatch (API: 20414464, Raw: 20348928)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_001_

Status: Allocation size mismatch (API: 1081344, Raw: 196608)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_002_

Status: Allocation size mismatch (API: 1081344, Raw: 163840)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_003_

Status: Allocation size mismatch (API: 1081344, Raw: 294912)

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf83a222e

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf83a2224

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf83a2233

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf83a223d

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf83a2242

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf83a2210

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf83a2215

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf83a224c

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf83a2247

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf83a2238

==EOF==

Segue log do OTM :

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

Error: No service named bdselfpr was found to stop!

Service\Driver key bdselfpr not found.

Error: No service named bdftdif was found to stop!

Service\Driver key bdftdif not found.

Error: No service named trufos was found to stop!

Service\Driver key trufos not found.

Error: No service named profos was found to stop!

Service\Driver key profos not found.

Error: No service named bdfm was found to stop!

Service\Driver key bdfm not found.

Error: No service named bdhv was found to stop!

Service\Driver key bdhv not found.

========== FILES ==========

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\trufos.sys not found.

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner\profos.sys not found.

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall\bdftdif.sys not found.

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Threat Scanner not found.

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Firewall not found.

File/Folder D:\Arquivos de programas\BitDefender\BitDefender 2010\bdselfpr.sys not found.

File/Folder D:\Arquivos de programas\BitDefender\BitDefender 2010 not found.

File/Folder D:\Arquivos de programas\Arquivos comuns\BitDefender not found.

File/Folder D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys not found.

File/Folder D:\BdUninstallTool2010.05.02-05.45.40.reg not found.

File/Folder D:\BdUninstallTool2010.04.22-08.41.42.reg not found.

File/Folder D:\WINDOWS\system32\drivers\bdfsfltr.sys not found.

File/Folder D:\WINDOWS\System32\Drivers\d1c20812.sys not found.

File/Folder D:\WINDOWS\system32\drivers\bdfm.sys not found.

File/Folder D:\WINDOWS\system32\drivers\BDHV.SYS not found.

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: edsom luis

->Temp folder emptied: 1487531 bytes

->Temporary Internet Files folder emptied: 165098 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 33498403 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 434 bytes

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 34,00 mb

OTM by OldTimer - Version 3.1.11.0 log created on 05032010_092404

Segue novo log do ROOTREPEAL :

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/05/03 09:55

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: rootrepeal.sys

Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xF705F000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: d:\documents and settings\edsom luis\meus documentos\salvaÇÃo pericia digital..bkf

Status: Allocation size mismatch (API: 4294967295, Raw: 0)

Path: D:\Documents and Settings\edsom luis\Configurações locais\Temp\~DFEA0A.tmp

Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\edsom luis\Configurações locais\Temp\~DFEA16.tmp

Status: Visible to the Windows API, but not on disk.

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\urlclassifier3.sqlite

Status: Allocation size mismatch (API: 10518528, Raw: 10420224)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_001_

Status: Allocation size mismatch (API: 1114112, Raw: 196608)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_002_

Status: Allocation size mismatch (API: 1114112, Raw: 131072)

Path: d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\cache\_cache_003_

Status: Allocation size mismatch (API: 1146880, Raw: 229376)

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf837aa1e

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf837aa14

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf837aa23

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf837aa2d

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf837aa32

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf837aa00

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf837aa05

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf837aa3c

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf837aa37

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf837aa28

==EOF==

O guarda chuva do avira ainda está falho e o avira antirootkit ainda também não abre .

Abraços

Boa Tarde! EDSSX

Não recomendo instalar o Bitdefender free 2010.

<!> Também não recomendaria,pois sua desinstalação é muito traumatizante. rsrs..

O guarda chuva do avira ainda está falho e o avira antirootkit ainda também não abre.

<!> Tente sua desinstalação ou Reparo,e posterior limpeza com a ferramenta da Avira.

<!> Remova,também,seus diretórios!

<!> < Avira AntiVir RegistryCleaner > ( 887 KB )

<!> Á seguir,instale,novamente,o Avira.

000000000000000000000000

000000000000000000000000

<@> Abra o OTM.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:processes

explorer.exe

:reg

:files

D:\Documents and Settings\edsom luis\Configurações locais\Temp\.

:commands

[emptytemp]

[purity]

[start explorer]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: D:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: D:\_OTM\MovedFiles\xxxx2010_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

Abraços!

Boa tarde !

DigRam

Desinstalei o avira antivir; e agora sempre dá falha na instalação; resultado o guard fica com o serviço parado .

Outro antirootkits, o panda; dá erro cfe. print infra :

Este print foi antes de remover o avira .

/applications/core/interface/imageproxy/imageproxy.php?img=http://img26.imageshack.us/img26/7075/screenshot001jg.th.png&key=71aa91893060ed7dddb7da5c18a548f35a0f1a151b2b1dc4bb389a775a788648" alt="screenshot001jg.th.png" />

Segue o log :

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== REGISTRY ==========

========== FILES ==========

File/Folder D:\Documents and Settings\edsom luis\Configurações locais\Temp\. not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: edsom luis

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 31385031 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 434 bytes

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 30,00 mb

OTM by OldTimer - Version 3.1.12.0 log created on 05032010_143142

-------------------------

-------------------------

Entretanto no log do gmer, não consta mais aqueles itens em vermelho .

Obrigado e abraços

Boa Noite! EDSSX

<@> Vá a este endereço:

<!> < ConfickerWorkingGroup >

<@> Interprete as 6 imagens,na infecção pelo conficker. ( Conficker Eye Chart )

<@> Ps: Informe o resultado!

0000000000000000000000

0000000000000000000000

<@> Baixe: < Kaspersky Virus Removal Tool >

Download of Kaspersky Virus Removal Tool will be started after two seconds.If the download does not automatically start in 5 seconds, then please click here.

<@> Ps: Salve-o em Arquivos de programas.

<@> Instale a ferramenta,seguindo todos os seus passos.

<@> Na tela principal do programa,clique na opção "Meu computador".

<@> Á seguir,clique no botão "Scan".

<@> Ps: Seja paciente,pois o scan é demorado.

<@> Caso seja encontrado alguma infecção,clique em "skip".

<@> Concluindo,clique no botão < /applications/core/interface/imageproxy/imageproxy.php?img=http://i45.tinypic.com/dnndyq.png&key=9f57746d8b50c42cb19beb3b743190ff9933fa50ce26adb61dc58065f708f370" alt="dnndyq.png" /> > e na aba "Detected Threats".

<@> Copie o conteúdo da lista,se houver algo detectado,e poste-o na sua resposta.

Abraços!

Boa noite ! DigRam

As seis figuras estão idênticas ao exemplo .

Consegui reinstalar o avira antivir; muito simples no ato da instalação, não marcar a opção criar ponto de restauração; ai consta tudo completo e o guard funciona .

E inclusive o avira continua detectando e bloqueiando o D:\autorun.inf ao abrir o disco local D ; onde contém também o D:\autorun.inf de vacinação do USBFIX cfe. explicado no outro tópico logo supra .

O problema do guarda chuva ainda persiste e o avira antirootkit nada de abrir .

Meu caro amigo DigRam, já ouviu falar destes drivers :

\SystemRoot\system32\DRIVERS\9156785.sys

\SystemRoot\system32\DRIVERS\91567851.sys

\SystemRoot\system32\DRIVERS\91567852.sys

KEDUSHA.SYS ; pois aqui em meu sistema constão os mesmos como ocultos .

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

******************************************************************************************

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: kedusha.sys

Service Name: ---

Module Base: F85B6000

Module End: F85C5000

Hidden: Yes

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

******************************************************************************************

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: kedusha.sys

Service Name: ---

Module Base: F85B6000

Module End: F85C5000

Hidden: Yes

Module Name: \SystemRoot\system32\DRIVERS\9156785.sys

Service Name: ---

Module Base: F6BD6000

Module End: F6C27000

Hidden: Yes

Module Name: \SystemRoot\system32\DRIVERS\91567851.sys

Service Name: 91567851

Module Base: F66B6000

Module End: F6BD6000

Hidden: Yes

Module Name: \SystemRoot\system32\DRIVERS\91567852.sys

Service Name: ---

Module Base: F80AD000

Module End: F80BA000

Hidden: Yes

O Kaspersky Virus Removal Tool não detectou nada .

Obrigado e abraços

Bom Dia! EDSSX

Meu caro amigo DigRam, já ouviu falar destes drivers :\SystemRoot\system32\DRIVERS\9156785.sys

\SystemRoot\system32\DRIVERS\91567851.sys

\SystemRoot\system32\DRIVERS\91567852.sys

KEDUSHA.SYS ; pois aqui em meu sistema constão os mesmos como ocultos.

<!> Não! Onde a ferramenta AVPTool,se foi executada em Modo Seguro e com os arquivos ocultos liberados,teria-os detectado caso fossem maliciosos.

<!> Ps: Não encontrei referências bibliográficas para os mesmos,principalmente para KEDUSHA.SYS

O Kaspersky Virus Removal Tool não detectou nada.

<!> Porque não houve nada à ser detectado! rsr..

<!> Quanto ao ficheiro D:\autorun.inf,detectado pelo Avira,procure enviá-lo à VirSCAN.org.

00000000000000000000000

00000000000000000000000

<@> Agende,para o próximo boot,o scandisk.

<@> Vá em Iniciar --> Executar --> Digite: cmd --> Clique: OK

<@> Na janela do prompt,digite: chkdsk /r --> Aperte Enter.

<@> Tecle "S" --> Aperte Enter.

<@> O scandisk foi selecionado para o próximo boot.

<@> Para sair,digite exit --> Aperte Enter.

<@> Reinicie o computador,para que tenha início o scandisk.

arquivos e pastas

índices

descritores de segurança

dados de arquivos

espaço disponível

<@> Aguarde,pacientemente,a conclusão de todas as verificações.

<@> Ao final,o computador reiniciará automáticamente.

<@> Ps: Informe os resultados!

Abraços!

Boa tarde ! DigRam

Sim , até então pesquisei no google e nem abriu nada = páginas/links relacionados; que milagre pois no google tem tudo, até eu rsrs .

Segundo no VirSCAN.org , não é encontrado o arquivo enviado; sendo que o mesmo se encontra no disco D ( vacinações do USBFIX ) e o avira através do guard bloqueia - os toda hora ; basta eu ir/abrir no/o disco local .

Enquanto ao scandisk; executo estes proçedimentos esporadicamente e o resultado preocupante consta apenas no D que está 4 GB arquivos danificados/corrompidos ( algo assim, pois a tela azul fecha - se rápida para reiniciar o os ) .

Como se perçebe - se os drivers ocultos supra foram detectados pelo antirootkit SysProt . Confiável tuas detecções ?

Abraços e obrigado

Boa noite ! DigRam

A opção editar não consta mais aqui .

Esta infecção, HEUR:Trojan.Win32.Invader , nos diretórios logo infra das ferramentas francesas ; são falsos positivos ?

D:\desktop\download\haxfix.exe

D:\desktop\download\haxfix\catchme.exe

D:\desktop\download\LOP S&D.exe

D:\desktop\download\LOP S&D\catchme.exe

O avira ficou louco, pois só entrar no D ( tuas pastas ),que bloqueia através do guard .

Como vossa pessoa pode perçeber no rodapé do log logo abaixo do combofix, executo o mesmo diversas vezes; resolvi roda - lo; olha só o resultado :

Apenas este ( d:\windows\rrxx.dll ) é um diretório de um otimizador de velocidade para o xp .

ComboFix 10-05-04.01 - edsom luis 04/05/2010 18:15:10.6.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.192 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\rrxx.dll

d:\windows\system32\drivers\ewqvudyvrsaa.sys

A cópia de d:\windows\system32\midimap.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ewqvudyvrsaa

-------\Service_ewqvudyvrsaa

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-04 to 2010-05-04 ))))))))))))))))))))))))))))

.

2010-05-04 18:34 . 2010-05-04 18:34 12552 ----a-w- d:\windows\system32\drivers\hddirect.sys

2010-05-04 03:41 . 2010-05-04 03:41 -------- d-----w- d:\arquivos de programas\CCleaner

2010-05-04 02:37 . 2010-05-04 02:38 -------- d-----w- d:\arquivos de programas\navilog1

2010-05-03 18:07 . 2010-05-03 18:07 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-03-01 13:05 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys

2010-05-03 18:00 . 2010-02-16 17:24 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-05-03 18:00 . 2009-05-11 15:49 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\arquivos de programas\Avira

2010-05-03 18:00 . 2009-05-11 15:49 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2010-05-03 01:06 . 2010-05-03 01:06 0 ----a-w- d:\documents and settings\edsom luis\settings.dat

2010-05-02 21:04 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 21:04 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-05-01 14:11 . 2010-05-01 14:11 -------- d-----w- d:\arquivos de programas\Opera

2010-04-30 21:42 . 2008-04-13 17:44 2560 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll

2010-04-30 01:07 . 2010-04-29 20:56 699512 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-04-30 01:07 . 2010-04-29 20:56 863312 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-04-30 00:45 . 2010-04-30 00:45 -------- d-----w- d:\windows\system32\wbem\Repository

2010-04-29 23:16 . 2010-04-29 23:16 54624 ----a-w- d:\windows\system32\9877.sys

2010-04-29 22:09 . 2007-01-18 12:00 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys

2010-04-26 22:45 . 2010-04-26 22:45 -------- d-----w- d:\arquivos de programas\Yahoo!

2010-04-25 17:52 . 2010-04-25 17:52 -------- d--h--w- d:\windows\NiwradSoft Shell Pack

2010-04-24 20:13 . 2010-04-24 20:13 -------- d-----w- d:\windows\speech

2010-04-22 23:54 . 2010-04-22 23:54 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2010-04-22 18:28 . 2009-12-17 07:41 345600 ------w- d:\windows\system32\dllcache\mspaint.exe

2010-04-22 15:34 . 2009-06-30 12:37 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys

2010-04-22 13:45 . 2010-04-22 13:45 -------- d---a-w- D:\Navilog1

2010-04-21 18:09 . 2010-04-21 18:09 -------- d-----w- D:\Lop SD

2010-04-18 20:27 . 2010-04-18 20:27 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Stardock

2010-04-18 01:03 . 2010-04-21 18:22 79488 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\gtapi.dll

2010-04-18 01:03 . 2010-04-21 18:22 152576 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\lzma.dll

2010-04-18 00:33 . 2010-04-18 00:33 411368 ----a-w- d:\windows\system32\deployJava1.dll

2010-04-17 17:51 . 2010-04-17 17:51 -------- d-----w- d:\windows\Crystal

2010-04-17 17:40 . 2010-04-17 17:40 -------- d-----w- D:\APTDatabase

2010-04-06 01:42 . 2010-04-06 01:42 -------- d-----w- d:\arquivos de programas\Safari

2010-04-06 01:41 . 2010-04-06 01:41 -------- d-----w- d:\arquivos de programas\Apple Software Update

2010-04-05 00:25 . 2010-04-05 00:25 -------- d--h--w- d:\documents and settings\edsom luis\Recent(8)

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-04 21:23 . 2010-02-06 22:21 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2010-05-03 13:58 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

2010-04-29 23:54 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-25 21:25 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Apple

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Apple

2010-04-04 16:04 . 2010-01-26 00:59 537842 ----a-w- D:\HaxFix.exe

2010-04-03 14:18 . 2010-04-03 14:18 -------- d-----w- d:\arquivos de programas\Windows Live

2010-04-01 20:31 . 2010-04-01 20:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\WinZip

2010-03-10 06:16 . 2004-08-04 10:45 420352 ----a-w- d:\windows\system32\vbscript.dll

2010-03-04 07:00 . 2010-03-04 07:00 79144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-04 01:54 . 2001-10-28 21:07 80630 ----a-w- d:\windows\system32\perfc016.dat

2010-03-04 01:54 . 2001-10-28 21:07 471828 ----a-w- d:\windows\system32\perfh016.dat

2010-02-25 06:17 . 2004-08-04 10:45 983040 ----a-w- d:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 09:15 455680 ----a-w- d:\windows\system32\drivers\mrxsmb.sys

2010-02-17 17:07 . 2004-08-04 10:40 2354304 ----a-w- d:\windows\system32\ntoskrnl.exe

2010-02-17 04:06 . 2010-02-17 04:06 126976 ----a-w- d:\windows\MSKeyStoreJNI.dll

2010-02-16 19:07 . 2004-08-04 03:40 2231168 ----a-w- d:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2004-08-04 10:45 100864 ----a-w- d:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 09:07 226880 ----a-w- d:\windows\system32\drivers\tcpip6.sys

2010-02-08 11:23 . 2010-01-16 19:07 7725 ----a-w- d:\windows\system32\tcpip.reg

2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini

2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- d:\arquivos de programas\instmsia.exe

2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-03-08 17:09 . 2010-04-25 18:01 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

2008-04-14 03:21 . 2010-04-25 18:01 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe

.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\winlogon.exe

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\ERDNT\cache\comctl32.dll

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\mshtml.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\mshtml.dll

[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\ERDNT\cache\mshtml.dll

[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\mshtml.dll

[7] 2010-02-25 . 6D179FBB1B42A3C33955652D3A38BFDF . 5946880 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll

[7] 2009-12-21 . B5A5C997C2F926C40CCC64A3BD377D4B . 5942784 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\mshtml.dll

[7] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll

[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\mshtml.dll

[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll

[7] 2009-10-22 . 61245C5B4B4F06058F4038DC2C7D9C72 . 5939712 . . [8.00.6001.18852] . . d:\windows\ie8updates\KB976325-IE8\mshtml.dll

[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . d:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll

[7] 2009-08-29 . DB337CCC2E1111068F0FFD08982810F7 . 5940224 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976749-IE8\mshtml.dll

[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll

[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . d:\windows\ie8updates\KB974455-IE8\mshtml.dll

[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll

[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll

[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\mshtml.dll

[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . d:\windows\ie8\mshtml.dll

[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . d:\windows\ie7updates\KB961260-IE7\mshtml.dll

[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . d:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[7] 2008-02-16 . 9D318F222A6FF820D92EC97F4F1935EC . 3087872 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll

[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . d:\windows\ie7updates\KB960714-IE7\mshtml.dll

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\ntoskrnl.exe

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\ERDNT\cache\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[7] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[7] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[7] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll

[7] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\wininet.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\wininet.dll

[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\ERDNT\cache\wininet.dll

[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\wininet.dll

[7] 2010-02-25 . D8E3E2FD8928B2BD8BEB2518C2E45ED1 . 919040 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll

[7] 2009-12-21 . 79805286A6D381A658A1871F6B3588B9 . 916480 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\wininet.dll

[7] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\wininet.dll

[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll

[7] 2009-08-29 . 83438BBF93CA586ED5149B1E1AA1BDBB . 916480 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976325-IE8\wininet.dll

[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . d:\windows\ie8updates\KB974455-IE8\wininet.dll

[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\wininet.dll

[7] 2008-12-21 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . d:\windows\ie8\wininet.dll

[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-02-16 . F3AD9DF6B30D5A3F67B5561109640958 . 668160 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\ntkrnlpa.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\ERDNT\cache\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[7] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[7] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[7] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

"HonorAutoRunSetting"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoUpdateCheck"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=d:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]

@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]

[HKLM\~\startupfolder\^.mjsync_pt_BR]

path=\.mjsync_pt_BR

[HKLM\~\startupfolder\^catchme.exe]

path=\catchme.exe

[HKLM\~\startupfolder\^Desktop.rar]

path=\Desktop.rar

[HKLM\~\startupfolder\^dumphive.exe]

path=\dumphive.exe

[HKLM\~\startupfolder\^Favoritos.rar]

path=\Favoritos.rar

[HKLM\~\startupfolder\^haxoth2.txt]

path=\haxoth2.txt

[HKLM\~\startupfolder\^md5file.exe]

path=\md5file.exe

[HKLM\~\startupfolder\^moveex.exe]

path=\moveex.exe

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\ntuser.dat

[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]

path=\NTUSER.DAT.bak_jv16pt

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]

path=\NTUSER.DAT.tmp.LOG

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

[HKLM\~\startupfolder\^PrivacIE.rar]

path=\PrivacIE.rar

[HKLM\~\startupfolder\^process.exe]

path=\process.exe

[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]

path=\rebuilt.Menu Iniciar.rar

[HKLM\~\startupfolder\^rebuilt.UserData.rar]

path=\rebuilt.UserData.rar

[HKLM\~\startupfolder\^run2.hax]

path=\run2.hax

[HKLM\~\startupfolder\^swreg.exe]

path=\swreg.exe

[HKLM\~\startupfolder\^swsc.exe]

path=\swsc.exe

[HKLM\~\startupfolder\^tool_en.log]

path=\tool_en.log

[HKLM\~\startupfolder\^UserData.rar]

path=\UserData.rar

[HKLM\~\startupfolder\^vfind.exe]

path=\vfind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 03:20 40448 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 14:43 248040 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoogleDesktopManager-060409-093314"=3 (0x3)

"ZeppelinService"=2 (0x2)

"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=

"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/9/2009 17:13 64160]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/5/2010 15:00 135336]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [9/9/2009 20:15 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/4/2009 21:46 26568]

S3 HDDirect;Hard Disk Direct Control;d:\windows\system32\drivers\hddirect.sys [4/5/2010 15:34 12552]

S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/9/2009 17:43 29584]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/4/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-05-04 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

• d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

.

------- Associação de arquivos/ficheiros -------

.

.txt=

.

• - - - ORFÃOS REMOVIDOS - - - -

SafeBoot-HDDirect

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-04 18:25

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds]

@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_REMOVEANY\0000]

@DACL=(02 0000)

"Service"="RemoveAny"

"Legacy"=dword:00000001

"ConfigFlags"=dword:00000000

"Class"="LegacyDriver"

"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"

"DeviceDesc"="RemoveAny driver"

"Capabilities"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_TMCOMM\0000]

@DACL=(02 0000)

"Service"="tmcomm"

"Legacy"=dword:00000001

"ConfigFlags"=dword:00000000

"Class"="LegacyDriver"

"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"

"DeviceDesc"="tmcomm"

"Capabilities"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(1308)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

• - - - - - - > 'lsass.exe'(1364)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\psbase.dll

• - - - - - - > 'explorer.exe'(3292)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\msi.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

d:\arquivos de programas\CursorXP\CurXP0.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

d:\arquivos de programas\Java\jre6\bin\jqs.exe

d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

d:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-05-04 18:28:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-05-04 21:28

ComboFix2.txt 2010-04-22 02:19

ComboFix3.txt 2010-04-18 21:54

ComboFix4.txt 2010-04-02 14:33

ComboFix5.txt 2010-05-04 21:14

Pré-execução: 22 pasta(s) 41.508.929.536 bytes disponíveis

Pós execução: 24 pasta(s) 41.756.688.384 bytes disponíveis

• - End Of File - - 8B08E43C8295541EE8101277D9D73802

Abraços

Bom Dia! EDSSX

Esta infecção, HEUR:Trojan.Win32.Invader , nos diretórios logo infra das ferramentas francesas ; são falsos positivos ?

<!> Sim! Mas essas ferramentas devem ser removidas,pois são sempre atualizadas.

<!> Não justificando,portanto,sua permanência na máquina.

<!> Estabeleça,agora,um Ponto de Restauração no Sistema.

oooooooooooooooooooooo

oooooooooooooooooooooo

<@> Selecione e copie,todo o conteúdo que está na área da QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

>
rootkit::d:\windows\system32\drivers\AvgArCln.sys

d:\windows\system32\drivers\pavboot.sys

d:\windows\system32\drivers\regguard.sys

d:\windows\system32\drivers\Lbd.sys

File::

D:\WINDOWS\system32\txmlutil.dll

D:\desktop\download\haxfix.exe

D:\desktop\download\haxfix\catchme.exe

D:\desktop\download\LOP S&D.exe

D:\desktop\download\LOP S&D\catchme.exe

D:\HaxFix.exe

D:\autorun.inf

RegNull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

RegLock::

[HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_REMOVEANY\0000]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_TMCOMM\0000]

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds]

RegLockDel::

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_REMOVEANY\0000]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_TMCOMM\0000]

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoveAny]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoveAny]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TMCOMM]

[-HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_REMOVEANY]

[-HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_TMCOMM]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tmcomm]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmcomm]

[-HKEY_CURRENT_USER\Software\RemoveAny]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""

Driver::

"ewqvudyvrsaa"

"LEGACY_REMOVEANY"

"LEGACY_TMCOMM"

"RegGuard"

"AvgArCln"

"pavboot"

"Lbd"

Folder::

d:\arquivos de programas\navilog1

D:\desktop\download\LOP S&D

D:\desktop\download\haxfix

D:\autorun.inf

D:\Navilog1

D:\Lop SD

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: D:\ComboFix.txt

oooooooooooooooooooooo

oooooooooooooooooooooo

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/r2t69y.jpg&key=0fb5c165f1d6600b7bf95a7030d087f3c3d0cd066b22c96bd9aeb80922ea44ba" alt="r2t69y.jpg" /> >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i44.tinypic.com/wrmljk.jpg&key=8a98b970d18a6145e41ab9e34dad2d39b6ac62af3c84ae62a6a79f611f9e4020" alt="wrmljk.jpg" />

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/6f8nwo.jpg&key=0560e9b135188afe88910b0f35be92353ae7701e625357480ba37b16a8ba5fee" alt="6f8nwo.jpg" />

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: D:\UsbFix.txt

Abraços!

Bom dia !

Segue os logs :

ComboFix 10-05-04.06 - edsom luis 05/05/2010 9:34.8.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.277 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"D:\autorun.inf"

"d:\desktop\download\haxfix.exe"

"d:\desktop\download\haxfix\catchme.exe"

"d:\desktop\download\LOP S&D.exe"

"d:\desktop\download\LOP S&D\catchme.exe"

"D:\HaxFix.exe"

"d:\windows\system32\txmlutil.dll"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\arquivos de programas\navilog1

D:\autorun.inf

d:\autorun.inf\lpt3.This folder was created by UsbFix

D:\HaxFix.exe

D:\Lop SD

d:\lop sd\App-Prog.lsd

d:\lop sd\AuDoss.lsd

d:\lop sd\AutrInf.cmd

d:\lop sd\AWF.cmd

d:\lop sd\Back.cmd

d:\lop sd\Backup-Lop\Hosts\Hosts

d:\lop sd\Backup-Lop\Reg\HKCU_Run.reg

d:\lop sd\Backup-Lop\Reg\HKLM_Run.reg

d:\lop sd\Backup-Lop\Reg\HKLM_Uninstall.reg

d:\lop sd\Boo.reg

d:\lop sd\BooFix.cmd

d:\lop sd\catchme.exe

d:\lop sd\catchme.log

d:\lop sd\Changelog Lop SD.txt

d:\lop sd\DirectFix.cmd

d:\lop sd\Discl_en.vbs

d:\lop sd\Discl_fr.vbs

d:\lop sd\Discl_ne.vbs

d:\lop sd\Discl_sp.vbs

d:\lop sd\Discl_su.vbs

d:\lop sd\Doss.lsd

d:\lop sd\Icon_Lop.ico

d:\lop sd\iNv.exe

d:\lop sd\KILL.cmd

d:\lop sd\Langues.cmd

d:\lop sd\LopR_1.txt

d:\lop sd\LopR_2.txt

d:\lop sd\LopR_3.txt

d:\lop sd\LopR_4.txt

d:\lop sd\LopR_5.txt

d:\lop sd\LopR_6.txt

d:\lop sd\LopScript.cmd

d:\lop sd\LopSD.cmd

d:\lop sd\lsTasks.exe

d:\lop sd\Orph.egd

d:\lop sd\OsV.exe

d:\lop sd\paths.bat

d:\lop sd\Proc.txt

d:\lop sd\pv.exe

d:\lop sd\RegLop.reg

d:\lop sd\Rkeys.txt

d:\lop sd\RKit.lsd

d:\lop sd\RoGUeS.lsd

d:\lop sd\RunTool.txt

d:\lop sd\S_LopV.cmd

d:\lop sd\S_LopX.cmd

d:\lop sd\sed.exe

d:\lop sd\setpath.exe

d:\lop sd\task.txt

d:\lop sd\WhL.lsd

D:\Navilog1

d:\navilog1\Contents\Filess.bat

d:\navilog1\Contents\Folders.bat

d:\navilog1\Contents\Folderss.bat

d:\navilog1\Contents\Fss86.bat

d:\navilog1\Contents\Gnc2.bat

d:\navilog1\Contents\Gnc2su.bat

d:\navilog1\Contents\Gncs.bat

d:\navilog1\Contents\Gncssfil.bat

d:\navilog1\Contents\Heurs.bat

d:\navilog1\Contents\Heurss.bat

d:\navilog1\Contents\Orphus.bat

d:\navilog1\Contents\Setlang.bat

d:\navilog1\Contents\Wlist.bat

d:\navilog1\Fav.exe

d:\navilog1\GetPaths.exe

d:\navilog1\mvfile.bat

d:\navilog1\navilog1.bat

d:\navilog1\Navreb.bat

d:\navilog1\oem2ansi.exe

d:\navilog1\OsV.exe

d:\navilog1\reg.exe

d:\navilog1\regnavi.reg

d:\navilog1\Report\debug.txt

d:\navilog1\traite.bat

d:\navilog1\traite2.bat

d:\navilog1\traite3.bat

d:\navilog1\Uninstal.bat

d:\windows\rrxx.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_LBD

-------\Legacy_REGGUARD

-------\Service_Lbd

-------\Service_RegGuard

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-05 to 2010-05-05 ))))))))))))))))))))))))))))

.

2010-05-04 18:34 . 2010-05-04 18:34 12552 ----a-w- d:\windows\system32\drivers\hddirect.sys

2010-05-04 03:41 . 2010-05-04 03:41 -------- d-----w- d:\arquivos de programas\CCleaner

2010-05-03 18:07 . 2010-05-03 18:07 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-03-01 13:05 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys

2010-05-03 18:00 . 2010-02-16 17:24 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-05-03 18:00 . 2009-05-11 15:49 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\arquivos de programas\Avira

2010-05-03 18:00 . 2009-05-11 15:49 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2010-05-03 01:06 . 2010-05-03 01:06 0 ----a-w- d:\documents and settings\edsom luis\settings.dat

2010-05-02 21:04 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 21:04 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-05-01 14:11 . 2010-05-01 14:11 -------- d-----w- d:\arquivos de programas\Opera

2010-04-30 21:42 . 2008-04-13 17:44 2560 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll

2010-04-30 01:07 . 2010-04-29 20:56 699512 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-04-30 01:07 . 2010-04-29 20:56 863312 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-04-30 00:45 . 2010-04-30 00:45 -------- d-----w- d:\windows\system32\wbem\Repository

2010-04-29 23:16 . 2010-04-29 23:16 54624 ----a-w- d:\windows\system32\9877.sys

2010-04-29 22:09 . 2007-01-18 12:00 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys

2010-04-26 22:45 . 2010-04-26 22:45 -------- d-----w- d:\arquivos de programas\Yahoo!

2010-04-25 17:52 . 2010-04-25 17:52 -------- d--h--w- d:\windows\NiwradSoft Shell Pack

2010-04-24 20:13 . 2010-04-24 20:13 -------- d-----w- d:\windows\speech

2010-04-22 23:54 . 2010-04-22 23:54 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2010-04-22 18:28 . 2009-12-17 07:41 345600 ------w- d:\windows\system32\dllcache\mspaint.exe

2010-04-22 15:34 . 2009-06-30 12:37 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys

2010-04-18 20:27 . 2010-04-18 20:27 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Stardock

2010-04-18 01:03 . 2010-04-21 18:22 79488 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\gtapi.dll

2010-04-18 01:03 . 2010-04-21 18:22 152576 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\lzma.dll

2010-04-18 00:33 . 2010-04-18 00:33 411368 ----a-w- d:\windows\system32\deployJava1.dll

2010-04-17 17:51 . 2010-04-17 17:51 -------- d-----w- d:\windows\Crystal

2010-04-17 17:40 . 2010-04-17 17:40 -------- d-----w- D:\APTDatabase

2010-04-06 01:42 . 2010-04-06 01:42 -------- d-----w- d:\arquivos de programas\Safari

2010-04-06 01:41 . 2010-04-06 01:41	--------	d-----w-	d:\arquivos de programas\Apple Software Update

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-05 12:42 . 2010-02-06 22:21 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2010-05-05 01:43 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

2010-04-29 23:54 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-25 21:25 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Apple

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Apple

2010-04-03 14:18 . 2010-04-03 14:18 -------- d-----w- d:\arquivos de programas\Windows Live

2010-04-01 20:31 . 2010-04-01 20:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\WinZip

2010-03-10 06:16 . 2004-08-04 10:45 420352 ----a-w- d:\windows\system32\vbscript.dll

2010-03-04 07:00 . 2010-03-04 07:00 79144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-04 01:54 . 2001-10-28 21:07 80630 ----a-w- d:\windows\system32\perfc016.dat

2010-03-04 01:54 . 2001-10-28 21:07 471828 ----a-w- d:\windows\system32\perfh016.dat

2010-02-25 06:17 . 2004-08-04 10:45 983040 ----a-w- d:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 09:15 455680 ----a-w- d:\windows\system32\drivers\mrxsmb.sys

2010-02-17 17:07 . 2004-08-04 10:40 2354304 ----a-w- d:\windows\system32\ntoskrnl.exe

2010-02-17 04:06 . 2010-02-17 04:06 126976 ----a-w- d:\windows\MSKeyStoreJNI.dll

2010-02-16 19:07 . 2004-08-04 03:40 2231168 ----a-w- d:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2004-08-04 10:45 100864 ----a-w- d:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 09:07 226880 ----a-w- d:\windows\system32\drivers\tcpip6.sys

2010-02-08 11:23 . 2010-01-16 19:07 7725 ----a-w- d:\windows\system32\tcpip.reg

2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini

2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- d:\arquivos de programas\instmsia.exe

2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-03-08 17:09 . 2010-04-25 18:01 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

2008-04-14 03:21 . 2010-04-25 18:01 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe

.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\winlogon.exe

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\ERDNT\cache\comctl32.dll

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\mshtml.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\mshtml.dll

[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\ERDNT\cache\mshtml.dll

[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\mshtml.dll

[7] 2010-02-25 . 6D179FBB1B42A3C33955652D3A38BFDF . 5946880 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll

[7] 2009-12-21 . B5A5C997C2F926C40CCC64A3BD377D4B . 5942784 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\mshtml.dll

[7] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll

[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\mshtml.dll

[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll

[7] 2009-10-22 . 61245C5B4B4F06058F4038DC2C7D9C72 . 5939712 . . [8.00.6001.18852] . . d:\windows\ie8updates\KB976325-IE8\mshtml.dll

[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . d:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll

[7] 2009-08-29 . DB337CCC2E1111068F0FFD08982810F7 . 5940224 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976749-IE8\mshtml.dll

[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll

[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . d:\windows\ie8updates\KB974455-IE8\mshtml.dll

[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll

[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll

[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\mshtml.dll

[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . d:\windows\ie8\mshtml.dll

[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . d:\windows\ie7updates\KB961260-IE7\mshtml.dll

[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . d:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[7] 2008-02-16 . 9D318F222A6FF820D92EC97F4F1935EC . 3087872 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll

[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . d:\windows\ie7updates\KB960714-IE7\mshtml.dll

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\ntoskrnl.exe

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\ERDNT\cache\ntoskrnl.exe

[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[7] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[7] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[7] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll

[7] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\wininet.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\wininet.dll

[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\ERDNT\cache\wininet.dll

[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\wininet.dll

[7] 2010-02-25 . D8E3E2FD8928B2BD8BEB2518C2E45ED1 . 919040 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll

[7] 2009-12-21 . 79805286A6D381A658A1871F6B3588B9 . 916480 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\wininet.dll

[7] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\wininet.dll

[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll

[7] 2009-08-29 . 83438BBF93CA586ED5149B1E1AA1BDBB . 916480 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976325-IE8\wininet.dll

[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . d:\windows\ie8updates\KB974455-IE8\wininet.dll

[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\wininet.dll

[7] 2008-12-21 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . d:\windows\ie8\wininet.dll

[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-02-16 . F3AD9DF6B30D5A3F67B5561109640958 . 668160 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\ntkrnlpa.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\ERDNT\cache\ntkrnlpa.exe

[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[7] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[7] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[7] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-05-04_22.16.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-05 12:42 . 2010-05-05 12:42 16384 d:\windows\temp\Perflib_Perfdata_304.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

"HonorAutoRunSetting"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoUpdateCheck"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]

@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]

[HKLM\~\startupfolder\^.mjsync_pt_BR]

path=\.mjsync_pt_BR

[HKLM\~\startupfolder\^catchme.exe]

path=\catchme.exe

[HKLM\~\startupfolder\^Desktop.rar]

path=\Desktop.rar

[HKLM\~\startupfolder\^dumphive.exe]

path=\dumphive.exe

[HKLM\~\startupfolder\^Favoritos.rar]

path=\Favoritos.rar

[HKLM\~\startupfolder\^haxoth2.txt]

path=\haxoth2.txt

[HKLM\~\startupfolder\^md5file.exe]

path=\md5file.exe

[HKLM\~\startupfolder\^moveex.exe]

path=\moveex.exe

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\ntuser.dat

[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]

path=\NTUSER.DAT.bak_jv16pt

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]

path=\NTUSER.DAT.tmp.LOG

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

[HKLM\~\startupfolder\^PrivacIE.rar]

path=\PrivacIE.rar

[HKLM\~\startupfolder\^process.exe]

path=\process.exe

[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]

path=\rebuilt.Menu Iniciar.rar

[HKLM\~\startupfolder\^rebuilt.UserData.rar]

path=\rebuilt.UserData.rar

[HKLM\~\startupfolder\^run2.hax]

path=\run2.hax

[HKLM\~\startupfolder\^swreg.exe]

path=\swreg.exe

[HKLM\~\startupfolder\^swsc.exe]

path=\swsc.exe

[HKLM\~\startupfolder\^tool_en.log]

path=\tool_en.log

[HKLM\~\startupfolder\^UserData.rar]

path=\UserData.rar

[HKLM\~\startupfolder\^vfind.exe]

path=\vfind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 03:20 40448 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 14:43 248040 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoogleDesktopManager-060409-093314"=3 (0x3)

"ZeppelinService"=2 (0x2)

"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=

"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/5/2010 15:00 135336]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [9/9/2009 20:15 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/4/2009 21:46 26568]

S3 HDDirect;Hard Disk Direct Control;d:\windows\system32\drivers\hddirect.sys [4/5/2010 15:34 12552]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/4/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-05-05 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

• d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-05 09:44

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(1300)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

• - - - - - - > 'lsass.exe'(1356)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\psbase.dll

• - - - - - - > 'explorer.exe'(3108)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\msi.dll

d:\arquivos de programas\CursorXP\CurXP0.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

d:\arquivos de programas\Java\jre6\bin\jqs.exe

d:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-05-05 09:47:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-05-05 12:47

ComboFix2.txt 2010-05-04 21:28

Pré-execução: 23 pasta(s) 41.903.718.400 bytes disponíveis

Pós execução: 21 pasta(s) 41.890.971.648 bytes disponíveis

• - End Of File - - 6D7C383267EEE2FC78B1C2035CDDC6F0

Editando :

Faltava o do USBFIX

############################## | UsbFix V6.055 |

User : edsom luis (Administradores) # EDIM

Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 10:02:49 | 5/5/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

AMD Sempron 2400+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 10.0.1.44 [ Enabled | Updated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 17,28 Go (9,52 Go free) # FAT32

D:\ -> Disco fixo local # 59 Go (39,04 Go free) # FAT32

E:\ -> Disco CD-ROM

############################## | Processos activos |

D:\WINDOWS\System32\smss.exe 1232

D:\WINDOWS\system32\csrss.exe 1276

D:\WINDOWS\system32\winlogon.exe 1300

D:\WINDOWS\system32\services.exe 1344

D:\WINDOWS\system32\lsass.exe 1356

D:\WINDOWS\system32\svchost.exe 1540

D:\WINDOWS\system32\svchost.exe 1620

D:\WINDOWS\System32\svchost.exe 628

D:\WINDOWS\system32\svchost.exe 724

D:\WINDOWS\system32\svchost.exe 988

D:\WINDOWS\system32\spoolsv.exe 1492

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe 1656

D:\WINDOWS\Explorer.EXE 1900

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe 232

D:\Arquivos de programas\Java\jre6\bin\jqs.exe 280

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe 660

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE 732

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 816

D:\WINDOWS\system32\wuauclt.exe 1016

D:\WINDOWS\system32\wbem\wmiapsrv.exe 940

D:\WINDOWS\system32\wbem\wmiprvse.exe 1040

D:\WINDOWS\System32\alg.exe 1084

D:\WINDOWS\system32\wbem\wmiprvse.exe 592

################## | Ficheiros # pastas infeciosos |

################## | Registro # Chaves infectieuses |

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

################## | Registro # Mountpoints2 |

################## | Listing |

[04/08/2004 05:38|-rahs----|47564] C:\NTDETECT.COM

[28/10/2001 18:06|-rahs----|4952] C:\Bootfont.bin

[25/11/2009 10:03|-rahs----|0] C:\MSDOS.SYS

[25/11/2009 10:03|-rahs----|0] C:\IO.SYS

[21/01/2009 11:15|-rahs----|251696] C:\ntldr

[23/04/2010 20:20|--ahs----|391] C:\boot.ini

[?|?|?] C:\pagefile.sys

[03/08/2004 23:00|--a------|261856] C:\cmldr

[01/03/2010 23:03|--a------|1388] C:\hpfr3500.log

[13/01/2006 16:24|--a------|2982] C:\CONFIG.SYS

[02/05/2010 17:45|--a------|6498] C:\bdlog.txt

[16/01/2010 06:31|--a------|13030] C:\PDOXUSRS.NET

[16/09/2005 16:14|--a------|2982] C:\CONFIG.003

[29/12/2005 17:09|--a------|2982] C:\CONFIG.004

[06/01/2006 00:38|--a------|2982] C:\CONFIG.005

[29/12/2005 12:35|--a------|24686] C:\29-12-05_1235.jpg

[25/11/2005 17:12|--a------|21442] C:\25-11-05_1712.jpg

[17/06/2005 16:13|--a------|4718826] C:\(ok) Depeche Mode - The singles 86-98 -cd1-4- Strangelove.mp3

[28/10/2005 10:15|--a------|1895713] C:\Disco1.zip

[25/01/2002 12:07|--a------|578] C:\Config.Ini

[26/10/2008 17:38|--a------|251392] C:\iertutil.dll

[31/05/2005 20:30|--a------|23] C:\CONFIG.002

[26/10/2008 08:49|--a------|1132032] C:\PROPOSTA PRINCIPAL.doc

[26/10/2008 08:51|--a------|404992] C:\BRASILIA GERAL.doc

[26/10/2008 08:54|--a------|110080] C:\PROPOSTA BLINDAGEM 2.doc

[26/10/2008 08:57|--a------|106496] C:\PROPOSTA BLINDAGEM ARQUITETONICA 2.doc

[26/10/2008 08:59|--a------|1130496] C:\PROPOSTA LOGISTICA.doc

[?|?|?] D:\pagefile.sys

[02/04/2009 10:42|-r-hs----|48] D:\boot.ini

[03/05/2010 19:18|--a------|11127] D:\lopR.txt

[05/05/2010 09:47|--a------|38749] D:\ComboFix.txt

[29/04/2010 11:04|--a------|5091] D:\TB.txt

[27/04/2010 13:28|--a------|6770] D:\PureRa.txt

[30/04/2010 19:00|--a------|894] D:\HaxFix.txt

[30/04/2010 19:12|--a------|811] D:\cleannavi.txt

[04/04/2010 13:04|--a------|537842] D:\HaxFix.exe

[09/04/2007 09:58|--a------|1588659] D:\data1.cab

[02/12/2008 17:18|---------|43] D:\GABRIEL FOTO.gif

[02/12/2008 17:19|---------|43] D:\b.gif

[09/04/2007 09:58|--a------|21328] D:\data1.hdr

[09/04/2007 09:58|--a------|512] D:\data2.cab

[25/04/2010 18:35|--a------|14448] D:\SAFEBOOT_REPAIR.TXT

[05/05/2010 10:03|--a------|4755] D:\UsbFix.txt

[17/04/2009 21:18|---------|69] D:\AskScreen.ini

[29/12/2009 20:15|---------|209] D:\msnvirremOLD.log

[20/01/2007 03:43|--a------|492032] D:\ISSetup.dll

[09/04/2007 09:58|--a------|455] D:\layout.bin

[09/04/2007 09:58|--a------|702] D:\setup.ini

[09/04/2007 09:58|--a------|212839] D:\setup.inx

[28/08/2006 15:23|--a------|527] D:\setup.iss

[22/12/2004 13:18|--a------|106496] D:\stkbtnpn.dll

[13/04/2007 16:32|--a------|2551] D:\SWI.XML

[13/04/2007 07:20|--a------|11263] D:\tkbtnpn.cat

[09/04/2007 09:59|--a------|35609] D:\tkbtnpn.inf

[15/11/2005 10:03|--a------|7463] D:\tkbtnpn.sys

[28/08/2006 13:48|--a------|1490999] D:\tkbtnpn1.dll

[18/05/2006 00:21|--a------|385968] D:\_Setup.dll

[17/06/2005 13:41|---------|30740480] D:\Titãs - Isso.mpg

[19/06/2005 20:52|---------|36] D:\klextlock.dat

[17/06/2005 22:04|---------|2899913] D:\Balão Mágico - Se Enamora.mp3

[17/06/2005 22:00|---------|3344634] D:\Balão Mágico - Amigos Para Sempre.mp3

[17/06/2005 22:22|---------|1825071] D:\Balão Mágico - Amigos do Peito.wma

[17/06/2005 22:34|---------|3454976] D:\balao magico - zip e zap.mp3

[17/06/2005 22:37|---------|2656256] D:\balao magico - Eu e Voce.mp3

[18/06/2005 13:04|---------|2080047] D:\U2 & INXS-liveMexico.mp3

[18/06/2005 11:01|---------|2936114] D:\Ai Meu Nariz.mp3

################## | Vaccinação |

C:\autorun.inf -> Folder criado por UsbFix.

D:\autorun.inf -> Folder criado por UsbFix.

################## | Suspeito | http://www.virustotal.com |

################## | Cracks / Keygens / Serials |

################## | Upload |

Favor enviar o arquivo : D:\DOCUME~1\EDSOML~1\Desktop\UsbFix_Upload_Me_EDIM.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

################## | ! Fim do relatório # UsbFix V6.055 ! |

Abraços

Boa Tarde! EDSSX

################## | Upload | 

Favor enviar o arquivo : D:\DOCUME~1\EDSOML~1\Desktop\UsbFix_Upload_Me_EDIM.zip : http://chiquitine.ch...mple/Upload.php

Obrigado pela sua contribuição.

<!> Caso queira,contribua enviando o arquivo em destaque.

00000000000000000000000

00000000000000000000000

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

< /applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" /> >

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: D:\ComboFix <-- A pasta! + D:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\combofix" /uninstall

<@> Clique OK.

00000000000000000000000

00000000000000000000000

<@> Baixe: < TFC > ( by Old Timer )

<!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html >

<@> Salve-o no desktop!

<@> Feche todos os programas! ( Internet,navegador,etc... )

<@> Execute TFC.exe,com um duplo-clique.

<@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador

<@> Clique em Start --> Aguarde!

<@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot )

00000000000000000000000

00000000000000000000000

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit --> "File" --> "Database Update". < /applications/core/interface/imageproxy/imageproxy.php?img=http://rathat.geekstogo.com/images/AVZupdate.jpg&key=8c23af09971effb8f456872cd9bd2a8657223c852582ddc2fa9b8810c88e2290" alt="AVZupdate.jpg" /> >

<@> Concluindo,não faça nenhuma verificação!

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine" <-- Somente esta caixa!

<@> No menu "Search parameters",marque todas as caixinhas e deixe o ajuste "Heuristic analyses" em "Minimum heuristics mode".

<@> Ps: Não desmarque as que vieram assinaladas por default.

<@> Feche programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato texto. ( **.txt* )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

Abraços!

Bom dia ! DigRam

Com os nossos proçedimentos de desinfecção supra, já consta um bom resultado; pois ao ligar o sistema o guarda chuva do avira abre sozinho rsrsrs .

Ratifica que quando ligar o pc e o guarda chuva não abrir, sinal de contaminação rootkit .

Ainda o avira antirootkit, não abre; pois pode estar relacionado à contaminação de rootkits ou não . Ainda consta a janela/mensagem logo infra .

http://forum.imasters.com.br/index.php?/topic/389694-mensagem-de-erro/page__pid__1529616__st__0entry1529616

/applications/core/interface/imageproxy/imageproxy.php?img=http://img35.imageshack.us/img35/4118/screenshot001zz.th.png&key=1b9f2e8d14e213422e1c9d8112d915ea3402526a472ae0cfdb67717b9125d428" alt="screenshot001zz.th.png" />

Segue os logs.

Avz_log.txt :

AVZ Antiviral Toolkit log; AVZ version is 4.32

Scanning started at 6/5/2010 07:01:25

Database loaded: signatures - 271941, NN profile(s) - 2, malware removal microprograms - 56, signature database released 05.05.2010 23:53

Heuristic microprograms loaded: 383

PVS microprograms loaded: 9

Digital signatures of system files loaded: 199341

Heuristic analyzer mode: Minimum heuristics mode

Malware removal mode: enabled

Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=083220)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 8055A220

KiST = 804E26B8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analyzing CPU 1

CmpCallCallBacks = 0013AA8E

Disable callback - óæå íåéòèðàëèçîâàíû

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking IRP handlers

Checking - complete

2. Scanning RAM

Number of processes found: 26

Number of modules loaded: 345

Scanning RAM - complete

3. Scanning disks

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

D:\WINDOWS\system32\hnetcfg.dll --> Suspicion for Keylogger or Trojan DLL

D:\WINDOWS\system32\hnetcfg.dll>>> Behaviour analysis

Behaviour typical for keyloggers was not detected

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious software

In the database 317 port descriptions

Opened at this PC: 12 TCP ports and 13 UDP ports

Checking - complete; no suspicious ports detected

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: TlntSvr (Telnet)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

Checking - complete

Files scanned: 371, extracted from archives: 0, malicious software found 0, suspicions - 0

Scanning finished at 6/5/2010 07:02:07

Time of scanning: 00:00:44

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

View_log.txt:

D:\WINDOWS\system32\hnetcfg.dll;5;Suspicion for Keylogger or Trojan DLL

Abraços

Boa Noite! EDSSX

Ratifica que quando ligar o pc e o guarda chuva não abrir, sinal de contaminação rootkit.

<!> Não podemos generalizar esse fato! Onde já tive casos,na qual esse fechamento não teve relação com rootkits.

Ainda o avira antirootkit, não abre; pois pode estar relacionado à contaminação de rootkits ou não . Ainda consta a janela/mensagem logo infra.

<!> Essa ferramenta,é standalone e dependente do bom funcionamento do antivírus Avira,já que compartilham um driver de detecção RK.

<!> < Avira Support Forum >

<!> Busque no Avira Support Forum,solução para esse problema.

00000000000000000000000

ooooooooooooooooooooooo

<@> Acesse: < jotti.org >

<@> Em File to upload,coloque: D:\WINDOWS\system32\hnetcfg.dll

<@> Em seguida,clique em < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1.tinypic.com/688godt.jpg&key=af964c7063a589fb848a86a08a362b70af2cc6ac0c6df895aa469059716e0691" alt="688godt.jpg" /> >

<@> Copie e poste,o resultado deste exame.

00000000000000000000000

ooooooooooooooooooooooo

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações sob o CODE:

beginSearchRootkit(true, true);SetAVZGuardStatus(True);ClearHostsFile;DeleteFileMask('%Tmp%','.',true);BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Terminando,clique em "Save".

<@> Salve este relatório no desktop,nomeado como: AVZScript.log <-- Poste!

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

00000000000000000000000

<!> Ps: Segundo sua postagem desse problema,na área Software,você relata que outros programas são/foram afetados pelo bug. Isso é correto?

Abraços!

Bom dia !

Segue o resultado :

Nome do arquivo: hnetcfg.dll

Status:

Verificação finalizada. 0 dos 20 antivírus encontrou vírus..

Verificado em: Sáb 8 Mai 2010 15:07:18 (CET) Link do resultado

Informações do arquivo

Tamanho: 371200 bytes

Tipo: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

MD5: d76037a91e597bf70ad0b26f7d914adb

SHA1: 97cfcdbdb08a6d7593531b3b31233edd32cc87ea

Antivírus

[ArcaVir]

2010-05-07 Nada encontrado

[F-Secure Anti-Virus]

2010-05-08 Nada encontrado

[A-Squared]

2010-05-08 Nada encontrado

[G DATA]

2010-05-08 Nada encontrado

[Avast! antivirus]

2010-05-08 Nada encontrado

[ikarus]

2010-05-08 Nada encontrado

[Grisoft AVG Anti-Virus]

2010-05-08 Nada encontrado

[Kaspersky Anti-Virus]

2010-05-07 Nada encontrado

[Avira AntiVir]

2010-05-07 Nada encontrado

[ESET NOD32]

2010-05-07 Nada encontrado

[softwin BitDefender]

2010-05-08 Nada encontrado

[Panda Antivirus]

2010-05-08 Nada encontrado

[ClamAV]

2010-05-08 Nada encontrado

[Quick Heal]

2010-05-08 Nada encontrado

[CPsecure]

2010-05-07 Nada encontrado

[sophos]

2010-05-05 Nada encontrado

[Dr.Web]

2010-05-08 Nada encontrado

[VirusBlokAda VBA32]

2010-05-06 Nada encontrado

[Frisk F-Prot Antivirus]

2010-05-08 Nada encontrado

[VirusBuster]

2010-05-07 Nada encontrado

Ao fazer os proçedimentos e logo em seguida reinicia o pc, não é gerado o log AVZScript.log; pois ao reiniciar o sistema o programa fecha , não reabrindo sozinho; inclusive desfazendo as úttimas configurações; mesmo assim salvei o AVZScript.log; mas na hora de abrir ; está vazio .

Segundo sua postagem desse problema,na área Software,você relata que outros programas são/foram afetados pelo bug. Isso é correto?

Não, nada disso . Não é correto .

Obrigado e abraços

Boa Tarde! EDSSX

Não, nada disso . Não é correto.

<!> Então não há motivo para manter essa ferramenta instalada em sua máquina,tendo o Avira. Já que esse antivírus,possui detecção antirootkit.

<!> Ps: Caso queira uma ferramenta independente,sugiro: < AVG Anti-Rootkit1.1.0.42 >

Abraços!

Bom dia !

DigRam

OK, se os processos de limpeza de malwares acabaram; fineza encerrar o tópico

Abraços e obrigado

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.