[Resolvido!] Pc faz barulho como uma catraca

[EDSSX 0]

Bom dia !

 

Ao navegar pelo IE/principalmente no site da MS minha máquina faz barulho como uma catraca e um ronco .

 

Vírus ? Conficker ? Me ajudem . Segue log do HijackThis ( Limpo , entretanto ele não detecta tudo no pc )

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:36:23, on 21/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para HiJackThis(2).zip\HijackThis.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\WINDOWS\j459kdf9n6r0e5.PAC

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - D:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - D:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5396 bytes

 

 

Grato

[EDSSX 0]

Boa Tarde !

 

Usar o editor completo seria uma editação nos tópicos do fórum ?

 

Me desculpem ja vi que não pois ao postar este logo abaixo saiu a opção editar, sendo que não tinha mais a opção editar para o post acima .

 

Conforme o scan do ToolBar S&D infra detectou 3 rootkit . Como remove - los ?

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ )

BIOS : Version 07.00T

USER : edsom luis ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - FAT32 - Total:17 Go (Free:7 Go)

D:\ (Local Disk) - FAT32 - Total:59 Go (Free:41 Go)

E:\ (CD or DVD)

 

"D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 21/07/2009|17:26 )

 

-----------\\ REMOVIDOS

 

Deletado! - D:\Arquivos de programas\Crawler\Toolbar

Deletado! - D:\Arquivos de programas\Crawler

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(edsom luis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(edsom luis) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

(edsom luis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Start Page"="http://www.msn.com"

"First Home Page"="http://g.msn.com/1me10IE8ENUS/701"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ ROOTKIT !!

 

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HOOKSYS]

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HOOKSYS]

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]

 

 

 

 

1 - "D:\ToolBar SD\TB_1.txt" - 21/07/2009|17:28 - Option : [2]

 

-----------\\ Verificação completa em 17:28:28,20

 

Grato

[EDSSX 0]

Boa Tarde!

 

Conforme MP ao moderador; posto novos logs cfe. infra :

 

Segue novo log do ToolBar S&D; constando 3 rootkits pandex :

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron 2400+ )

BIOS : Version 07.00T

USER : edsom luis ( Administrator )

BOOT : Normal boot

Antivirus : Trend Micro Internet Security 17.1.1171 (Not Activated)

Firewall : Trend Micro Personal Firewall 5.5 (Activated)

A:\ (USB)

C:\ (Local Disk) - FAT32 - Total:17 Go (Free:7 Go)

D:\ (Local Disk) - FAT32 - Total:59 Go (Free:41 Go)

E:\ (CD or DVD)

 

"D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 01/08/2009|16:01 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(edsom luis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(edsom luis) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload

(edsom luis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Start Page"="http://portuguese.ircfast.com/pt/index.php?rvs=hompag"'>http://portuguese.ircfast.com/pt/index.php?rvs=hompag"

"Search Page"="http://portuguese.ircfast.com/pt/index.php?rvs=hompag"'>http://portuguese.ircfast.com/pt/index.php?rvs=hompag"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://portuguese.ircfast.com/pt/index.php?rvs=hompag"'>http://portuguese.ircfast.com/pt/index.php?rvs=hompag"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ ROOTKIT !!

 

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HOOKSYS]

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HOOKSYS]

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]

 

 

 

 

1 - "D:\ToolBar SD\TB_1.txt" - 01/08/2009|16:03 - Option : [2]

 

-----------\\ Verificação completa em 16:03:05,25

 

Segue novo log do HijackThis; limpo entretanto ele não detecta tudo no pc .

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:11, on 01/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\WINDOWS\j459kdf9n6r0e5.PAC

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5164 bytes

 

 

Grato

[DigRam 144]

Boa Noite! EDSSX

 

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events". <-- Ps: Isso reduzirá o tamanho do relatório!

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[EDSSX 0]

Boa Noite !

 

Desculpe mas eu ia editar ( não deu , pois pc derrepente travava e com lentidão; e ainda para ajudar acabou a energia ) para postar log infra, antes de vossa/algum analista responder . A raiz/camuflagem de todo este problema ( dos rootkits ) esta aqui no log abaixo . Como remove - los ? Na minha próxima resposta, postarei o resultado do AVPTool > ( by Kaspersky Labs ) e o HijackThis atualizado e / ou editando aqui .

 

Attention !!! Database was last updated 08/02/2009 it is necessary to update the bases using automatic updates (File/Database update)

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 01/08/2009 21:01:31

Database loaded: signatures - 209302, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.02.2009 18:56

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 91560

Heuristic analyzer mode: Maximum heuristics level

Healing mode: disabled

Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=083220)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 8055A220

KiST = 804E26A8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 31

Analyzer: process under analysis is 936 D:\WINDOWS\system32\winlogon.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 1180 D:\ARQUIV~1\GbPlugin\GbpSv.exe

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

Analyzer: process under analysis is 196 D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 320 D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Listens on HTTP ports !

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 336 D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Process d:\arquivos de programas\windows live\messenger\msnmsgr.exe Contains network functionality (inetres.dll)

Analyzer: process under analysis is 364 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 768 D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 892 D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

Analyzer: process under analysis is 1648 D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 2224 D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

[ES]:Contains network functionality

[ES]:Listens on HTTP ports !

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 3736 D:\WINDOWS\system32\notepad.exe

[ES]:Located in system folder

Number of modules loaded: 394

Scanning memory - complete

3. Scanning disks

C:\WINDOWS\system32\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINDOWS\system32\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINDOWS\system32\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINXP\system32\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINXP\system32\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\WINXP\system32\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

D:\WINDOWS\system32\mstask.dll --> Suspicion for Keylogger or Trojan DLL

D:\WINDOWS\system32\mstask.dll>>> Behavioural analysis

Behaviour typical for keyloggers not detected

D:\WINDOWS\system32\ntshrui.dll --> Suspicion for Keylogger or Trojan DLL

D:\WINDOWS\system32\ntshrui.dll>>> Behavioural analysis

Behaviour typical for keyloggers not detected

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 110107, extracted from archives: 85568, malicious software found 0, suspicions - 0

Scanning finished at 01/08/2009 22:06:12

Time of scanning: 01:04:43

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

 

Obrigado pela vossa atenção .

[EDSSX 0]

Bom dia !

 

Não estava sendo possivel editar cfe. figura abaixo :

 

 

Segue abaixo relatório do Kaspersky removal tool :

 

Scan

----

Scanned: 3771

Detected: 0

Untreated: 0

Start time: 02/08/2009 00:12:38

Duration: 00:04:17

Finish time: 02/08/2009 00:16:55

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

Segue novo log do HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:55, on 02/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Configurações locais\temp\avz4\avz4\avz.exe

D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\is-5FQT2\is-5FQT2.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\WINDOWS\j459kdf9n6r0e5.PAC

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Startup: is-5FQT2.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\is-5FQT2\startup.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5974 bytes

 

 

Grato

[EDSSX 0]

Bom dia !

 

 

 

Não estava sendo possivel editar a resposta/post supra cfe. erro na figura infra :

 

 

Clica 3 vezes que amplia .

 

Segue abaixo relatório do Kaspersky removal tool no modo seguro :

 

 

 

Scan

----

Scanned: 1621

Detected: 0

Untreated: 0

Start time: 02/08/2009 01:13:37

Duration: 00:02:44

Finish time: 02/08/2009 01:16:21

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

Segue novo log do HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:30:27, on 02/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\is-5FQT2\is-5FQT2.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\WINDOWS\j459kdf9n6r0e5.PAC

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Startup: is-5FQT2.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\is-5FQT2\startup.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5892 bytes

 

 

Grato

[DigRam 144]

Bom Dia! EDSSX

 

<@> Baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[EDSSX 0]

Bom dia ! DigRam

 

Segue log do Malwarebytes :

 

Malwarebytes' Anti-Malware 1.39

Versão do banco de dados: 2542

Windows 5.1.2600 Service Pack 3

 

02/08/2009 09:31:19

mbam-log-2009-08-02 (09-31-19).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 231042

Tempo decorrido: 2 hour(s), 25 minute(s), 45 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Segue novo log do HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:49:17, on 02/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Configurações locais\temp\avz4\avz4\avz.exe

D:\WINDOWS\system32\notepad.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\WINDOWS\j459kdf9n6r0e5.PAC

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5320 bytes

 

Em relação à raiz/camuflagem dos rootkits; ao rodar o Avz Antiviral Toolkit 4 com uma configuração mais avançada/minuciosa , cfe. log infra perçebe se que removendo os mesmos para a quarentena automático consta falha de remoção .

 

 

Attention !!! Database was last updated 08/02/2009 it is necessary to update the bases using automatic updates (File/Database update)

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 02/08/2009 03:34:51

Database loaded: signatures - 209302, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.02.2009 18:56

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 91560

Heuristic analyzer mode: Maximum heuristics level

Healing mode: disabled

Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=083220)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 8055A220

KiST = 804E26A8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 30

Analyzer: process under analysis is 940 D:\WINDOWS\system32\winlogon.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 1188 D:\ARQUIV~1\GbPlugin\GbpSv.exe

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

Analyzer: process under analysis is 236 D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 380 D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 436 D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Process d:\arquivos de programas\windows live\messenger\msnmsgr.exe Contains network functionality (inetres.dll)

Analyzer: process under analysis is 452 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 688 D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 580 D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

Analyzer: process under analysis is 1572 D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 2768 D:\WINDOWS\system32\rundll32.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

Analyzer: process under analysis is 244 D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

[ES]:Contains network functionality

[ES]:Loads RASAPI DLL - may use dialing ?

Number of modules loaded: 399

Scanning memory - complete

3. Scanning disks

C:\WINDOWS\system32\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\system32\more.com)

C:\WINDOWS\system32\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\system32\format.com)

C:\WINDOWS\system32\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\system32\tree.com)

C:\WINXP\system32\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINXP\system32\format.com)

C:\WINXP\system32\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINXP\system32\more.com)

C:\WINXP\system32\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINXP\system32\tree.com)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

D:\WINDOWS\system32\mstask.dll --> Suspicion for Keylogger or Trojan DLL

D:\WINDOWS\system32\mstask.dll>>> Behavioural analysis

Behaviour typical for keyloggers not detected

File quarantined succesfully (D:\WINDOWS\system32\mstask.dll)

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 110111, extracted from archives: 85568, malicious software found 0, suspicions - 0

Scanning finished at 02/08/2009 04:18:02

Time of scanning: 00:43:13

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

Automatic Quarantining in progress

File quarantined succesfully (D:\WINDOWS\system32\comctl32.dll)

File quarantined succesfully (D:\WINDOWS\System32\COMRes.dll)

File quarantined succesfully (D:\WINDOWS\system32\hnetcfg.dll)

File quarantined succesfully (D:\WINDOWS\system32\ole32.dll)

File quarantined succesfully (D:\WINDOWS\system32\SHELL32.dll)

File quarantined succesfully (D:\WINDOWS\system32\USER32.dll)

File quarantined succesfully (D:\WINDOWS\system32\USERENV.dll)

File quarantined succesfully (D:\WINDOWS\System32\UxTheme.dll)

File quarantined succesfully (D:\WINDOWS\System32\xpsp2res.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\avgnt.exe)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\avipc.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccgen.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccgenrc.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccgrdrc.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccguard.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\cclib.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\cclic.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\cclicrc.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccmsg.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccupdate.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\ccupdrc.dll)

File quarantined succesfully (D:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\avguard.exe)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aecore.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aegen.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aehelp.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aeheur.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aeoffice.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aepack.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aerdl.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aescn.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aescript.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\aevdf.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\AVEvtLog.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\AVGIO.DLL)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\AVPREF.DLL)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\guardmsg.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\SMTPLIB.DLL)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\unacev2.dll)

File quarantined succesfully (D:\WINDOWS\system32\wintrust.dll)

File quarantined succesfully (D:\WINDOWS\system32\comdlg32.dll)

File quarantined succesfully (D:\WINDOWS\System32\CSCDLL.dll)

File quarantined succesfully (D:\WINDOWS\System32\cscui.dll)

File quarantined succesfully (D:\WINDOWS\system32\SETUPAPI.dll)

File quarantined succesfully (D:\WINDOWS\system32\sxs.dll)

File quarantined succesfully (D:\WINDOWS\system32\winsrv.dll)

File quarantined succesfully (d:\windows\explorer.exe)

File quarantined succesfully (D:\WINDOWS\system32\Audiodev.dll)

File quarantined succesfully (D:\WINDOWS\system32\BatMeter.dll)

File quarantined succesfully (D:\WINDOWS\system32\BROWSEUI.dll)

File quarantined succesfully (D:\WINDOWS\system32\credui.dll)

File quarantined succesfully (D:\WINDOWS\system32\CRYPTUI.dll)

File quarantined succesfully (D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll)

File quarantined succesfully (D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll)

File quarantined succesfully (D:\WINDOWS\system32\midimap.dll)

File quarantined succesfully (D:\WINDOWS\system32\MSGINA.dll)

File quarantined succesfully (D:\WINDOWS\system32\msi.dll)

File quarantined succesfully (D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll)

File quarantined succesfully (D:\WINDOWS\system32\mydocs.dll)

File quarantined succesfully (D:\WINDOWS\system32\NETSHELL.dll)

File quarantined succesfully (D:\WINDOWS\system32\ntshrui.dll)

File quarantined succesfully (D:\WINDOWS\system32\odbcint.dll)

File quarantined succesfully (D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll)

File quarantined succesfully (D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB)

File quarantined succesfully (D:\WINDOWS\system32\SHDOCVW.dll)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\shlext.dll)

File quarantined succesfully (D:\WINDOWS\system32\stobject.dll)

File quarantined succesfully (D:\WINDOWS\system32\themeui.dll)

File quarantined succesfully (D:\WINDOWS\system32\webcheck.dll)

File quarantined succesfully (D:\WINDOWS\system32\wpdshext.dll)

File quarantined succesfully (d:\arquivos de programas\mozilla firefox 3.5 preview\firefox.exe)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\components\browserdirprovider.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\components\brwsrcmp.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\freebl3.dll)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopAPI2.dll)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCommon.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopResources_pt_br.dll)

File quarantined succesfully (D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll)

File quarantined succesfully (D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\js3250.dll)

File quarantined succesfully (D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll)

File quarantined succesfully (D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\MOZCRT19.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\nspr4.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\nss3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\nssckbi.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\nssdbm3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\nssutil3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\plc4.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\plds4.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\smime3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\softokn3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\sqlite3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\ssl3.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\xpcom.dll)

File quarantined succesfully (D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\xul.dll)

File quarantined succesfully (d:\arquiv~1\gbplugin\gbpsv.exe)

File quarantined succesfully (d:\arquivos de programas\google\google desktop search\googledesktop.exe)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopHyper.dll)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\GoogleServices.DLL)

File quarantined succesfully (D:\Arquivos de programas\Google\Google Desktop Search\gzlib.dll)

File quarantined succesfully (d:\arquivos de programas\iolo\common\lib\ioloservicemanager.exe)

File quarantined succesfully (D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll)

File quarantined succesfully (D:\WINDOWS\system32\mscoree.dll)

File quarantined succesfully (D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll)

File quarantined succesfully (D:\WINDOWS\system32\psbase.dll)

File quarantined succesfully (d:\arquivos de programas\malwarebytes' anti-malware\mbam.exe)

File quarantined succesfully (D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.dll)

File quarantined succesfully (D:\Arquivos de programas\Malwarebytes' Anti-Malware\ssubtmr6.dll)

File quarantined succesfully (D:\Arquivos de programas\Malwarebytes' Anti-Malware\vbalsgrid6.ocx)

File quarantined succesfully (D:\Arquivos de programas\Malwarebytes' Anti-Malware\zlib.dll)

File quarantined succesfully (D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\1046\mdmui.dll)

File quarantined succesfully (d:\arquivos de programas\windows live\messenger\msnmsgr.exe)

File quarantined succesfully (D:\WINDOWS\system32\inetres.dll)

File quarantined succesfully (D:\Arquivos de programas\Windows Live\Messenger\lcres.dll)

File quarantined succesfully (D:\Arquivos de programas\Windows Live\Messenger\msgslang.8.5.1302.1018.dll)

File quarantined succesfully (d:\arquivos de programas\gadwin systems\printscreen\printscreen.exe)

File quarantined succesfully (d:\windows\system32\rundll32.exe)

File quarantined succesfully (D:\WINDOWS\system32\shimgvw.dll)

File quarantined succesfully (d:\arquivos de programas\avira\antivir desktop\sched.exe)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\schedr.dll)

File quarantined succesfully (d:\arquivos de programas\microsoft\search enhancement pack\seaport\seaport.exe)

File quarantined succesfully (D:\WINDOWS\system32\msxml3.dll)

File quarantined succesfully (D:\WINDOWS\system32\sfc_os.dll)

File quarantined succesfully (D:\WINDOWS\System32\RASDLG.dll)

File quarantined succesfully (D:\WINDOWS\System32\unimdm.tsp)

File quarantined succesfully (d:\windows\system32\winlogon.exe)

Quarantine file: failed (error), attempt of direct disk reading (D:\WINDOWS\system32\DRIVERS\72038187.sys)

Quarantine file (direct disk reading) "%S" - failed (error)

File quarantined succesfully (D:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys)

File quarantined succesfully (D:\WINDOWS\system32\DRIVERS\avgntflt.sys)

File quarantined succesfully (D:\WINDOWS\system32\DRIVERS\avipbb.sys)

File quarantined succesfully (D:\WINDOWS\system32\Drivers\GbpKm.sys)

File quarantined succesfully (D:\WINDOWS\system32\drivers\mbamswissarmy.sys)

File quarantined succesfully (D:\WINDOWS\system32\DRIVERS\ssmdrv.sys)

File quarantined succesfully (D:\WINDOWS\system32\drivers\tmcomm.sys)

File quarantined succesfully (D:\WINDOWS\system32\DRIVERS\XPVCOM.sys)

Quarantine file: failed (error), attempt of direct disk reading (is-5FQT2drv.sys)

Quarantine file (direct disk reading) "%S" - failed (error)

File quarantined succesfully (D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe)

File quarantined succesfully (D:\WINDOWS\system32\cleanmgr.exe)

File quarantined succesfully (D:\WINDOWS\system32\digest.dll)

File quarantined succesfully (D:\WINDOWS\system32\gptext.dll)

File quarantined succesfully (D:\WINDOWS\system32\ntbackup.exe)

File quarantined succesfully (D:\WINDOWS\system32\Magnify.exe)

File quarantined succesfully (D:\WINDOWS\system32\osk.exe)

File quarantined succesfully (D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll)

File quarantined succesfully (D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

File quarantined succesfully (D:\WINDOWS\system32\mmsys.cpl)

File quarantined succesfully (D:\WINDOWS\system32\icmui.dll)

File quarantined succesfully (D:\WINDOWS\system32\deskadp.dll)

File quarantined succesfully (D:\WINDOWS\system32\deskmon.dll)

File quarantined succesfully (D:\WINDOWS\system32\shscrap.dll)

File quarantined succesfully (D:\WINDOWS\system32\diskcopy.dll)

File quarantined succesfully (D:\WINDOWS\system32\ntlanui2.dll)

File quarantined succesfully (D:\WINDOWS\system32\printui.dll)

File quarantined succesfully (D:\WINDOWS\system32\syncui.dll)

File quarantined succesfully (D:\WINDOWS\system32\fontext.dll)

File quarantined succesfully (D:\WINDOWS\system32\deskperf.dll)

File quarantined succesfully (D:\WINDOWS\system32\wiashext.dll)

File quarantined succesfully (D:\WINDOWS\system32\remotepg.dll)

File quarantined succesfully (D:\WINDOWS\system32\sendmail.dll)

Quarantine file: failed (error), attempt of direct disk reading (rundll32.exe D:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4})

Quarantine file (direct disk reading) "%S" - failed (error)

File quarantined succesfully (D:\WINDOWS\system32\netplwiz.dll)

File quarantined succesfully (D:\WINDOWS\system32\zipfldr.dll)

File quarantined succesfully (D:\WINDOWS\system32\msieftp.dll)

File quarantined succesfully (D:\WINDOWS\system32\dsquery.dll)

File quarantined succesfully (D:\WINDOWS\system32\dsuiext.dll)

File quarantined succesfully (D:\WINDOWS\system32\photowiz.dll)

File quarantined succesfully (D:\WINDOWS\System32\mmcshext.dll)

File quarantined succesfully (D:\WINDOWS\system32\cabview.dll)

File quarantined succesfully (D:\Arquivos de programas\Outlook Express\wabfind.dll)

File quarantined succesfully (D:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL)

File quarantined succesfully (D:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL)

File quarantined succesfully (D:\WINDOWS\system32\dfshim.dll)

File quarantined succesfully (D:\WINDOWS\system32\wuaucpl.cpl)

File quarantined succesfully (D:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe)

Quarantine file: failed (error), attempt of direct disk reading (System)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (System)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (System)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (System)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (System)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (mscoree.dll)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (mscoree.dll)

Quarantine file (direct disk reading) "%S" - failed (error)

Quarantine file: failed (error), attempt of direct disk reading (mscoree.dll)

Quarantine file (direct disk reading) "%S" - failed (error)

File quarantined succesfully (D:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll)

File quarantined succesfully (D:\WINDOWS\system32\itss.dll)

File quarantined succesfully (D:\WINDOWS\system32\LegitCheckControl.DLL)

File quarantined succesfully (D:\WINDOWS\system32\UfWSC.cpl)

File quarantined succesfully (D:\WINDOWS\system32\Firebird2Control.cpl)

File quarantined succesfully (D:\WINDOWS\system32\desk.cpl)

File quarantined succesfully (D:\WINDOWS\system32\hdwwiz.cpl)

File quarantined succesfully (D:\WINDOWS\system32\intl.cpl)

File quarantined succesfully (D:\WINDOWS\system32\irprops.cpl)

File quarantined succesfully (D:\WINDOWS\system32\joy.cpl)

File quarantined succesfully (D:\WINDOWS\system32\main.cpl)

File quarantined succesfully (D:\WINDOWS\system32\ncpa.cpl)

File quarantined succesfully (D:\WINDOWS\system32\nusrmgr.cpl)

File quarantined succesfully (D:\WINDOWS\system32\odbccp32.cpl)

File quarantined succesfully (D:\WINDOWS\system32\powercfg.cpl)

File quarantined succesfully (D:\WINDOWS\system32\sysdm.cpl)

File quarantined succesfully (D:\WINDOWS\system32\telephon.cpl)

File quarantined succesfully (D:\WINDOWS\system32\timedate.cpl)

File quarantined succesfully (D:\WINDOWS\system32\wscui.cpl)

Automatic Quarantining - complete

Creating archive of files from Quarantine

Creating archive of files from Quarantine - complete

Executing standard script: 5. Update signature database with automatic settings

Starting automatic update

Update parameters:Use Internet Explorer settings

Automatic update - complete successfully

AV database (according to IE settings) updated successfully

Executing standard script: 6. Delete all AVZ drivers and registry keys

Deleting service/driver: AVZRK

Deleting service/driver: AVZSG

Deleting service/driver: AVZ

Deleting service/driver: utmyoti3

Delete file:D:\WINDOWS\system32\Drivers\utmyoti3.sys

Deleting service/driver: ujmyoti3

Deleting service/driver: uzmyoti3

Deleting service/driver: vdmyoti3

 

 

Grato

[DigRam 144]

Bom Dia! EDSSX

 

<!> Por gentileza...pare de postar relatórios de ferramentas não solicitadas.

<!> Com relação ao toolkit,seu uso é perigoso nos fixes automáticos. Cabe,portanto,ao analista,estabelecer script para remoções mais seguras. Portanto,restaure tudo que foi quarantinado.

<><><><><><><><><><><>

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local (D).

<@> Execute-a!E,ao terminar,gerará um relatório: D:\SafeBoot_Repair.txt <-- Não poste!

<@> Verifique se já pode entrar,em Modo de Segurança!

<><><><><><><><><><><>

<@> Baixe: < DrWebCureIt >

<@> Caso tenha dificuldades para o download,utilize outro computador ou proxy.

<@> Vá em: < Proxify >

<@> Digite,na caixa,a URL ao DrWebCureIt.

<@> Clique em Proxify.

<@> Salve a ferramenta no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[EDSSX 0]

Boa Tarde!

 

O DrWebCureIt não quer rodar, seja qualquer dos modos; ele fecha automático .

 

O modo de segurança foi reparado .

 

Enquanto a infecções para a quarentena, frisei supra que cfe. a varredura do Avz antiviral elas não foram removidas para a mesma pois constou falha na remoção .

 

 

Grato

[DigRam 144]

Boa Noite! EDSSX

 

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

<><><><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\Desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: D:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[EDSSX 0]

Boa Noite !

 

Segue log do Norman Malware Cleaner :

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/08/03 09:27:34

 

Norman Scanner Engine Version: 6.01.09

Nvcbin.def Version: 6.01.00, Date: 2009/08/03 09:27:34, Variants: 3630535

 

Scan started: 03/08/2009 14:59:23

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: EDIM\edsom luis

 

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 1738

Number of processes/threads scanned: 1721

Number of processes/threads not scanned: 17

Number of infected processes/threads terminated: 0

Total scanning time: 1m 47s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\CDEVC14F\index[1].html/unknown0 (Error whilst scanning file: I/O Error (0x00220005))

 

Scanning: D:\*.*

 

D:\pagefile.sys (Error opening file: Access denied)

 

D:\hiberfil.sys (Error opening file: Access denied)

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown1 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown2 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown3 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown4 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown5 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown6 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\Zylom\dairydash\pt-BR\dairydash.1.0.1.pt-BR.cab/unknown7 (Error whilst scanning file: I/O Error (0x00220005))

 

Scanning: A:\*.*

 

Scanning: E:\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 244424

Number of archives unpacked: 1649

Number of files scanned: 244313

Number of files not scanned: 111

Number of files skipped due to exclude list: 0

Number of infected files found: 0

Number of infected files repaired/deleted: 0

Number of infections removed: 0

Total scanning time: 2h 13m 20s

 

 

Segue o log do combofix :

 

ComboFix 09-08-03.04 - edsom luis 03/08/2009 18:28.70.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.262 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Meus documentos\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

d:\documents and settings\edsom luis\Meus documentos\RECEITA FEDERAL .DOC.lnk

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-03 to 2009-08-03 ))))))))))))))))))))))))))))

.

 

2009-08-03 18:18 . 2009-08-03 18:18 -------- d-----w- d:\arquivos de programas\a-squared Free

2009-08-02 20:47 . 2009-08-02 20:47 -------- d-----w- d:\documents and settings\edsom luis\DoctorWeb

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\arquivos de programas\Yahoo!

2009-08-01 19:00 . 2009-08-01 19:00 -------- d-----w- D:\ToolBar SD

2009-08-01 01:04 . 2009-08-01 01:04 -------- d-----w- d:\arquivos de programas\Sophos

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 02:47 . 2009-07-31 02:47 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\iolo

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-24 00:21 . 2009-07-24 00:18 50192 ----a-w- d:\windows\system32\drivers\tmevtmgr.sys

2009-07-24 00:21 . 2009-07-24 00:18 50192 ----a-w- d:\windows\system32\drivers\tmactmon.sys

2009-07-24 00:20 . 2009-07-24 00:20 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2009-07-24 00:18 . 2009-07-24 00:18 335376 ----a-w- d:\windows\system32\drivers\TM_CFW.sys

2009-07-24 00:18 . 2009-07-24 00:18 205328 ----a-w- d:\windows\system32\drivers\tmxpflt.sys

2009-07-24 00:18 . 2009-07-24 00:18 1195512 ----a-w- d:\windows\system32\drivers\vsapint.sys

2009-07-24 00:18 . 2009-07-24 00:18 80400 ----a-w- d:\windows\system32\drivers\tmtdi.sys

2009-07-24 00:18 . 2009-07-24 00:18 36368 ----a-w- d:\windows\system32\drivers\tmpreflt.sys

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-23 14:55 . 2009-07-25 01:02 102664 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

2009-07-16 11:14 . 2009-06-16 14:39 81920 ------w- d:\windows\system32\dllcache\fontsub.dll

2009-07-16 11:14 . 2009-06-16 14:39 119808 ------w- d:\windows\system32\dllcache\t2embed.dll

2009-07-12 17:44 . 2009-07-12 17:44 -------- d-sh--w- D:\FOUND.009

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-03 03:01 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-03 03:01 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-07-21 23:45 . 2001-10-28 21:07 76414 ----a-w- d:\windows\system32\perfc016.dat

2009-07-21 23:45 . 2001-10-28 21:07 465986 ----a-w- d:\windows\system32\perfh016.dat

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-16 00:21 . 2009-06-21 23:42 3775176 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-13 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-17 19:05 . 2009-06-17 19:05 -------- d-----w- d:\arquivos de programas\Mozilla Firefox 3.5 Preview

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-11 19:17 . 2009-06-11 19:17 -------- d-----w- d:\arquivos de programas\MSBuild

2009-06-11 19:17 . 2009-06-11 19:17 -------- d-----w- d:\arquivos de programas\Reference Assemblies

2009-06-11 17:31 . 2009-06-11 17:31 -------- d-----w- d:\arquivos de programas\Opera 10 Beta

2009-06-09 19:16 . 2009-06-09 19:16 -------- d-----w- d:\arquivos de programas\Software by Design

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-05-17 17:31 . 2009-05-17 17:31 15240 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-05-07 15:33 . 2004-08-04 10:45 347136 ----a-w- d:\windows\system32\localspl.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-06-03 08:25 . 2008-10-15 01:10 134648 ----a-w- d:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-31_03.05.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-03 14:04 . 2009-08-03 14:04 16384 d:\windows\Temp\Perflib_Perfdata_66c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/03/2009 21:30 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 tmpreflt;tmpreflt;d:\windows\system32\drivers\tmpreflt.sys [23/07/2009 21:18 36368]

R3 tmcfw;Trend Micro Common Firewall Service;d:\windows\system32\drivers\TM_CFW.sys [23/07/2009 21:18 335376]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S2 tmevtmgr;tmevtmgr;d:\windows\system32\drivers\tmevtmgr.sys [23/07/2009 21:21 50192]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\181.tmp --> d:\windows\system32\181.tmp [?]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - A2FREE

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-03 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-03 18:34

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\d:\windows\system32\181.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(936)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(992)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\psbase.dll

.

Tempo para conclusão: 2009-08-03 18:37

ComboFix-quarantined-files.txt 2009-08-03 21:37

ComboFix2.txt 2009-08-02 14:09

ComboFix3.txt 2009-07-31 03:08

 

Pré-execução: 10 pasta(s) 43.543.724.032 bytes disponíveis

Pós execução: 10 pasta(s) 43.724.963.840 bytes disponíveis

 

289

 

 

 

Segue novo log do

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:50:02, on 03/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\a-squared Free\a2service.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\WINDOWS\system32\notepad.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5142 bytes

 

Grato

[DigRam 144]

Bom Dia! EDSSX

 

<@> Submeta estes ficheiros,abaixo,à uma análise em: < VirSCAN.org >

 

d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

 

d:\windows\system32\181.tmp

 

<@> Terminando,clique em "Copiar para a 'Area'" ou salve-o como texto.

<@> A tabela,que aparece,pode ser selecionada e copiada no Bloco de Notas.

 

Abraços!

[EDSSX 0]

Bom dia !

 

 

O resultado cfe. infra do ficheiro d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe , não constou nada .

Enquanto ao ficheiro d:\windows\system32\181.tmp,ao fazer o upload consta que não existe o arquivo cfe. figura logo abaixo .

 

 

Nome do Arquivo : iexplore.exe

Tamanho do Arquivo : 638816 byte

Tipo do Arquivo : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : b60dddd2d63ce41cb8c487fcfbb6419e

SHA1 : eadce51c88c8261852c1903399dde742fba2061b

 

Resultado da Verificação

Resultado da Verificação : Todos os softwares reportaram que não encontraram códigos maliciosos!

Tempo : 2009/08/04 07:45:25 (ACT)

Software ↓ Versão Versão Ass. Data Ass. Resultado da verificação Tempo

a-squared 4.5.0.3 20090803230129 2009-08-03

-

0.541

AhnLab V3 2009.08.03.08 2009.08.03 2009-08-03

-

0.921

AntiVir 8.2.0.240 7.1.5.69 2009-08-04

-

0.224

Antiy 2.0.18 20090804.2672262 2009-08-04

-

0.120

Arcavir 2009 200908031615 2009-08-03

-

0.046

Authentium 5.1.1 200908031816 2009-08-03

-

1.541

AVAST! 4.7.4 090804-1 2009-08-04

-

0.029

AVG 8.5.288 270.13.43/2281 2009-08-04

-

0.324

BitDefender 7.81008.3833335 7.26988 2009-08-04

-

3.331

CA (VET) 9.0.0.143 31.6.6656 2009-08-04

-

10.358

ClamAV 0.95.2 9649 2009-08-04

-

0.115

Comodo 3.10 1861 2009-08-04

-

0.863

CP Secure 1.1.0.715 2009.08.04 2009-08-04

-

11.571

Dr.Web 4.44.0.9170 2009.08.04 2009-08-04

-

5.010

F-Prot 4.4.4.56 20090803 2009-08-03

-

1.474

F-Secure 7.02.73807 2009.07.29.10 2009-07-29

-

0.099

Fortinet 2.81-3.120 10.678 2009-08-04

-

0.360

GData 19.6866/19.426 20090804 2009-08-04

-

4.631

Ikarus T3.1.01.64 2009.08.04.73155 2009-08-04

-

3.093

JiangMin 11.0.800 2009.08.04 2009-08-04

-

19.668

Kaspersky 5.5.10 2009.08.04 2009-08-04

-

0.052

KingSoft 2009.2.5.15 2009.8.4.18 2009-08-04

-

0.500

McAfee 5.3.00 5697 2009-08-03

-

3.088

Microsoft 1.4903 2009.08.03 2009-08-03

-

6.169

Norman 6.01.09 6.01.00 2009-08-03

-

4.006

nProtect 20090804.01 4961121 2009-08-04

-

6.142

Panda 9.05.01 2009.08.03 2009-08-03

-

1.813

Quick Heal 10.00 2009.08.04 2009-08-04

-

1.249

Rising 20.0 21.41.13.00 2009-08-04

-

0.975

Sophos 2.89.1 4.44 2009-08-04

-

2.779

Sunbelt 5310 5310 2009-08-03

-

4.649

Symantec 1.3.0.24 20090803.005 2009-08-03

-

0.124

The Hacker 6.3.4.3 v00375 2009-07-31

-

0.931

Trend Micro 8.700-1004 6.338.10 2009-08-03

-

0.028

VBA32 3.12.10.9 20090803.1538 2009-08-03

-

1.911

ViRobot 20090730 2009.07.30 2009-07-30

-

0.518

VirusBuster 4.5.11.10 10.111.2/1826084 2009-08-04

-

2.377

Nota: este arquivo já foi verificado anteriormente. No entanto, o resultado da verificação não foi gravado no banco de dados

 

 

Segue a figura. Clica 3 vezes que vai ampliando .

 

 

 

Grato e Abraços

[EDSSX 0]

Boa Tarde !

 

Desculpe me mas a opção editar não constava mais aqui .

 

Para dar suporte à comprovação/acresçentar das/as raizes/camuflagens cfe. resposta logo la supra; dos rootkits, segue log infra do mcafeerootkitdetective .

 

 

 

McAfee® Rootkit Detective 1.1 scan report

On 04-08-2009 at 11:06:49

OS-Version 5.1.2600

Service Pack 3.0

====================================

 

Object-Type: SSDT-hook

Object-Name: ZwCreateKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwCreateThread

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwDeleteKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwDeleteValueKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwLoadKey2

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwOpenProcess

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwOpenThread

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwReplaceKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwRestoreKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwSetValueKey

Object-Path: (NULL)

 

Object-Type: SSDT-hook

Object-Name: ZwTerminateProcess

Object-Path: (NULL)

 

Object-Type: Registry-key

Object-Name: Parameters) Rootkit Detective 1.1 scan report

 

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hmebrzs\Parameters

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Parameters.RENSet002\Services\hmebrzs\Parameters

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hmebrzs\Parameters.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Parameters.REN.REN02\Services\hmebrzs\Parameters.REN

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hmebrzs\Parameters.REN.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: ParameterstrolSet002\Services\hmebrzs\Parameters.REN.REN

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\znfsio\Parameters

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Parameters.RENSet002\Services\znfsio\Parameters

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\znfsio\Parameters.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Parameters.REN.REN02\Services\znfsio\Parameters.REN

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\znfsio\Parameters.REN.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: DataEM\ControlSet002\Services\znfsio\Parameters.REN.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data

Status: Hidden

 

Object-Type: Registry-key

Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Status: Hidden

 

Object-Type: Registry-key

Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Status: Hidden

 

Object-Type: Registry-key

Object-Name: 00000000-0000-0000-0000-000000000000.RENtem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: 00000000-0000-0000-0000-000000000000.REN.RENProvider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000.REN.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.RENtem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000.REN.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN.RENProvider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN.REN

Status: Hidden

 

Object-Type: Registry-value

Object-Name: Display String

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771.REN.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Data 2.RENicrosoft\Protected Storage System Provider\*Local Machine*\Data 2

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Data 2.REN.RENsoft\Protected Storage System Provider\*Local Machine*\Data 2.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2.REN.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Data.REN\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2.REN.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data.REN

Status: Hidden

 

Object-Type: Registry-key

Object-Name: Data.REN.RENrosoft\Protected Storage System Provider\*Local Machine*\Data.REN

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data.REN.REN

Status: Hidden

 

Object-Type: Process

Object-Name: System Idle Process

Pid: 0

Object-Path:

Status: Visible

 

Object-Type: Process

Object-Name: SEAPORT.EXE

Pid: 1116

Object-Path: D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

Status: Visible

 

Object-Type: Process

Object-Name: LSASS.EXE

Pid: 992

Object-Path: D:\WINDOWS\system32\lsass.exe

Status: Visible

 

Object-Type: Process

Object-Name: EXPLORER.EXE

Pid: 1924

Object-Path: D:\WINDOWS\Explorer.EXE

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 1864

Object-Path: D:\WINDOWS\system32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: System

Pid: 4

Object-Path:

Status: Visible

 

Object-Type: Process

Object-Name: MSNMSGR.EXE

Pid: 316

Object-Path: D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

Status: Visible

 

Object-Type: Process

Object-Name: WINLOGON.EXE

Pid: 936

Object-Path: D:\WINDOWS\system32\winlogon.exe

Status: Visible

 

Object-Type: Process

Object-Name: GBPSV.EXE

Pid: 1184

Object-Path: D:\ARQUIV~1\GbPlugin\GbpSv.exe

Status: Visible

 

Object-Type: Process

Object-Name: IOLOSERVICEMANA

Pid: 908

Object-Path: D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

Status: Visible

 

Object-Type: Process

Object-Name: SCHED.EXE

Pid: 196

Object-Path: D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

Status: Visible

 

Object-Type: Process

Object-Name: SMSS.EXE

Pid: 816

Object-Path: D:\WINDOWS\System32\smss.exe

Status: Visible

 

Object-Type: Process

Object-Name: PRINTSCREEN.EXE

Pid: 352

Object-Path: D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

Status: Visible

 

Object-Type: Process

Object-Name: JQS.EXE

Pid: 1592

Object-Path: D:\Arquivos de programas\Java\jre6\bin\jqs.exe

Status: Visible

 

Object-Type: Process

Object-Name: rundll32.exe

Pid: 2336

Object-Path: D:\WINDOWS\system32\rundll32.exe

Status: Visible

 

Object-Type: Process

Object-Name: alg.exe

Pid: 2244

Object-Path: D:\WINDOWS\System32\alg.exe

Status: Visible

 

Object-Type: Process

Object-Name: GOOGLEDESKTOP.E

Pid: 292

Object-Path: D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

Status: Visible

 

Object-Type: Process

Object-Name: AVGUARD.EXE

Pid: 788

Object-Path: D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

Status: Visible

 

Object-Type: Process

Object-Name: CSRSS.EXE

Pid: 912

Object-Path: D:\WINDOWS\system32\csrss.exe

Status: Visible

 

Object-Type: Process

Object-Name: firefox.exe

Pid: 480

Object-Path: D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 1224

Object-Path: D:\WINDOWS\system32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 1720

Object-Path: D:\WINDOWS\system32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: SPOOLSV.EXE

Pid: 2000

Object-Path: D:\WINDOWS\system32\spoolsv.exe

Status: Visible

 

Object-Type: Process

Object-Name: MDM.EXE

Pid: 1660

Object-Path: D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

Status: Visible

 

Object-Type: Process

Object-Name: EXPLORER.EXE

Pid: 3088

Object-Path: D:\WINDOWS\explorer.exe

Status: Visible

 

Object-Type: Process

Object-Name: SERVICES.EXE

Pid: 980

Object-Path: D:\WINDOWS\system32\services.exe

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 828

Object-Path: D:\WINDOWS\System32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 1324

Object-Path: D:\WINDOWS\system32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: SVCHOST.EXE

Pid: 1448

Object-Path: D:\WINDOWS\System32\svchost.exe

Status: Visible

 

Object-Type: Process

Object-Name: wmiapsrv.exe

Pid: 2596

Object-Path: D:\WINDOWS\system32\wbem\wmiapsrv.exe

Status: Visible

 

Object-Type: Process

Object-Name: Rootkit_Detecti

Pid: 3620

Object-Path: D:\Documents and Settings\edsom luis\Configurações locais\temp\McafeeRootkitDetective\Rootkit_Detective.exe

Status: Visible

 

Object-Type: Process

Object-Name: AVGNT.EXE

Pid: 308

Object-Path: D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

Status: Visible

 

Scan complete. Hidden registry keys/values: 19

 

 

Grato

[DigRam 144]

Boa Noite! EDSSX

 

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

<@> Retire-o do zip!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

MEMSWEEP2

HookSys

HookCont

HookNtos

HookReg

:Files

d:\windows\system32\drivers\HookSys.sys

d:\windows\system32\drivers\HookCont.sys

d:\windows\system32\drivers\HookNtos.sys

d:\windows\system32\drivers\HOOKREG.sys

C:\WINDOWS\system32\more.com

C:\WINDOWS\system32\tree.com

C:\WINXP\system32\format.com

d:\windows\system32\181.tmp

D:\FOUND.009

:Reg

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MEMSWEEP2]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HOOKSYS]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HOOKSYS]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[EDSSX 0]

Bom dia !

 

 

Ao abrir este link externo, na página onde clicar para baixa - lo ?

 

 

 

Grato

[DigRam 144]

Bom dia !

 

 

Ao abrir este link externo, na página onde clicar para baixa - lo ?

 

 

 

Grato

<><><><><><><><><>

Opa! EDSSX

 

<@> Para baixar,pelo Badongo,vá até sua página e digite o código de 4 letras.

<@> Logo abaixo,clique em: "Faça o download do seu fich..."

<@> Aguarde até que zere a contagem Sfff...,que fica ao pé da página.

<@> Clique em "Faça o download do seu ficheiro aqui".

<@> Aguarde,até que apareça a janela: "Opening OTMoveIt3.zip"

<@> Marque: Save file --> OK.

<><><><><><><><><>

<!> Ps: Não esqueça de tirá-lo do zip,ao executá-lo no PC.

 

Abraços!

[EDSSX 0]

Bom Dia !

 

 

Segue relatório do OTMoveIt3 :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service MEMSWEEP2 stopped successfully.

Service MEMSWEEP2 deleted successfully.

Unable to stop service HookSys .

Unable to stop service HookCont .

Unable to stop service HookNtos .

Unable to stop service HookReg .

========== FILES ==========

File/Folder d:\windows\system32\drivers\HookSys.sys not found.

File/Folder d:\windows\system32\drivers\HookCont.sys not found.

File/Folder d:\windows\system32\drivers\HookNtos.sys not found.

File/Folder d:\windows\system32\drivers\HOOKREG.sys not found.

C:\WINDOWS\system32\more.com moved successfully.

C:\WINDOWS\system32\tree.com moved successfully.

C:\WINXP\system32\format.com moved successfully.

File/Folder d:\windows\system32\181.tmp not found.

D:\FOUND.009 moved successfully.

========== REGISTRY ==========

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2\\ .

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MEMSWEEP2\\ .

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2\\ deleted successfully.

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\\ .

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2\\ not found.

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2\\ .

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MEMSWEEP2\\ not found.

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HOOKSYS\\ .

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HOOKSYS\\ .

Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS\\ .

========== COMMANDS ==========

File delete failed. D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para OTMoveIt3.zip\OTMoveIt3.exe scheduled to be deleted on reboot.

File delete failed. D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\~DF627C.tmp scheduled to be deleted on reboot.

File delete failed. D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\etilqs_aQMY7m80YLjnyxfVHeJN scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_59c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\XUL.mfl scheduled to be deleted on reboot.

File delete failed. D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

FireFox cache emptied.

Opera cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 08072009_102402

 

Files moved on Reboot...

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para OTMoveIt3.zip\OTMoveIt3.exe moved successfully.

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\~DF627C.tmp moved successfully.

File D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\etilqs_aQMY7m80YLjnyxfVHeJN not found!

File D:\WINDOWS\temp\Perflib_Perfdata_59c.dat not found!

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_MAP_ moved successfully.

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_001_ moved successfully.

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_002_ moved successfully.

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\Cache\_CACHE_003_ moved successfully.

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\XUL.mfl moved successfully.

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\urlclassifier3.sqlite moved successfully.

 

 

 

Segue novo log do HijackThis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:44:16, on 07/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\notepad.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis.exe

D:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portuguese.ircfast.com/pt/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4896 bytes

 

 

Grato e Abraços