[Resolvido] Chave de registro bloqueia o msn ?

[EDSSX 0]

Boa Noite !

 

 

Qual a relação desta chave infra com o messenger ? Posso remove - la mesmo sendo até componentes ?

 

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componentes

 

Ø•€|ÿÿÿÿ•€|ù•6~

 

 

 

Grato

[hinom 5]

poderia explicar melhor ?

 

pegamos o bonde andando..

[RafaelSonyLock 18]

Também não entendi :(

 

Faz o seguinte, passa um limpador de Registro (MV RegClean) para limpar as chaves desnecessárias do seu registro.

[EDSSX 0]

Boa Tarde !

 

 

Retificando ; esta chave esta bloqueiando o msn. Posso remove la ? Sendo que em meu pc atraves do editor de registro apenas faz a leitura até a palavra userdata ou seja a parte LocalSystem\ComponentesØ€|ÿÿÿÿ€|ù6~ esta oculta .

 

 

 

Grato

[RafaelSonyLock 18]

Boa Tarde !

 

 

Retificando ; esta chave esta bloqueiando o msn. Posso remove la ? Sendo que em meu pc atraves do editor de registro apenas faz a leitura até a palavra userdata ou seja a parte LocalSystem\Componentes

 

Ø•€|ÿÿÿÿ•€|ù•6~ esta oculta .

 

 

 

Grato

 

Bom, o unico jeito de descobrir vai ser testando

 

Mas antes, faça alguns Backups

• Crie um Ponto de Restauração

• Backup registro

[Traks 6]

ele bloqueia de que maneira?

não consegue abrir o programa? não consegue conectar? dá alguma mensagem de erro?

 

nunca vi algo parecido

 

de qualquer forma tem que testar mesmo...

[RafaelSonyLock 18]

ele bloqueia de que maneira?

não consegue abrir o programa? não consegue conectar? dá alguma mensagem de erro?

 

nunca vi algo parecido

 

de qualquer forma tem que testar mesmo...

 

Esqueci de citar este ponto

 

Tem um ótimo tutorial lá no Baixaki > Artigos, Dicas e tutoriais sobre como corrigir erros do MSN

Veja: • Aprenda a corrigir os erros do seu MSN

[EDSSX 0]

Boa Tarde !

 

 

 

 

Segue o erro cfe. figura infra :

 

 

RafaelSonyLock !

Já rodei o Mvregclean , ele encontrou 1001 erros ja foi removidos com exceção da HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\ComponentesØ€|ÿÿÿÿ€|ù6~

 

Já usei também o Killbox e nada .

 

Obs :A chave HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\ComponentesØ•€|ÿÿÿÿ•€|ù•6~ , tem alguma semelhança/relação com esta dll 6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL ?

 

 

 

Grato

[hinom 5]

essa chave no registro é referente à quê ?

 

foi algum software que você instalou ou pegou algum, virus, algo do tipo ?

[Traks 6]

não consigui compreender como você concluiu que o problema está nessa chave.

 

faz muito tempo que esse problema está acontecendo... qualquer coisa você faz a restauração do sistema

[EDSSX 0]

Boa Tarde !

 

Segue as respostas .

 

essa chave no registro é referente à quê ?

Não sei .

 

foi algum software que você instalou ou pegou algum, virus, algo do tipo ?

 

 

Esta chave/dll constam em um log do combofix :

 

CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

 

Obs : Para que eu possa remove-la ( a dll ), pergunto chave HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\ComponentesØ•€|ÿÿÿÿ•€|ù•6~ , tem alguma semelhança/relação com esta dll 6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL ?

 

 

 

 

Grato

[RafaelSonyLock 18]

Ja tentou reinstalar o Windows Live Messenger?

 

Bom, eu recomendaria você postar um log do Hijackthis em Segurança & Malwares por busca de infecções por virus!

 

Isso é muito estrnho !

 

 

Mesmo assim, aqui continua aberto !

[Silas Martins 0]

Olá EDSSX, essa valor de registro é restos de virus sendo assim o melhor é você recorrer a área de Segurança & Malware do fórum. Lá o pessoal poderá te auxiliar na remoção do mesmo.

[Traks 6]

Olá EDSSX, essa valor de registro é restos de virus sendo assim o melhor é você recorrer a área de Segurança & Malware do fórum. Lá o pessoal poderá te auxiliar na remoção do mesmo.

 

é mais provavel que seja isso mesmo... pq aparentemente essa chave não tem ligação alguma com o MSN

[EDSSX 0]

Bom Dia !

 

 

Ok, vou postar um tópico em segurança & malware com teor relacionado a HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

 

 

 

Grato

[Traks 6]

Ok...

Agora só esperar para que os especialistas da seção responderem você

[RafaelSonyLock 18]

A análise está sendo feita, o link do tópico da análise é:

http://forum.imasters.com.br/index.php?/topic/358762-chave-e-residuo-de-infeccao/

 

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

[EDSSX 0]

Bom dia !

 

Entretanto resolvi remover a chave HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] manualmente usando o editor de registro e deu certo, não constando mais a mesma e a dll ( D?\\WINDOWS\\system32\\FM20ENU.DLL ) no log que segue do combofix .

 

Msn entrando sem o erro .

 

 

ComboFix 09-08-18.04 - edsom luis 19/08/2009 23:28.84.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.377 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

A cópia de d:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\system32\dllcache\mspmsnsv.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))

.

 

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-19 16:17 . 2009-08-19 16:17 -------- d-----w- d:\arquivos de programas\Enigma Software Group

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- D:\!KillBox

2009-08-17 13:51 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-sh--w- D:\FOUND.000

2009-08-15 22:31 . 2009-08-15 22:32 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\iolo

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-15 15:33 . 2009-08-15 15:33 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 02:25 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-20 02:25 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_18.22.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 02:34 . 2009-08-20 02:34 16384 d:\windows\temp\Perflib_Perfdata_394.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [17/08/2009 10:51 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-20 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- Associação de arquivos/ficheiros -------

.

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 23:35

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

d:\windows\system32\mdhook.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(700)

d:\windows\system32\mdhook.dll

d:\windows\system32\setupapi.dll

d:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3332)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'csrss.exe'(620)

d:\windows\system32\mdhook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\GBPLUGIN\GBPSV.EXE

d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-08-20 23:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-20 02:40

ComboFix2.txt 2009-08-19 21:00

ComboFix3.txt 2009-08-19 18:26

ComboFix4.txt 2009-08-17 02:11

 

Pré-execução: 13 pasta(s) 42.653.057.024 bytes disponíveis

Pós execução: 13 pasta(s) 42.087.383.040 bytes disponíveis

 

338 --- E O F --- 2009-08-14 03:01

 

 

 

 

 

Segue abaixo log antigo ainda contendo a chave HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

 

 

 

ComboFix 09-08-10.06 - edsom luis 19/08/2009 15:19.80.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.376 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))

.

 

2009-08-19 16:17 . 2009-08-19 16:17 -------- d-----w- d:\arquivos de programas\Enigma Software Group

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- D:\!KillBox

2009-08-17 13:51 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-sh--w- D:\FOUND.000

2009-08-15 22:31 . 2009-08-15 22:32 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\iolo

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-15 15:33 . 2009-08-15 15:33 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-19 18:16 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-19 18:16 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [17/08/2009 10:51 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-19 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = go.microsoft.com/fwlink/?LinkId=69157

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 15:22

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

d:\windows\system32\mdhook.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(700)

d:\windows\system32\mdhook.dll

d:\windows\system32\setupapi.dll

d:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(2332)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'csrss.exe'(620)

d:\windows\system32\mdhook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\GBPLUGIN\GBPSV.EXE

d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-08-19 15:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-19 18:26

ComboFix2.txt 2009-08-17 02:11

 

Pré-execução: 13 pasta(s) 42.641.358.848 bytes disponíveis

Pós execução: 13 pasta(s) 42.063.101.952 bytes disponíveis

 

326 --- E O F --- 2009-08-14 03:01

 

 

 

Caso resolvido, fineza encerrar este tópico .

 

 

Obrigado desde já .

[Silas Martins 0]

Seu log ainda consta entradas maliciosas. como a

D:\FOUND.000

[EDSSX 0]

Boa Noite ! Silas Martins

 

 

Segundo o analista, meus logs la no tópico http://forum.imaster...uo-de-infeccao/ , estavam limpos .

 

Aproveitando a oportunidade o que vcs me dizem sobre o log infra e o software que originalizou o mesmo .

 

Opiniões/orientações perante o log infra do RemoveIT Pro v7 Enterprise ! Como nós podemos ver no log, tem a opção fix , mas não elimina .

 

RemoveIT Pro v7 Enterprise (Build date: 11.11.2008) log.

Generated at: 19/08/2009 on 22:06:38

Microsoft Windows XP Professional Service Pack 3 (Build 2600)

 

22:06:38: Scanning, please wait...

22:13:51: Infected file (Sys32.eempty) D:\WINDOWS\system32\eempty.exe -> No action taken.

22:15:11: Infected file (Sys32.langdll) D:\WINDOWS\system32\langdll.dll -> No action taken.

22:18:12: Infected file (Sys32.xceedbkp) D:\WINDOWS\system32\xceedbkp.dll -> No action taken.

22:19:00: Infected file (Sys32.msajt200) D:\WINDOWS\system\msajt200.dll -> No action taken.

22:19:04: Infected file (Sys32.pev) D:\WINDOWS\pev.exe -> No action taken.

22:19:12: Infected file (Sys32.syssd) D:\WINDOWS\system\syssd.dll -> No action taken.

22:19:15: Infected file (Sys32.vbajet) D:\WINDOWS\system\vbajet.dll -> No action taken.

22:19:48: Infected file (Sys32.gbiehcef) D:\Arquivos de programas\GbPlugin\gbiehcef.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpdist) D:\Arquivos de programas\GbPlugin\gbpdist.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpsv) D:\Arquivos de programas\GbPlugin\gbpsv.exe -> No action taken.

22:19:51: 10 Dangerous files has been found on your computer.

Click on "Fix" button to fix selected tasks.

 

 

 

Obrigado desde já .