[Resolvido!] Chave é resíduo de infecção

[EDSSX 0]

Bom dia !

 

 

Crio este tópico para remoção de HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø€|ÿÿÿÿ€|ù6~*] "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL" e / ou cfe. teor/instruções no meu tópico http://forum.imasters.com.br/index.php?/topic/358394-chave-de-registro-bloqueia o-msn/page__pid__1363884__st__0entry1363884 em softwares

 

Obs : A chave supra tem alguma semelhança/gancho com a dll acima ?

 

 

Segue o log do hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:42:38, on 19/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - D:\WINDOWS\system32\shdocvw.dll

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Malware Defender Service (MalwareDefenderService) - TorchSoft - d:\arquivos de programas\malware defender\mdservice.exe

 

--

End of file - 4924 bytes

 

 

Obrigado desde já .

[DigRam 144]

Boa Tarde! EDSSX

 

Já reparei ( varias vezes ) ele sim e nada, este problema é antigo; só não tinha conhecimento que estava relacionado a esta chave mencionada la nos tópicos .

<!> Indique o link de sua pesquisa,pois não tenho conhecimentos dessa relação.

<!> O ficheiro é legítimo,como pode ver....

 

<!> < Link-1 >

 

<!> Em ThreatExpert,não apresenta indícios de malignidade.

 

<!> < Link-2 >

°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Rootkit::

d:\windows\system32\drivers\gofhgcpp.sys

Driver::

"gofhgcpp"

RegNull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

Registry::

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt

 

Abraços!

[EDSSX 0]

Boa Tarde !

 

 

Pesquise esta dll aqui http://www.systemlookup.com/search.php?typ...ch=devldr32.exe

 

http://www.systemlookup.com/search.php?list=&type=filename&search=D%3F\\WINDOWS\\system32\\FM20ENU.DLL&s=

 

 

 

Segue log do combofix ( rodei em modo seguro pois não executava no normal ) :

 

ComboFix 09-08-10.06 - edsom luis 19/08/2009 15:19.80.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.376 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))

.

 

2009-08-19 16:17 . 2009-08-19 16:17 -------- d-----w- d:\arquivos de programas\Enigma Software Group

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- D:\!KillBox

2009-08-17 13:51 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-sh--w- D:\FOUND.000

2009-08-15 22:31 . 2009-08-15 22:32 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\iolo

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-15 15:33 . 2009-08-15 15:33 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-19 18:16 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-19 18:16 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [17/08/2009 10:51 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-19 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = go.microsoft.com/fwlink/?LinkId=69157

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 15:22

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

d:\windows\system32\mdhook.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(700)

d:\windows\system32\mdhook.dll

d:\windows\system32\setupapi.dll

d:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(2332)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'csrss.exe'(620)

d:\windows\system32\mdhook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\GBPLUGIN\GBPSV.EXE

d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-08-19 15:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-19 18:26

ComboFix2.txt 2009-08-17 02:11

 

Pré-execução: 13 pasta(s) 42.641.358.848 bytes disponíveis

Pós execução: 13 pasta(s) 42.063.101.952 bytes disponíveis

 

326 --- E O F --- 2009-08-14 03:01

 

Desde já obrigado .

[EDSSX 0]

Boa Noite !

 

Não constava mais a opção editar.

 

 

Esta dll tem algo sim relacionado com messenger e trojan banker/bancario/Zlob/Zhopa .

 

Amigo ! Rodei ( no modo seguro novamente)com os mesmos comandos que vossa me instruiu e desta vez com o combofix atualizado, pois acima estava expirado (instalei novamente ) por isto o modo de funcionalidade reduzida e sendo assim segue log infra diferente .

 

ComboFix 09-08-18.04 - edsom luis 19/08/2009 17:48.83.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.376 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

d:\windows\system32\mdhook.dll . . . . falha na exclusão

 

A cópia de d:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\system32\dllcache\mspmsnsv.dll

 

A cópia de d:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\system32\dllcache\mspmsnsv.dll

 

A cópia de d:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\system32\dllcache\mspmsnsv.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GOFHGCPP

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))

.

 

2009-08-19 16:17 . 2009-08-19 16:17 -------- d-----w- d:\arquivos de programas\Enigma Software Group

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- D:\!KillBox

2009-08-17 13:51 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-sh--w- D:\FOUND.000

2009-08-15 22:31 . 2009-08-15 22:32 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\iolo

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-15 15:33 . 2009-08-15 15:33 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-19 20:44 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-19 20:44 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_18.22.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-19 20:54 . 2009-08-19 20:54 16384 d:\windows\temp\Perflib_Perfdata_4c8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [17/08/2009 10:51 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-19 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 17:55

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

 

**************************************************************************

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø€|ÿÿÿÿ€|ù6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

 

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

d:\windows\system32\mdhook.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(700)

d:\windows\system32\mdhook.dll

d:\windows\system32\setupapi.dll

d:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3188)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'csrss.exe'(620)

d:\windows\system32\mdhook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\GBPLUGIN\GBPSV.EXE

d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-08-19 18:00 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-19 20:59

ComboFix2.txt 2009-08-19 18:26

ComboFix3.txt 2009-08-17 02:11

 

Pré-execução: 13 pasta(s) 42.667.900.928 bytes disponíveis

Pós execução: 13 pasta(s) 42.095.869.952 bytes disponíveis

 

340 --- E O F --- 2009-08-14 03:01

 

Obrigado desde já . Abraços .

[DigRam 144]

Boa Noite! EDSSX

 

<!> Houve um erro em sua pesquisa,na utilização desse recurso.

°°°°°°°°°°°°°°°°°°°°°°°

<!> Aqui,em systemlookup,podemos constatar que não houve retorno de informações,ao digitar: fm20enu.dll

<!> É o mesmo sistema utilizado em CastleCops,baseando a pesquisa segundo os objetos relacionados pelo HijackThis. ( Entradas )

<!> Ao digitar na caixa "Look up a Filename",esse caminho: "D?\\WINDOWS\\system32\\FM20ENU.DLL",voçê teve resultados falseados e não relacionados ao Messenger.

<!> A dita caixa,escolhida por voçê,somente aceita a CLSID,para processar a pesquisa.

°°°°°°°°°°°°°°°°°°°°°°°

<!> Caso queira verificações online,na busca por malwares,sugiro Kaspersky.

°°°°°°°°°°°°°°°°°°°°°°°

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

<@> Acesse o site,e clique em Kaspersky Online Scanner.

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[EDSSX 0]

Boa Noite !DigRam

 

Porque que sai a opção editar ?

 

Dê uma boa olhada neste tópico http://forum.imasters.com.br/index.php?/topic/346060-vrus-no-messenger-2009/ ; que coincidência em relação a CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø€|ÿÿÿÿ€|ù6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

 

E pesquise a dll aqui http://www.systemlookup.com/search.php?typ...ch=devldr32.exe

 

http://www.systemlookup.com/search.php?list=&type=filename&search=D%3F\\WINDOWS\\system32\\FM20ENU.DLL&s=

 

Nós respondemos quase juntos .

 

 

Obrigado desde já .

[DigRam 144]

Boa Noite! EDSSX

 

Dê uma boa olhada neste tópico http://forum.imaster...messenger-2009/ ; que coincidência em relação a CHAVES DO REGISTRO BLOQUEADAS --------

<!> Inconclusivo,pois o Membro não retornou ao Tópico,relatando-nos a solução do problema.

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

 

E pesquise a dll aqui http://www.systemloo...ch=devldr32.exe

 

http://www.systemloo...\FM20ENU.DLL&s

<!> A pesquisa da dll,deveria ser realizada somente com a dll,isenta do seu caminho.

 

Abraços!

[EDSSX 0]

Boa Noite !

 

 

Rodei kaspersky removal tool cfe.log infra, pois aqui em meu pc as vezes não esta rodando nada on line/não executável; inclusive os softwares toolbar S&D e o Lop S&D cfe. tópico http://www.linhadefensiva.org/forum/index.php?showtopic=102129&hl=, desde depois da época da remoção dos rootkits cfe. tópico http://forum.imasters.com.br/index.php?/topic/354423-pc-faz-barulho-como-uma-catraca/ .

 

 

Segue log do kaspersky removal tool:

 

Scan

----

Scanned: 6491

Detected: 0

Untreated: 0

Start time: 19/08/2009 19:55:11

Duration: 02:10:09

Finish time: 19/08/2009 22:06:01

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

 

 

Segue novo log do HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:36, on 19/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

D:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malware Defender] d:\arquivos de programas\malware defender\malwaredefender.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - D:\WINDOWS\system32\shdocvw.dll

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Malware Defender Service (MalwareDefenderService) - TorchSoft - d:\arquivos de programas\malware defender\mdservice.exe

 

--

End of file - 5207 bytes

 

Opiniões/orientações perante o log infra do RemoveIT Pro v7 Enterprise ? Como nós podemos ver no log, tem a opção fix , mas não elimina .

 

RemoveIT Pro v7 Enterprise (Build date: 11.11.2008) log.

Generated at: 19/08/2009 on 22:06:38

Microsoft Windows XP Professional Service Pack 3 (Build 2600)

 

22:06:38: Scanning, please wait...

22:13:51: Infected file (Sys32.eempty) D:\WINDOWS\system32\eempty.exe -> No action taken.

22:15:11: Infected file (Sys32.langdll) D:\WINDOWS\system32\langdll.dll -> No action taken.

22:18:12: Infected file (Sys32.xceedbkp) D:\WINDOWS\system32\xceedbkp.dll -> No action taken.

22:19:00: Infected file (Sys32.msajt200) D:\WINDOWS\system\msajt200.dll -> No action taken.

22:19:04: Infected file (Sys32.pev) D:\WINDOWS\pev.exe -> No action taken.

22:19:12: Infected file (Sys32.syssd) D:\WINDOWS\system\syssd.dll -> No action taken.

22:19:15: Infected file (Sys32.vbajet) D:\WINDOWS\system\vbajet.dll -> No action taken.

22:19:48: Infected file (Sys32.gbiehcef) D:\Arquivos de programas\GbPlugin\gbiehcef.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpdist) D:\Arquivos de programas\GbPlugin\gbpdist.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpsv) D:\Arquivos de programas\GbPlugin\gbpsv.exe -> No action taken.

22:19:51: 10 Dangerous files has been found on your computer.

Click on "Fix" button to fix selected tasks.

 

 

 

Obrigado desde já .

[DigRam 144]

Boa Noite! EDSSX

 

<!> Execute reparos,no Windows,com o comando SFC.

<><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite: sfc /scannow --> Clique OK.

 

< >

 

<@> Será pedido a colocação do CD-ROM,do Windows XP,no drive.

<@> Aguarde a conclusão do reparo! --> Reinicie!

<><><><><><><><><>

<!> Seu log está limpo!

 

Abraços!

[EDSSX 0]

Boa Noite !

 

 

Segue o log completo do RemoveIT Pro v7 Enterprise :

 

RemoveIT Pro v7 Enterprise (Build date: 11.11.2008) log.

Generated at: 19/08/2009 on 22:06:38

Microsoft Windows XP Professional Service Pack 3 (Build 2600)

 

22:06:38: Scanning, please wait...

22:13:51: Infected file (Sys32.eempty) D:\WINDOWS\system32\eempty.exe -> No action taken.

22:15:11: Infected file (Sys32.langdll) D:\WINDOWS\system32\langdll.dll -> No action taken.

22:18:12: Infected file (Sys32.xceedbkp) D:\WINDOWS\system32\xceedbkp.dll -> No action taken.

22:19:00: Infected file (Sys32.msajt200) D:\WINDOWS\system\msajt200.dll -> No action taken.

22:19:04: Infected file (Sys32.pev) D:\WINDOWS\pev.exe -> No action taken.

22:19:12: Infected file (Sys32.syssd) D:\WINDOWS\system\syssd.dll -> No action taken.

22:19:15: Infected file (Sys32.vbajet) D:\WINDOWS\system\vbajet.dll -> No action taken.

22:19:48: Infected file (Sys32.gbiehcef) D:\Arquivos de programas\GbPlugin\gbiehcef.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpdist) D:\Arquivos de programas\GbPlugin\gbpdist.dll -> No action taken.

22:19:49: Infected file (Sys32.gbpsv) D:\Arquivos de programas\GbPlugin\gbpsv.exe -> No action taken.

22:19:51: 10 Dangerous files has been found on your computer.

Click on "Fix" button to fix selected tasks.

22:20:13: Scanning, please wait...

22:50:10: Infected file (Sys32.vbajet) C:\WINXP\system\VBAJET.DLL -> No action taken.

22:50:10: Infected file (Sys32.msajt200) C:\WINXP\system\MSAJT200.DLL -> No action taken.

22:51:39: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP826\A0077852.exe -> No action taken.

22:51:40: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP826\A0077916.exe -> No action taken.

22:51:43: Infected file (Sys32.pev) D:\System Volume

Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP830\A0079912.exe -> No action taken.

22:59:46: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135402-251.dll -> No action taken.

22:59:46: Infected file (Sys32.gbpdist) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135403-769.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135520-468.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135554-845.dll -> No action taken.

22:59:47: Infected file (Sys32.gbiehcef) D:\Documents and Settings\edsom luis\Meus

documentos\backups\backup-20090424-135626-168.dll -> No action taken.

23:04:40: 20 Dangerous files has been found on your computer.

Click on "Fix" button to fix selected tasks.

Finished...

 

 

Respondemos juntos de novo .

 

 

Obrigado desde já .

[EDSSX 0]

Boa Noite !

 

 

Ok então; eu não tenho o cd do xp ; entretanto resolvi remover a chave HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] manualmente e deu certo, não constando a mesma e a dll no log que segue do combofix .

 

Msn entrando sem o erro .

 

 

ComboFix 09-08-18.04 - edsom luis 19/08/2009 23:28.84.1 - FAT32x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.377 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

A cópia de d:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - d:\windows\system32\dllcache\mspmsnsv.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))

.

 

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-19 16:17 . 2009-08-19 16:17 -------- d-----w- d:\arquivos de programas\Enigma Software Group

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- D:\!KillBox

2009-08-17 13:51 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\lgalcafo.sys

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-sh--w- D:\FOUND.000

2009-08-15 22:31 . 2009-08-15 22:32 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\iolo

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-15 15:33 . 2009-08-15 15:33 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-30 17:07 . 2009-07-30 17:07 -------- d-----w- d:\windows\system32\CatRoot2

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-21 23:37 . 2009-07-21 23:37 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-07-21 23:35 . 2009-07-21 23:35 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 02:25 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-20 02:25 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-22 17:02 . 2009-06-22 17:01 -------- d-----w- d:\arquivos de programas\Gadwin Systems

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

 

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

 

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

 

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

 

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

 

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_18.22.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 02:34 . 2009-08-20 02:34 16384 d:\windows\temp\Perflib_Perfdata_394.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "d:\arquivos de programas\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ------w- d:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

R1 lgalcafo;lgalcafo;d:\windows\system32\drivers\lgalcafo.sys [17/08/2009 10:51 243200]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

R2 GbpSv;Gbp Service;d:\arquiv~1\GbPlugin\GbpSv.exe [18/06/2008 14:26 52808]

R2 ioloFileInfoList;iolo FileInfoList Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloProductUpdate;iolo Product Update Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 ioloSystemService;iolo System Service;d:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [16/04/2009 20:43 628584]

R2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

 

2009-08-20 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://portuguese.ircfast.com/pt/index.php?rvs=hompag

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- Associação de arquivos/ficheiros -------

.

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 23:35

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

d:\windows\system32\mdhook.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\COMRes.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(700)

d:\windows\system32\mdhook.dll

d:\windows\system32\setupapi.dll

d:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3332)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'csrss.exe'(620)

d:\windows\system32\mdhook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\GBPLUGIN\GBPSV.EXE

d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-08-20 23:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-20 02:40

ComboFix2.txt 2009-08-19 21:00

ComboFix3.txt 2009-08-19 18:26

ComboFix4.txt 2009-08-17 02:11

 

Pré-execução: 13 pasta(s) 42.653.057.024 bytes disponíveis

Pós execução: 13 pasta(s) 42.087.383.040 bytes disponíveis

 

338 --- E O F --- 2009-08-14 03:01

 

 

Caso resolvido, fineza encerrar o tópico .

 

 

Obrigado desde já .

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.