[Arquivado] Infecções removidas recentemente voltaram

EDSSX · Agosto 22, 2009

Boa Tarde !

Tudo que removi ref. a plugin bancarios, trojans/trojans do msn voltou cfe. log do hijackthis .

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - D:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

Segue log do hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:47, on 22/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

D:\WINDOWS\system32\notepad.exe

D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file missing)

O4 - HKLM\..\Run: [Google Desktop Search] "D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [DWQueuedReporting] "D:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKLM\..\Run: [Malware Defender] d:\arquivos de programas\malware defender\malwaredefender.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] D:\Arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

O4 - Startup: UOL Voip.lnk = D:\Arquivos de programas\UOL\UIM\uim.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - D:\WINDOWS\system32\shdocvw.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginCef - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - D:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - D:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Malware Defender Service (MalwareDefenderService) - TorchSoft - d:\arquivos de programas\malware defender\mdservice.exe

O23 - Service: Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader (usnjsvc) - Unknown owner - D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

--

End of file - 5999 bytes

Obrigado

Silas Martins · Agosto 22, 2009

Olá,

Primeiramente gostaria de salientar que o log citado esta limpo. As entradas citadas por você são legitimas, o que você usou para chegar a conclusão que fossem virus?

De qualquer forma re-afirmo que seu log permanece limpo.

Aguardo retorno

EDSSX · Agosto 22, 2009

Boa Tarde !

Analise feita no http://hjt.networktechs.com/parse.php e no virus total .

Grato

Silas Martins · Agosto 22, 2009

Poste o resultado a análise do virus total, pois ainda não vi o virus total indicar entradas no log do hijackthis.

Aguardo retorno

EDSSX · Agosto 22, 2009

Boa Noite !

Meus caros, agora minha máquina está pifando de vez; ao navegar na net também, pois abre páginas falsas perçebi isto agora; inclusive a do virus total, baixaki, google etc... com o http cortado, a mesma não quer iniciar o windows; inicia - se as vezes e ainda assim reinicia - se sozinha; ao não ser modo seguro que falha também, isto tudo repetindo varias verificações dos discos.

Neste momento estou em modo seguro com apenas controle de dominio ( algo assim ).

Bom , como diz o titulo do tópico; as infecções antigas estão voltando inclusive cfe. o log do combofix com aquela famosa chave/dll > HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL ; contida nos teores dos tópicos infra;

Lembram ?

Tópicos antigos = http://forum.imasters.com.br/index.php?/topic/358394-chave-de-registro-bloqueia-o-msn/page__pid__1366578__st__0entry1366578

e http://forum.imaster...uo-de-infeccao/

ComboFix 09-08-22.06 - edsom luis 22/08/2009 18:49.80.1 - FAT32x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.342 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\system\SYSPCB.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))

.

2009-08-22 22:11 . 2009-08-22 22:11 -------- d-sh--w- D:\FOUND.007

2009-08-22 22:03 . 2009-08-22 22:03 -------- d-sh--w- D:\FOUND.006

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- d:\windows\system32\CatRoot2

2009-08-22 20:18 . 2009-08-22 20:18 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security

2009-08-22 18:43 . 2009-08-22 18:44 -------- d-----w- D:\backups

2009-08-22 15:37 . 2009-08-22 15:37 79022 ----a-w- d:\windows\system32\prfc0416.dat

2009-08-22 15:37 . 2009-08-22 15:37 468108 ----a-w- d:\windows\system32\prfh0416.dat

2009-08-22 15:30 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\jafgomlk.sys

2009-08-22 15:26 . 2009-08-22 15:26 -------- d-sh--w- D:\FOUND.005

2009-08-22 15:23 . 2009-08-22 15:23 -------- d-sh--w- D:\FOUND.004

2009-08-22 14:52 . 2009-08-22 14:52 -------- d-sh--w- D:\FOUND.003

2009-08-22 14:37 . 2009-08-22 14:37 -------- d-sh--w- D:\FOUND.002

2009-08-22 14:32 . 2009-08-22 14:32 -------- d-sh--w- D:\FOUND.001

2009-08-22 04:43 . 2009-08-22 04:43 -------- d-----w- d:\arquivos de programas\Malware Defender

2009-08-22 01:56 . 2009-07-27 03:52 243200 ------w- d:\windows\system32\drivers\nlaljkbk.sys

2009-08-21 23:25 . 2009-08-21 23:25 270336 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\plugins\g729.dll

2009-08-21 23:25 . 2009-08-21 23:25 167936 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2009-08-21 23:23 . 2009-08-21 23:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\UOL

2009-08-21 23:20 . 2009-08-21 23:20 -------- d-----w- d:\arquivos de programas\UOL

2009-08-21 02:53 . 2006-10-26 22:56 32592 ----a-w- d:\windows\system32\msonpmon.dll

2009-08-21 02:44 . 2009-08-21 02:44 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-08-20 22:27 . 2009-08-20 22:27 -------- d-----w- D:\UsbFix

2009-08-20 22:13 . 2008-11-06 05:03 -------- d-----w- D:\SDFix

2009-08-20 14:22 . 2009-08-20 14:22 -------- d-----w- d:\arquivos de programas\HeavenWard

2009-08-20 01:04 . 2009-08-20 01:04 -------- d-----w- d:\arquivos de programas\InCode Solutions

2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

2009-08-16 19:36 . 2009-08-16 19:36 -------- d-----w- D:\ToolBar SD

2009-08-16 19:26 . 2009-08-16 19:26 -------- d-----w- D:\Lop SD

2009-08-16 02:11 . 2009-08-16 02:11 -------- d-----w- D:\FOUND.000

2009-08-15 22:06 . 2009-08-15 22:06 54624 ----a-w- d:\windows\system32\72568.sys

2009-08-15 21:51 . 2009-08-15 21:52 128352 ----a-w- d:\windows\system32\9235D.dll

2009-08-15 21:51 . 2009-08-15 21:51 54624 ----a-w- d:\windows\system32\9235D.sys

2009-08-14 22:08 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0804.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0411.dll

2009-08-14 22:07 . 2007-04-02 19:26 19456 ----a-w- d:\windows\system32\dllcache\agt0404.dll

2009-08-14 19:47 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-08-14 19:47 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-08-14 19:47 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 17:49 . 2009-08-14 17:49 520192 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\crypto\uolcrypto.dll

2009-08-14 17:49 . 2009-08-14 17:49 1748992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\UOLFone\UOLFonePlugin.dll

2009-08-14 17:48 . 2009-08-14 17:48 286720 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\radioUOL\RadioUOL.dll

2009-08-14 17:48 . 2009-08-14 17:48 98304 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\UIM\Plugins\Fotoblog\FotoBlogPlugin.dll

2009-08-14 16:46 . 2009-05-07 07:04 157712 ----a-w- d:\windows\system32\drivers\tmcomm.sys

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-sh--w- d:\documents and settings\Administrador\IETldCache

2009-08-14 01:56 . 2009-08-14 01:56 -------- d-----r- d:\documents and settings\Administrador\Meus documentos

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----r- d:\documents and settings\Administrador\Favoritos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Modelos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--w- d:\documents and settings\Administrador\Configurações locais

2009-08-14 01:51 . 2007-09-19 13:33 -------- d--h--r- d:\documents and settings\Administrador\Dados de aplicativos

2009-08-14 01:51 . 2007-09-19 13:33 -------- d-----r- d:\documents and settings\Administrador\Menu Iniciar

2009-08-14 01:51 . 2009-08-14 01:51 -------- d-----w- d:\documents and settings\Administrador

2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

2009-08-13 13:00 . 2009-07-10 13:27 1315328 ------w- d:\windows\system32\dllcache\msoe.dll

2009-08-12 16:08 . 2009-08-12 16:08 -------- d-----w- d:\arquivos de programas\Lavalys

2009-08-09 02:14 . 2009-08-09 02:14 -------- d-----w- D:\f3e64e655c4cf5ea0969946e

2009-08-09 02:09 . 2009-08-09 02:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- d:\windows\system32\dllcache\mswebdvd.dll

2009-08-01 22:20 . 2009-08-01 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-07-31 18:51 . 2009-07-31 18:51 -------- d--h--w- d:\windows\PIF

2009-07-31 00:29 . 2009-07-31 00:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager

2009-07-27 17:28 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\12878755.sys

2009-07-27 03:52 . 2009-07-27 03:52 95744 ----a-w- d:\windows\system32\mdhook.dll

2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----r- d:\documents and settings\LocalService\Meus documentos

2009-07-24 16:11 . 2009-07-24 16:11 -------- d-----w- d:\windows\Sun

2009-07-24 03:01 . 2009-07-24 03:01 -------- d-----w- d:\documents and settings\All Users\Modelos

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-22 22:22 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-08-22 22:16 . 2009-08-20 14:22 27825 ----a-w- d:\windows\system32\drivers\RemoveAny.log

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-08-22 04:31 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-08-16 23:27 . 2009-06-21 23:42 3942048 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-12 14:44 . 2001-10-28 21:07 79022 ----a-w- d:\windows\system32\perfc016.dat

2009-08-12 14:44 . 2001-10-28 21:07 468108 ----a-w- d:\windows\system32\perfh016.dat

2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-04-23 15:56 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-04-23 15:56 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-07-23 15:10 . 2009-07-23 15:10 -------- d-----w- d:\arquivos de programas\blcorp

2009-07-20 12:13 . 2009-07-20 12:13 749568 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneClient-1.0.0.23.dll

2009-07-20 12:13 . 2009-07-20 12:13 376832 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneCrypt.dll

2009-07-20 12:13 . 2009-07-20 12:13 262144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\UOL\lib\UOLFoneServerConfigProvider-1.0.0.16.dll

2009-07-18 13:05 . 2008-11-12 18:12 208 ----a-w- d:\windows\system32\drivers\GbpKmAp.lst

2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

2009-07-03 16:59 . 2004-08-04 10:45 915456 ----a-w- d:\windows\system32\wininet.dll

2009-06-16 14:39 . 2004-08-04 10:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 21:06 81920 ----a-w- d:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 10:45 81408 ----a-w- d:\windows\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 10:45 77824 ----a-w- d:\windows\system32\telnet.exe

2009-06-12 03:43 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2009-06-10 14:14 . 2004-08-04 10:45 85504 ----a-w- d:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2007-09-19 13:40 2066432 ----a-w- d:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 10:45 132096 ----a-w- d:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2004-08-04 10:45 1295872 ----a-w- d:\windows\system32\quartz.dll

2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-07-30 17:45 . 2009-02-27 15:11 122880 ----a-w- d:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-08 17:09 . 2009-04-05 21:55 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

------- Sigcheck -------

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\user32.dll

[-] 2009-07-21 23:37 579072 A9B36030497E98C29210E4544700649D d:\windows\system32\dllcache\user32.dll

[7] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 d:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 03:20 579072 A9B36030497E98C29210E4544700649D d:\windows\ServicePackFiles\i386\user32.dll

[7] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[7] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 03:20 579072 54907DB28872A7A6D3EE2B4747A23828 d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[7] 2004-08-04 10:45 577536 E0FF28447D1038DE106D1F2FDF851647 d:\windows\$NtUninstallKB890859$\user32.dll

[7] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 d:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\system32\winlogon.exe

[7] 2004-08-04 10:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 03:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE d:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 03:21 509952 71D440F79B711627B12B567FB2EADB42 d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 d:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 10:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 d:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 03:20 1542656 77F71BF6970EA10B4CC9AA1D45654AA0 d:\windows\ServicePackFiles\i386\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 03:20 1035776 064EC7FF5F58B928C3E119402977FA6D d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:45 15360 F40BC97996B8E53799EEF1D63996674B d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 03:20 40448 584450C5B2439571755D40444589C63D d:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 03:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\system32\comres.dll

[7] 2004-08-04 10:45 821760 FB93B504600DA3EC407ED0252EEF97AB d:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 03:20 1523712 3D762A3DE04DE62F1E4CCDF7CF2A66E1 d:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 03:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 d:\windows\NiwradSoft Shell Pack\Backup\comres.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\system32\comctl32.dll

[7] 2008-04-14 03:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll

[7] 2004-08-04 10:44 1050624 3680CF24C64348BFDC89E290790398E7 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 21:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 d:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 03:20 643072 302CD5BE4CA48200F9AC1C6074D71805 d:\windows\ServicePackFiles\i386\comctl32.dll

[7] 2008-04-14 03:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[7] 2004-08-04 10:45 611328 021631D9D0729D9E52300CCEACE4F054 d:\windows\$NtUninstallKB923191$\comctl32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"RemoveIT Pro v7Ent"="d:\arquivos de programas\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe" [2009-08-03 2185216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 30192]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"Malware Defender"="d:\arquivos de programas\malware defender\malwaredefender.exe" [2009-07-27 2181632]

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

UOL Voip.lnk - d:\arquivos de programas\UOL\UIM\uim.exe [2009-8-14 4362240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\Arquivos de programas\\Windows Live\\Messenger\\MSNMSGR.EXE

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"d:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v7 Enterprise\\removeit.exe"=

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys --> d:\windows\system32\DRIVERS\Lbd.sys [?]

S1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [27/07/2009 14:28 148496]

S1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [29/04/2009 21:02 148496]

S1 jafgomlk;jafgomlk;d:\windows\system32\drivers\jafgomlk.sys [22/08/2009 12:30 243200]

S1 lgalcafo;lgalcafo; [x]

S1 nlaljkbk;nlaljkbk;d:\windows\system32\drivers\nlaljkbk.sys [21/08/2009 22:56 243200]

S1 RemoveAny;RemoveAny driver;d:\windows\system32\drivers\RemoveAny.sys [24/04/2009 09:11 11264]

S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [14/08/2009 16:47 108289]

S2 GbpSv;Gbp Service; [x]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloProductUpdate;iolo Product Update Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S2 MalwareDefenderService;Malware Defender Service;d:\arquivos de programas\Malware Defender\mdservice.exe [27/07/2009 00:51 84992]

S3 0474A;0474A; [x]

S3 1de49;1de49; [x]

S3 40e4E;40e4E; [x]

S3 5dc48;5dc48; [x]

S3 72568;72568;d:\windows\system32\72568.sys [15/08/2009 19:06 54624]

S3 7d050;7d050; [x]

S3 9235D;9235D;d:\windows\system32\9235D.sys [15/08/2009 18:51 54624]

S3 9674F;9674F; [x]

S3 c4c43;c4c43; [x]

S3 c5744;c5744; [x]

S3 f4845;f4845; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286;d:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [11/04/2009 15:38 30192]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

2009-08-22 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

Notify- GbPluginCef - d:\arquivos de programas\GBPLUGIN\gbiehcef.dll

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uLocal Page =

uDefault_Search_URL =

mWindow Title =

mLocal Page =

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\components\GoogleDesktopMozilla.dll

FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

------- Associação de arquivos/ficheiros -------

.

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

txtfile=Notepad.exe "%1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-22 19:26

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(588)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(644)

d:\windows\system32\SETUPAPI.dll

.

Tempo para conclusão: 2009-08-22 19:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-22 22:29

ComboFix2.txt 2009-08-20 17:15

ComboFix3.txt 2009-08-20 15:46

Pré-execução: 16 pasta(s) 39.042.580.480 bytes disponíveis

Pós execução: 16 pasta(s) 38.503.874.560 bytes disponíveis

348 --- E O F --- 2009-08-14 03:01

Obrigado

Silas Martins · Agosto 23, 2009

Olá, sinto informar mais como você não segue um padrão, e roda ferramentas sem indicação do analista iriei arquivar seu caso.

Caso você discorde dessa decisão é um direito seu abrir um novo tópico. Porém o que indico é que prossiga em um só fórum.

Sem mais delongas.

Caso Arquivado

Silas Martins · Agosto 23, 2009

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Entrar

Arquivado

[Arquivado] Infecções removidas recentemente voltaram

Recommended Posts

EDSSX 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Silas Martins 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

EDSSX 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Silas Martins 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

EDSSX 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Silas Martins 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Silas Martins 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP+Codeigniter - Teclas para Salvar (atalho)

Javascript - Passar Parâmetros para uma Função.

Tem como JS executar/chamar um programa externo?

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante