Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
mc12366

c:\windows\system32\nmdfgds0.dll

Recommended Posts

DS (Ver_09-03-16.01) - NTFSx86

Run by Michael at 20:34:44,67 on qua 25/03/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.222.50 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Office Mouse Driver\MouseDrv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - c:\arquiv~1\freshd~1\freshd~1\FDCatch.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {6ef05952-b48d-4944-aa91-57a6a1a48ef8} - c:\arquivos de programas\puxa rápido\IEBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\arquivos de programas\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\arquivos de programas\windows live toolbar\msntb.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\googletoolbar1.dll

TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\arquiv~1\freshd~1\freshd~1\fdiebar.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [AlcoholAutomount] "c:\arquivos de programas\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [kamsoft] c:\windows\system32\ckvo.exe

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun

uRun: [Azureus Ultra Accelerator] "c:\arquivos de programas\azureus ultra accelerator\Azureus Ultra Accelerator.exe" -tray

uRun: [cdoosoft] c:\windows\system32\olhrwef.exe

mRun: [RaidTool] c:\arquivos de programas\via\raid\raid_t

mRun: [VTTimer] VTTimer.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [WireLessMouse] c:\arquivos de programas\office mouse driver\StartAutorun.exe MouseDrv.exe

mRun: [PPXB Agent] c:\windows\system32\28463\PPXB.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_05\bin\jusched.exe"

mRun: [MULTIMEDIA KEYBOARD] c:\arquivos de programas\netropa\multimedia keyboard\MMKeybd.exe

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [NWEReboot]

mRun: [soundMan] SOUNDMAN.EXE

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [Atualizador - Puxa Rápido] c:\arquivos de programas\puxa rápido\Atualiza.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~2.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\AdobeCollabSync.exe

IE: &Windows Live Search - c:\arquivos de programas\windows live toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\freshdevices\freshdownload\fd.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231344667388

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\dadosd~1\mozilla\firefox\profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-13 96520]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-4 26184]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-2-17 6656]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-5-13 282904]

R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\netropa\multimedia keyboard\nhksrv.exe [2008-2-17 28672]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-7-28 6528]

S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-3-22 133104]

S3 dump_wmimmc;dump_wmimmc;\??\c:\level up! games\maplestory\gameguard\dump_wmimmc.sys --> c:\level up! games\maplestory\gameguard\dump_wmimmc.sys [?]

S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\michael\desktop\os melhores haks do brasil\kit_hack_by_rock_lee\kit hack by rock lee\kiki.sys --> c:\documents and settings\michael\desktop\os melhores haks do brasil\kit_hack_by_rock_lee\kit hack by rock lee\kiki.sys [?]

S3 Revolution1;Revolution1;\??\c:\documents and settings\michael\desktop\michael\hacks\revolution engine 5.3\revolution engine 5.3\shak3.sys --> c:\documents and settings\michael\desktop\michael\hacks\revolution engine 5.3\revolution engine 5.3\SHAK3.sys [?]

S3 SHAK31;SHAK31;\??\c:\documents and settings\michael\meus documentos\levelupgames\grand chase\revolution_4[1].2___flay___tutorial\revolution 4.2 + flay + tutorial\shak3.sys --> c:\documents and settings\michael\meus documentos\levelupgames\grand chase\revolution_4[1].2___flay___tutorial\revolution 4.2 + flay + tutorial\SHAK3.sys [?]

S3 Sinistro1;Sinistro1;\??\c:\documents and settings\michael\desktop\os melhores haks do brasil\shak3_2.2\sinistro.sys --> c:\documents and settings\michael\desktop\os melhores haks do brasil\shak3_2.2\Sinistro.sys [?]

=============== Created Last 30 ================

==================== Find3M ====================

2009-03-25 19:59 85,504 ---shr-- c:\windows\system32\ckvo0.dll

2009-03-21 07:44 85,504 ---shr-- c:\windows\system32\ckvo1.dll

2009-03-05 13:06 108,794 ---shr-- c:\windows\system32\olhrwef.exe

2009-02-12 14:54 108,565 ---shr-- C:\ur0.com

2009-02-08 06:07 348,804 a------- c:\windows\system32\perfh016.dat

2009-02-08 06:07 50,424 a------- c:\windows\system32\perfc016.dat

2009-01-21 06:33 108,869 ---shr-- C:\gy.exe

2009-01-17 18:29 499,712 a------- c:\windows\system32\msvcp71.dll

2009-01-17 18:29 348,160 a------- c:\windows\system32\msvcr71.dll

2009-01-15 19:29 108,940 ---shr-- C:\ve.exe

2007-06-06 14:02 872,809 ac------ c:\documents and settings\michael\TibiaBRCamLite-1.0.exe

2008-10-31 13:50 104,594 ---shr-- c:\windows\system32\ckvo.exe

2007-04-04 18:03 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 20:36:03,57 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,


  • NOTa: Desactive temporariamente os seus programas de proteção.

[*]Faça o download FixIEDef.exe by ShadowPuterDude para o seu desktop.

[*]Dê duplo-clique em FixIEDef.exe:

fixiedef_zip.png

[*]Irá abrir a janela do FixIEDef, clique ]OK:

about_fixiedef.png

[*]Clique no botão Scan!:

press_scan.png

[*]A ferramenta terá de ser rodada em conta com previlégios de administrador. Esta mensagem confirma que está apto a rodar a ferramenta numa conta de administração. Clique OK:

fixiedef_alert.png

[*]Aguarde que o scan seja efectuado e terminado:

FixIEDef_FileScan.png

fixiedef_scanning.png

  • Atenção: FixIEDef irá terminar o Internet Explorer e Explorer caso estejam rodando. Os icones do desktop e Menu Iniciar não estarão visiveis enquanto a ferramenta estiver rodando.

Depois de TUDO terminado, aparecerá a mensagem de aviso, clique Exit:
all_finished.png
Cole o conteúdo do log do FixIEDef, que estará localizado no seu Desktop, juntamente com um novo log do HijackThis.
Nota : process.exe é detectado como "RiskTool" por alguns programas antivirus (AntiVir, Dr.Web, Kaspersky); não é um virus, mas um programa usado para parar os processos do sistema. Os programas antivirus não conseguem distinguir quais são os "bons" e os "maliciosos" que usam estes programas, por isso poderá ser alertado pelo seu antivirus, mas simplesmente ignore esse alerta.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ********************************************************************************

    * *

    * FixIEDef Log *

    * Version 1.7.22.7514 *

    * *

    ********************************************************************************

    Created at 13:39:56 on Thursday, March 26, 2009

    Time Zone :

    Logged On User : Michael

    Operating System : Microsoft Windows XP Home Edition Service Pack 2

    OS Architecture : X86

    System Langauge : Portuguese (Brazilian)

    Keyboard Layout : Portuguese (Brazilian)

    Processor : X86 Intel® Pentium® 4 CPU 2.40GHz

    System Drive : C:\

    Windows Directory : C:\WINDOWS

    System Directory : C:\WINDOWS\system32

    System Drive Type : Fixed

    System Drive Status : READY

    System Drive Label :

    System Drive Size : 39.2 GB

    System Drive Free : 12.83 GB

    Total Physical Memory: 222 MB

    Free Physical Memory : 35 MB

    Total Page File : 222 MB

    Free Page File : 3945 MB

    Total Virtual Memory : 2048 MB

    Free Virtual Memory : 1969 MB

    Boot State : Normal boot

    --------------------------------------------------------------------------------

    !!! userinit.exe is Clean !!!

    --------------------------------------------------------------------------------

    !!! Files that have been deleted !!!

    C:\autorun.inf

    --------------------------------------------------------------------------------

    !!! Directories that have been removed !!!

    No malicious directories to be removed

    --------------------------------------------------------------------------------

    !!! Registry entries that have been removed !!!

    No malicious Registry entries found

    ================================================================================

    All Done :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    [*]Duplo clique no icone desktopicon.png que está no desktop.

    [*]Leia e aceite as condições, digitando 1 e enter.

    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.

    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

    [*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá,

    O ComboFix diz que o AVG Anti-Virus Free esta ativado, mais eu já fechei no canto da tela e também no Gereciador de Tarefas o Anti-Virus..

    Posso fazer o log, mesmo dizendo isso?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-03-26.03 - Michael 2009-03-27 18:58:22.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.38 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    FW: Norton Internet Worm Protection *disabled*

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Autorun.inf

    C:\minm.cmd

    c:\windows\system\oeminfo.ini

    c:\windows\system32\28463

    c:\windows\system32\28463\Dec_01_2007__12_06_18.jpg

    c:\windows\system32\28463\Dec_01_2007__12_16_18.jpg

    c:\windows\system32\28463\Dec_01_2007__12_26_18.jpg

    c:\windows\system32\28463\Dec_07_2007__20_26_16.jpg

    c:\windows\system32\28463\Dec_07_2007__20_36_16.jpg

    c:\windows\system32\28463\Dec_07_2007__20_46_16.jpg

    c:\windows\system32\28463\Dec_07_2007__21_06_17.jpg

    c:\windows\system32\28463\Dec_07_2007__21_16_17.jpg

    c:\windows\system32\28463\Dec_07_2007__21_26_17.jpg

    c:\windows\system32\28463\Dec_07_2007__21_46_18.jpg

    c:\windows\system32\28463\Dec_10_2007__18_01_02.jpg

    c:\windows\system32\28463\Dec_10_2007__18_11_02.jpg

    c:\windows\system32\28463\Dec_10_2007__18_21_02.jpg

    c:\windows\system32\28463\Dec_10_2007__18_31_02.jpg

    c:\windows\system32\28463\Dec_10_2007__18_41_02.jpg

    c:\windows\system32\28463\Dec_11_2007__11_16_02.jpg

    c:\windows\system32\28463\Dec_11_2007__11_26_02.jpg

    c:\windows\system32\28463\Dec_11_2007__11_36_02.jpg

    c:\windows\system32\28463\Dec_11_2007__11_46_03.jpg

    c:\windows\system32\28463\Dec_17_2007__18_45_14.jpg

    c:\windows\system32\28463\Dec_21_2007__14_22_24.jpg

    c:\windows\system32\28463\Dec_21_2007__14_32_25.jpg

    c:\windows\system32\28463\Dec_21_2007__14_42_25.jpg

    c:\windows\system32\28463\Dec_21_2007__14_52_25.jpg

    c:\windows\system32\28463\Dec_21_2007__15_02_25.jpg

    c:\windows\system32\28463\Dec_21_2007__15_12_25.jpg

    c:\windows\system32\28463\Dec_26_2007__15_55_49.jpg

    c:\windows\system32\28463\Dec_28_2007__12_46_39.jpg

    c:\windows\system32\28463\Dec_28_2007__12_56_39.jpg

    c:\windows\system32\28463\Dec_28_2007__13_06_40.jpg

    c:\windows\system32\28463\Dec_29_2007__18_28_19.jpg

    c:\windows\system32\28463\Dec_30_2007__09_38_02.jpg

    c:\windows\system32\28463\Dec_31_2007__16_32_55.jpg

    c:\windows\system32\28463\Dec_31_2007__16_43_02.jpg

    c:\windows\system32\28463\Feb_29_2004__02_01_33.jpg

    c:\windows\system32\28463\Feb_29_2004__02_11_33.jpg

    c:\windows\system32\28463\Feb_29_2004__02_21_35.jpg

    c:\windows\system32\28463\Feb_29_2004__02_31_47.jpg

    c:\windows\system32\28463\Jan_06_2008__19_24_06.jpg

    c:\windows\system32\28463\Jan_12_2008__00_05_00.jpg

    c:\windows\system32\28463\Jan_12_2008__00_46_40.jpg

    c:\windows\system32\28463\Jan_12_2008__00_56_40.jpg

    c:\windows\system32\28463\Jan_12_2008__01_06_40.jpg

    c:\windows\system32\28463\Jan_16_2008__05_56_10.jpg

    c:\windows\system32\28463\Mar_01_2004__01_11_19.jpg

    c:\windows\system32\28463\Mar_01_2004__01_21_19.jpg

    c:\windows\system32\28463\Mar_01_2004__01_31_19.jpg

    c:\windows\system32\28463\Mar_01_2004__07_57_22.jpg

    c:\windows\system32\28463\Mar_01_2004__08_07_22.jpg

    c:\windows\system32\28463\Mar_01_2004__08_17_22.jpg

    c:\windows\system32\28463\Mar_01_2004__08_20_12.jpg

    c:\windows\system32\28463\Mar_01_2004__08_27_22.jpg

    c:\windows\system32\28463\Mar_01_2004__13_48_31.jpg

    c:\windows\system32\28463\Mar_02_2004__01_09_15.jpg

    c:\windows\system32\28463\Mar_02_2004__01_19_16.jpg

    c:\windows\system32\28463\Nov_04_2007__02_07_25.jpg

    c:\windows\system32\28463\Nov_08_2007__21_59_08.jpg

    c:\windows\system32\28463\Nov_17_2007__18_49_16.jpg

    c:\windows\system32\28463\Nov_17_2007__18_59_16.jpg

    c:\windows\system32\28463\Nov_20_2007__05_44_46.jpg

    c:\windows\system32\28463\Nov_22_2007__15_37_35.jpg

    c:\windows\system32\28463\Nov_29_2007__16_33_52.jpg

    c:\windows\system32\28463\Nov_29_2007__16_53_52.jpg

    c:\windows\system32\28463\Nov_29_2007__17_14_04.jpg

    c:\windows\system32\28463\Nov_29_2007__17_34_27.jpg

    c:\windows\system32\28463\Nov_29_2007__17_44_27.jpg

    c:\windows\system32\28463\Nov_29_2007__17_54_27.jpg

    c:\windows\system32\28463\Nov_29_2007__18_04_27.jpg

    c:\windows\system32\28463\Nov_29_2007__18_14_32.jpg

    c:\windows\system32\28463\Nov_29_2007__18_44_48.jpg

    c:\windows\system32\28463\Nov_30_2007__14_52_55.jpg

    c:\windows\system32\28463\Nov_30_2007__15_02_55.jpg

    c:\windows\system32\28463\Nov_30_2007__15_12_55.jpg

    c:\windows\system32\28463\Nov_30_2007__15_22_55.jpg

    c:\windows\system32\28463\Nov_30_2007__15_32_56.jpg

    c:\windows\system32\28463\Nov_30_2007__15_42_58.jpg

    c:\windows\system32\28463\Oct_23_2007__17_46_00.jpg

    c:\windows\system32\28463\Oct_23_2007__18_06_08.jpg

    c:\windows\system32\28463\Oct_23_2007__18_26_14.jpg

    c:\windows\system32\28463\Oct_23_2007__18_44_16.jpg

    c:\windows\system32\28463\PPXB.001

    c:\windows\system32\28463\PPXB.002

    c:\windows\system32\28463\PPXB.002.tmp

    c:\windows\system32\28463\PPXB.005

    c:\windows\system32\28463\PPXB.006

    c:\windows\system32\28463\PPXB.007

    c:\windows\system32\28463\PPXB.009

    c:\windows\system32\28463\Sep_22_2007__15_10_50.jpg

    c:\windows\system32\28463\Sep_23_2007__15_56_18.jpg

    c:\windows\system32\28463\Sep_23_2007__16_06_18.jpg

    c:\windows\system32\28463\Sep_23_2007__16_36_25.jpg

    c:\windows\system32\28463\Sep_23_2007__16_46_29.jpg

    c:\windows\system32\28463\Sep_23_2007__16_56_31.jpg

    c:\windows\system32\28463\Sep_23_2007__17_06_33.jpg

    c:\windows\system32\28463\Sep_23_2007__17_16_35.jpg

    c:\windows\system32\28463\Sep_23_2007__17_26_35.jpg

    c:\windows\system32\28463\Sep_23_2007__17_36_35.jpg

    c:\windows\system32\28463\Sep_23_2007__17_56_47.jpg

    c:\windows\system32\28463\Sep_23_2007__18_06_48.jpg

    c:\windows\system32\28463\Sep_23_2007__18_26_51.jpg

    c:\windows\system32\28463\Sep_23_2007__18_36_53.jpg

    c:\windows\system32\28463\Sep_23_2007__18_46_53.jpg

    c:\windows\system32\28463\Sep_23_2007__18_56_53.jpg

    c:\windows\system32\28463\Sep_30_2007__10_15_28.jpg

    c:\windows\system32\ckvo.exe

    c:\windows\system32\ckvo0.dll

    c:\windows\system32\ckvo1.dll

    c:\windows\system32\ibestunz.dll

    c:\windows\system32\MRT.exe

    c:\windows\system32\olhrwef.exe

    C:\xih9.cmd

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    2009-03-07 14:44 . 2009-03-07 14:44 <DIR> d-------- c:\windows\Sun

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2009-02-13 20:32 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

    2009-02-12 17:54 108,565 --sh--r C:\ur0.com

    2009-02-01 16:04 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

    2009-01-21 09:33 108,869 --sh--r C:\gy.exe

    2009-01-17 21:29 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-01-17 21:29 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2009-01-15 22:29 108,940 --sh--r C:\ve.exe

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    R3 dump_wmimmc;dump_wmimmc; [x]

    R3 KIKIDRIVER;KIKIDRIVER; [x]

    R3 Revolution1;Revolution1; [x]

    R3 SHAK31;SHAK31; [x]

    R3 Sinistro1;Sinistro1; [x]

    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

    S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

    S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

    S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

    S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

    --- ---

    *Deregistered* - ALG

    *Deregistered* - AudioSrv

    *Deregistered* - avg8wd

    *Deregistered* - BITS

    *Deregistered* - Browser

    *Deregistered* - CryptSvc

    *Deregistered* - DcomLaunch

    *Deregistered* - Dhcp

    *Deregistered* - Dnscache

    *Deregistered* - ERSvc

    *Deregistered* - EventSystem

    *Deregistered* - FastUserSwitchingCompatibility

    *Deregistered* - gupdate1c9ab118ee411f8

    *Deregistered* - helpsvc

    *Deregistered* - HidServ

    *Deregistered* - ImapiService

    *Deregistered* - Irmon

    *Deregistered* - lanmanserver

    *Deregistered* - lanmanworkstation

    *Deregistered* - LmHosts

    *Deregistered* - Netman

    *Deregistered* - nhksrv

    *Deregistered* - Nla

    *Deregistered* - npkcrypt

    *Deregistered* - Ntfs

    *Deregistered* - Null

    *Deregistered* - NwlnkIpx

    *Deregistered* - NwlnkNb

    *Deregistered* - NwlnkSpx

    *Deregistered* - NwSapAgent

    *Deregistered* - PartMgr

    *Deregistered* - ParVdm

    *Deregistered* - PCIIde

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - PptpMiniport

    *Deregistered* - ProtectedStorage

    *Deregistered* - PSched

    *Deregistered* - RasAcd

    *Deregistered* - Rasirda

    *Deregistered* - Rasl2tp

    *Deregistered* - RasMan

    *Deregistered* - RasPppoe

    *Deregistered* - Raspti

    *Deregistered* - Rdbss

    *Deregistered* - RDPCDD

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - Secdrv

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - sptd

    *Deregistered* - sr

    *Deregistered* - srservice

    *Deregistered* - Srv

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - swenum

    *Deregistered* - TapiSrv

    *Deregistered* - Tcpip

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - Update

    *Deregistered* - VgaSave

    *Deregistered* - VolSnap

    *Deregistered* - W32Time

    *Deregistered* - Wanarp

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3294cb8a-d265-11dd-ba1c-f83c1c4bc97d}]

    \Shell\AutoRun\command - F:\xih9.cmd

    \Shell\explore\Command - F:\xih9.cmd

    \Shell\open\Command - F:\xih9.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c5da576-5134-11db-b4b3-00142afd0d64}]

    \Shell\AutoRun\command - G:\xih9.cmd

    \Shell\explore\Command - G:\xih9.cmd

    \Shell\open\Command - G:\xih9.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]

    \Shell\AutoRun\command - F:\xih9.cmd

    \Shell\explore\Command - F:\xih9.cmd

    \Shell\open\Command - F:\xih9.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]

    \Shell\AutoRun\command - G:\xih9.cmd

    \Shell\explore\Command - G:\xih9.cmd

    \Shell\open\Command - G:\xih9.cmd

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-03-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    HKCU-Run-Azureus Ultra Accelerator - c:\arquivos de programas\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe

    HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

    HKLM-Run-PPXB Agent - c:\windows\system32\28463\PPXB.exe

    HKLM-Run-Atualizador - Puxa Rápido - c:\arquivos de programas\Puxa Rápido\Atualiza.exe

    HKLM-Run-NWEReboot - (no file)

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    mDefault_Search_URL = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    mSearchAssistant = hxxp://www.google.com/ie

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-27 19:06:59

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\HPZipm12.exe

    c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\windows\system32\wscntfy.exe

    c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

    c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

    c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-03-27 19:15:37 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-03-27 22:15:22

    Pré-execução: 21 pasta(s) 13.286.957.056 bytes disponíveis

    Pós execução: 20 pasta(s) 15,282,511,872 bytes disponíveis

    WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    404

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Conecte o seu pendrive ao computador, mas não execute nada dele!

    ( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    ( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


    File::
    C:\ur0.com
    C:\gy.exe
    C:\ve.exe
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3294cb8a-d265-11dd-ba1c-f83c1c4bc97d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c5da576-5134-11db-b4b3-00142afd0d64}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]
    
    

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-03-26.03 - Michael 2009-03-28 13:05:34.2 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.44 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    FILE ::

    C:\gy.exe

    C:\ur0.com

    C:\ve.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\gy.exe

    C:\ur0.com

    C:\ve.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    2009-03-07 14:44 . 2009-03-07 14:44 <DIR> d-------- c:\windows\Sun

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2009-02-13 20:32 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

    2009-02-01 16:04 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

    2009-01-17 21:29 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-01-17 21:29 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-13 96520]

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-02-17 6656]

    R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2008-02-17 28672]

    R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-07-28 6528]

    S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys [?]

    S3 Revolution1;Revolution1;\??\c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys --> c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys [?]

    S3 SHAK31;SHAK31;\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys --> c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys [?]

    S3 Sinistro1;Sinistro1;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys [?]

    --- ---

    *Deregistered* - NwSapAgent

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - ProtectedStorage

    *Deregistered* - RasMan

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - srservice

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - TapiSrv

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - usnjsvc

    *Deregistered* - W32Time

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-03-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-28 13:12:43

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(768)

    c:\windows\system32\avgrsstx.dll

    .

    Tempo para conclusão: 2009-03-28 13:17:34

    ComboFix-quarantined-files.txt 2009-03-28 16:17:25

    Pré-execução: 21 pasta(s) 15,156,596,736 bytes disponíveis

    Pós execução: 20 pasta(s) 15,192,961,024 bytes disponíveis

    197

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não conectei meu pendrive, porque ele não se encontrar comigo...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • É pra fazer novamente?

    -----

    Desculpa pelo Double

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Baixe o ATF-Cleaner.

    • Clique em ATF-Cleaner.exe .
    • Em "Select Files To Delete", marque Select All.
    • Clique em Empty Selected.
    • Na janela Done Cleaning dê o OK e Exit.

    Atenção: Se utiliza o Firefox:

    • No topo clique em Firefox e escolha: Select All
    • Depois, clique em Empty Selected.

    Atenção: Se utiliza o Opera:

    • No topo clique em Opera e escolha: Select All
    • Depois, clique em Empty Selected.

    Temporariamente desactive o seu anti-virus!

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

      [*]Gere e cole também um novo log do DDS.

    Abraços

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não deu pra fazer agora, porque trava em 44 mb em media... Dia 31 de março, vou tira uma tarde pra tentar fazer essa atualização. :huh:

    Muito Obrigado. :wub:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpa pela demora, fiquei de castigo + provas =x sabe como é estudante... :D

    O Scan online não pegou aqui não...tem uma parte que é em 1kb em 1kb, esperei um tempo bom.. e nada, testei no firefox e no google chrome(mais não pego, causa dos requesitos.)

    Ai como meu amigo me devolveu meus pendrives...

    Postei o log..não sei se fiz certo fazer o log sem tua ordens(o log estas ai abaixo) =p

    Então.. amanha a tarde estarem a tarde todinhaaa *-* pra fazer o que tu mandas..

    Muito Obrigado Lusitano.

    (Topico InFormal)

    ComboFix 09-03-26.03 - Michael 2009-04-13 20:56:14.3 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.53 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    FW: Norton Internet Worm Protection *disabled*

    * Criado um novo ponto de restauro

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    FILE ::

    C:\gy.exe

    C:\ur0.com

    C:\ve.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Autorun.inf

    c:\windows\system32\ckvo.exe

    c:\windows\system32\ckvo0.dll

    c:\windows\system32\olhrwef.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-04-12 20:42 . 2008-10-31 13:50 104,594 -r-hs---- C:\xih9.cmd

    2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

    2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

    2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

    2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

    2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

    2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

    2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

    2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

    2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

    2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

    2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-13 23:43 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

    2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.12.52.85 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2001-12-20 12:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

    + 2001-12-20 13:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

    - 2008-11-10 15:28:01 216,856 ----a-w c:\windows\system32\FNTCACHE.DAT

    + 2009-04-04 09:52:04 218,448 ----a-w c:\windows\system32\FNTCACHE.DAT

    - 2008-02-22 04:23:35 135,168 -c--a-w c:\windows\system32\java.exe

    + 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\java.exe

    - 2008-02-22 04:23:39 135,168 -c--a-w c:\windows\system32\javaw.exe

    + 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\javaw.exe

    - 2008-02-22 05:33:32 139,264 -c--a-w c:\windows\system32\javaws.exe

    + 2009-03-29 09:33:39 148,888 ----a-w c:\windows\system32\javaws.exe

    - 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

    + 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

    - 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

    + 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

    - 2009-01-07 16:52:44 84,661 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

    + 2009-04-11 15:42:02 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

    - 2002-07-11 10:47:10 98,304 -c--a-w c:\windows\system32\msikbd.dll

    + 2002-07-11 11:47:10 98,304 ----a-w c:\windows\system32\msikbd.dll

    - 2000-06-08 05:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

    + 2000-06-08 06:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

    - 2009-01-17 21:29:07 278,528 ----a-w c:\windows\system32\pncrt.dll

    + 2009-04-05 10:59:46 278,528 ----a-w c:\windows\system32\pncrt.dll

    - 2009-01-17 21:29:23 6,656 ----a-w c:\windows\system32\pndx5016.dll

    + 2009-04-05 11:00:19 6,656 ----a-w c:\windows\system32\pndx5016.dll

    - 2009-01-17 21:29:24 5,632 ----a-w c:\windows\system32\pndx5032.dll

    + 2009-04-05 11:00:19 5,632 ----a-w c:\windows\system32\pndx5032.dll

    - 2009-01-17 21:30:09 185,920 ----a-w c:\windows\system32\rmoc3260.dll

    + 2009-04-05 11:00:45 185,920 ----a-w c:\windows\system32\rmoc3260.dll

    + 2009-04-13 23:59:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4bc.dat

    .

    -- Snapshot resetado para data atual --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    "cdoosoft"="c:\windows\system32\olhrwef.exe" [bU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    R3 KIKIDRIVER;KIKIDRIVER; [x]

    R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

    R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

    R3 Revolution1;Revolution1; [x]

    R3 SHAK31;SHAK31; [x]

    R3 Sinistro1;Sinistro1; [x]

    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

    S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

    S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

    S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

    S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

    --- ---

    *Deregistered* - AFD

    *Deregistered* - ALG

    *Deregistered* - AudioSrv

    *Deregistered* - audstub

    *Deregistered* - avg8wd

    *Deregistered* - AvgLdx86

    *Deregistered* - AvgMfx86

    *Deregistered* - Beep

    *Deregistered* - BITS

    *Deregistered* - Browser

    *Deregistered* - Cdfs

    *Deregistered* - CryptSvc

    *Deregistered* - DcomLaunch

    *Deregistered* - Dhcp

    *Deregistered* - Dnscache

    *Deregistered* - ERSvc

    *Deregistered* - EventSystem

    *Deregistered* - Fastfat

    *Deregistered* - FastUserSwitchingCompatibility

    *Deregistered* - Fips

    *Deregistered* - FltMgr

    *Deregistered* - Ftdisk

    *Deregistered* - Gpc

    *Deregistered* - gupdate1c9ab118ee411f8

    *Deregistered* - hamachi

    *Deregistered* - helpsvc

    *Deregistered* - HidServ

    *Deregistered* - HTTP

    *Deregistered* - ImapiService

    *Deregistered* - IpNat

    *Deregistered* - IPSec

    *Deregistered* - irda

    *Deregistered* - Irmon

    *Deregistered* - JavaQuickStarterService

    *Deregistered* - Kbdclass

    *Deregistered* - KSecDD

    *Deregistered* - lanmanserver

    *Deregistered* - lanmanworkstation

    *Deregistered* - LmHosts

    *Deregistered* - mdmxsdk

    *Deregistered* - mnmdd

    *Deregistered* - Mouclass

    *Deregistered* - MountMgr

    *Deregistered* - MRxDAV

    *Deregistered* - MRxSmb

    *Deregistered* - Msfs

    *Deregistered* - mssmbios

    *Deregistered* - Mup

    *Deregistered* - NDIS

    *Deregistered* - NdisTapi

    *Deregistered* - Ndisuio

    *Deregistered* - NdisWan

    *Deregistered* - NDProxy

    *Deregistered* - NetBIOS

    *Deregistered* - NetBT

    *Deregistered* - Netman

    *Deregistered* - nhksrv

    *Deregistered* - Nla

    *Deregistered* - Npfs

    *Deregistered* - Ntfs

    *Deregistered* - Null

    *Deregistered* - NwlnkIpx

    *Deregistered* - NwlnkNb

    *Deregistered* - NwlnkSpx

    *Deregistered* - NwSapAgent

    *Deregistered* - PartMgr

    *Deregistered* - ParVdm

    *Deregistered* - PCIIde

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - PptpMiniport

    *Deregistered* - ProtectedStorage

    *Deregistered* - PSched

    *Deregistered* - RasAcd

    *Deregistered* - Rasirda

    *Deregistered* - Rasl2tp

    *Deregistered* - RasMan

    *Deregistered* - RasPppoe

    *Deregistered* - Raspti

    *Deregistered* - Rdbss

    *Deregistered* - RDPCDD

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - Secdrv

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - sptd

    *Deregistered* - sr

    *Deregistered* - srservice

    *Deregistered* - Srv

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - swenum

    *Deregistered* - TapiSrv

    *Deregistered* - Tcpip

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - Update

    *Deregistered* - VgaSave

    *Deregistered* - VolSnap

    *Deregistered* - W32Time

    *Deregistered* - Wanarp

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - WmiApSrv

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

    FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-13 21:04:42

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\HPZipm12.exe

    c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\windows\system32\wscntfy.exe

    c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

    c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

    c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-13 21:12:29 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-04-14 00:12:15

    ComboFix2.txt 2009-03-28 16:17:43

    Pré-execução: 21 pasta(s) 12.360.454.144 bytes disponíveis

    Pós execução: 20 pasta(s) 12,489,846,784 bytes disponíveis

    356

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpa pela demora, fiquei de castigo + provas =x sabe como é estudante... :D

    O Scan online não pegou aqui não...tem uma parte que é em 1kb em 1kb, esperei um tempo bom.. e nada, testei no firefox e no google chrome(mais não pego, causa dos requesitos.)

    Ai como meu amigo me devolveu meus pendrives...

    Postei o log..não sei se fiz certo fazer o log sem tua ordens(o log estas ai abaixo) =p

    Então.. amanha a tarde estarem a tarde todinhaaa *-* pra fazer o que tu mandas..

    Muito Obrigado Lusitano.

    (Topico InFormal)

    ComboFix 09-03-26.03 - Michael 2009-04-13 20:56:14.3 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.53 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    FW: Norton Internet Worm Protection *disabled*

    * Criado um novo ponto de restauro

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    FILE ::

    C:\gy.exe

    C:\ur0.com

    C:\ve.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Autorun.inf

    c:\windows\system32\ckvo.exe

    c:\windows\system32\ckvo0.dll

    c:\windows\system32\olhrwef.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-04-12 20:42 . 2008-10-31 13:50 104,594 -r-hs---- C:\xih9.cmd

    2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

    2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

    2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

    2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

    2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

    2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

    2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

    2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

    2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

    2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

    2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-13 23:43 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

    2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.12.52.85 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2001-12-20 12:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

    + 2001-12-20 13:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

    - 2008-11-10 15:28:01 216,856 ----a-w c:\windows\system32\FNTCACHE.DAT

    + 2009-04-04 09:52:04 218,448 ----a-w c:\windows\system32\FNTCACHE.DAT

    - 2008-02-22 04:23:35 135,168 -c--a-w c:\windows\system32\java.exe

    + 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\java.exe

    - 2008-02-22 04:23:39 135,168 -c--a-w c:\windows\system32\javaw.exe

    + 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\javaw.exe

    - 2008-02-22 05:33:32 139,264 -c--a-w c:\windows\system32\javaws.exe

    + 2009-03-29 09:33:39 148,888 ----a-w c:\windows\system32\javaws.exe

    - 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

    + 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

    - 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

    + 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

    - 2009-01-07 16:52:44 84,661 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

    + 2009-04-11 15:42:02 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

    - 2002-07-11 10:47:10 98,304 -c--a-w c:\windows\system32\msikbd.dll

    + 2002-07-11 11:47:10 98,304 ----a-w c:\windows\system32\msikbd.dll

    - 2000-06-08 05:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

    + 2000-06-08 06:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

    - 2009-01-17 21:29:07 278,528 ----a-w c:\windows\system32\pncrt.dll

    + 2009-04-05 10:59:46 278,528 ----a-w c:\windows\system32\pncrt.dll

    - 2009-01-17 21:29:23 6,656 ----a-w c:\windows\system32\pndx5016.dll

    + 2009-04-05 11:00:19 6,656 ----a-w c:\windows\system32\pndx5016.dll

    - 2009-01-17 21:29:24 5,632 ----a-w c:\windows\system32\pndx5032.dll

    + 2009-04-05 11:00:19 5,632 ----a-w c:\windows\system32\pndx5032.dll

    - 2009-01-17 21:30:09 185,920 ----a-w c:\windows\system32\rmoc3260.dll

    + 2009-04-05 11:00:45 185,920 ----a-w c:\windows\system32\rmoc3260.dll

    + 2009-04-13 23:59:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4bc.dat

    .

    -- Snapshot resetado para data atual --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    "cdoosoft"="c:\windows\system32\olhrwef.exe" [bU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    R3 KIKIDRIVER;KIKIDRIVER; [x]

    R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

    R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

    R3 Revolution1;Revolution1; [x]

    R3 SHAK31;SHAK31; [x]

    R3 Sinistro1;Sinistro1; [x]

    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

    S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

    S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

    S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

    S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

    --- ---

    *Deregistered* - AFD

    *Deregistered* - ALG

    *Deregistered* - AudioSrv

    *Deregistered* - audstub

    *Deregistered* - avg8wd

    *Deregistered* - AvgLdx86

    *Deregistered* - AvgMfx86

    *Deregistered* - Beep

    *Deregistered* - BITS

    *Deregistered* - Browser

    *Deregistered* - Cdfs

    *Deregistered* - CryptSvc

    *Deregistered* - DcomLaunch

    *Deregistered* - Dhcp

    *Deregistered* - Dnscache

    *Deregistered* - ERSvc

    *Deregistered* - EventSystem

    *Deregistered* - Fastfat

    *Deregistered* - FastUserSwitchingCompatibility

    *Deregistered* - Fips

    *Deregistered* - FltMgr

    *Deregistered* - Ftdisk

    *Deregistered* - Gpc

    *Deregistered* - gupdate1c9ab118ee411f8

    *Deregistered* - hamachi

    *Deregistered* - helpsvc

    *Deregistered* - HidServ

    *Deregistered* - HTTP

    *Deregistered* - ImapiService

    *Deregistered* - IpNat

    *Deregistered* - IPSec

    *Deregistered* - irda

    *Deregistered* - Irmon

    *Deregistered* - JavaQuickStarterService

    *Deregistered* - Kbdclass

    *Deregistered* - KSecDD

    *Deregistered* - lanmanserver

    *Deregistered* - lanmanworkstation

    *Deregistered* - LmHosts

    *Deregistered* - mdmxsdk

    *Deregistered* - mnmdd

    *Deregistered* - Mouclass

    *Deregistered* - MountMgr

    *Deregistered* - MRxDAV

    *Deregistered* - MRxSmb

    *Deregistered* - Msfs

    *Deregistered* - mssmbios

    *Deregistered* - Mup

    *Deregistered* - NDIS

    *Deregistered* - NdisTapi

    *Deregistered* - Ndisuio

    *Deregistered* - NdisWan

    *Deregistered* - NDProxy

    *Deregistered* - NetBIOS

    *Deregistered* - NetBT

    *Deregistered* - Netman

    *Deregistered* - nhksrv

    *Deregistered* - Nla

    *Deregistered* - Npfs

    *Deregistered* - Ntfs

    *Deregistered* - Null

    *Deregistered* - NwlnkIpx

    *Deregistered* - NwlnkNb

    *Deregistered* - NwlnkSpx

    *Deregistered* - NwSapAgent

    *Deregistered* - PartMgr

    *Deregistered* - ParVdm

    *Deregistered* - PCIIde

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - PptpMiniport

    *Deregistered* - ProtectedStorage

    *Deregistered* - PSched

    *Deregistered* - RasAcd

    *Deregistered* - Rasirda

    *Deregistered* - Rasl2tp

    *Deregistered* - RasMan

    *Deregistered* - RasPppoe

    *Deregistered* - Raspti

    *Deregistered* - Rdbss

    *Deregistered* - RDPCDD

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - Secdrv

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - sptd

    *Deregistered* - sr

    *Deregistered* - srservice

    *Deregistered* - Srv

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - swenum

    *Deregistered* - TapiSrv

    *Deregistered* - Tcpip

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - Update

    *Deregistered* - VgaSave

    *Deregistered* - VolSnap

    *Deregistered* - W32Time

    *Deregistered* - Wanarp

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - WmiApSrv

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

    FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

    FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-13 21:04:42

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\HPZipm12.exe

    c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\windows\system32\wscntfy.exe

    c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

    c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

    c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    c:\arquivos de programas\AVG\AVG8\avgrsx.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-13 21:12:29 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-04-14 00:12:15

    ComboFix2.txt 2009-03-28 16:17:43

    Pré-execução: 21 pasta(s) 12.360.454.144 bytes disponíveis

    Pós execução: 20 pasta(s) 12,489,846,784 bytes disponíveis

    356

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Conecte o seu pendrive, mas NÃO execute nada dele!

    ( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    ( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


    C:\xih9.cmd
    c:\windows\system32\olhrwef.exe
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdoosoft"=-
    File::

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

    ( 3 ) Faça o download de Panda USB Vaccine e salve no desktop.

    • Retire o arquivo do zip para o seu desktop. Será gerado uma novapasta com o nome: USBVaccine.
    • Duplo clique nessa pasta e depois dê duplo clique no arquivo USBVaccine.exe e clique em Run.
    • Clique no botão "Vaccinate computer".
    • Conecte agora o seu pendrive (USB). Quando o nome aparecer na caixa, clique no botão "Vaccinate USB".
    • Clique na seta vermelha para sair do programa.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-03-26.03 - Michael 2009-04-14 13:39:24.4 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.50 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    FW: Norton Internet Worm Protection *disabled*

    * Criado um novo ponto de restauro

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    FILE ::

    c:\windows\system32\olhrwef.exe

    C:\xih9.cmd

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\xih9.cmd

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-04-13 22:52 . 2009-04-13 22:52 713 --a------ c:\windows\system32\msexcr.ini

    2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

    2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

    2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

    2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

    2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

    2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

    2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

    2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

    2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

    2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

    2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-14 00:50 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-04-12 23:38 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

    2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-04-13_21.09.00.46 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-04-14 16:17:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_53c.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    R3 KIKIDRIVER;KIKIDRIVER; [x]

    R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

    R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

    R3 Revolution1;Revolution1; [x]

    R3 SHAK31;SHAK31; [x]

    R3 Sinistro1;Sinistro1; [x]

    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

    S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

    S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

    S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

    S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

    --- ---

    *Deregistered* - ALG

    *Deregistered* - AudioSrv

    *Deregistered* - avg8wd

    *Deregistered* - BITS

    *Deregistered* - Browser

    *Deregistered* - CryptSvc

    *Deregistered* - DcomLaunch

    *Deregistered* - Dhcp

    *Deregistered* - Dnscache

    *Deregistered* - ERSvc

    *Deregistered* - EventSystem

    *Deregistered* - FastUserSwitchingCompatibility

    *Deregistered* - gupdate1c9ab118ee411f8

    *Deregistered* - helpsvc

    *Deregistered* - HidServ

    *Deregistered* - HTTP

    *Deregistered* - ImapiService

    *Deregistered* - IpNat

    *Deregistered* - IPSec

    *Deregistered* - irda

    *Deregistered* - Irmon

    *Deregistered* - JavaQuickStarterService

    *Deregistered* - Kbdclass

    *Deregistered* - KSecDD

    *Deregistered* - lanmanserver

    *Deregistered* - lanmanworkstation

    *Deregistered* - LmHosts

    *Deregistered* - mdmxsdk

    *Deregistered* - mnmdd

    *Deregistered* - Mouclass

    *Deregistered* - MountMgr

    *Deregistered* - MRxDAV

    *Deregistered* - MRxSmb

    *Deregistered* - Msfs

    *Deregistered* - mssmbios

    *Deregistered* - Mup

    *Deregistered* - NDIS

    *Deregistered* - NdisTapi

    *Deregistered* - Ndisuio

    *Deregistered* - NdisWan

    *Deregistered* - NDProxy

    *Deregistered* - NetBIOS

    *Deregistered* - NetBT

    *Deregistered* - Netman

    *Deregistered* - nhksrv

    *Deregistered* - Nla

    *Deregistered* - Npfs

    *Deregistered* - Ntfs

    *Deregistered* - Null

    *Deregistered* - NwlnkIpx

    *Deregistered* - NwlnkNb

    *Deregistered* - NwlnkSpx

    *Deregistered* - NwSapAgent

    *Deregistered* - PartMgr

    *Deregistered* - ParVdm

    *Deregistered* - PCIIde

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - PptpMiniport

    *Deregistered* - ProtectedStorage

    *Deregistered* - PSched

    *Deregistered* - RasAcd

    *Deregistered* - Rasirda

    *Deregistered* - Rasl2tp

    *Deregistered* - RasMan

    *Deregistered* - RasPppoe

    *Deregistered* - Raspti

    *Deregistered* - Rdbss

    *Deregistered* - RDPCDD

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - Secdrv

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - sptd

    *Deregistered* - sr

    *Deregistered* - srservice

    *Deregistered* - Srv

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - swenum

    *Deregistered* - TapiSrv

    *Deregistered* - Tcpip

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - Update

    *Deregistered* - VgaSave

    *Deregistered* - VolSnap

    *Deregistered* - W32Time

    *Deregistered* - Wanarp

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - WmiApSrv

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]

    \Shell\AutoRun\command - F:\xih9.cmd

    \Shell\explore\Command - F:\xih9.cmd

    \Shell\open\Command - F:\xih9.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]

    \Shell\AutoRun\command - G:\xih9.cmd

    \Shell\explore\Command - G:\xih9.cmd

    \Shell\open\Command - G:\xih9.cmd

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-14 13:40:39

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(760)

    c:\windows\system32\avgrsstx.dll

    .

    Tempo para conclusão: 2009-04-14 13:45:46

    ComboFix-quarantined-files.txt 2009-04-14 16:45:37

    ComboFix2.txt 2009-04-14 00:12:37

    ComboFix3.txt 2009-03-28 16:17:43

    Pré-execução: 21 pasta(s) 12.472.131.584 bytes disponíveis

    Pós execução: 20 pasta(s) 12,463,362,048 bytes disponíveis

    301

    O numero 3, eu fiz perfetamente tambem.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Conecte o seu pendrive, mas não execute nada dele.

    ( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    ( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


    F:\xih9.cmd
    G:\xih9.cmd
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]
    File::

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 09-03-26.03 - Michael 2009-04-14 16:59:06.5 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.54 [GMT -3:00]

    Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    FW: Norton Internet Worm Protection *disabled*

    * Criado um novo ponto de restauro

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    FILE ::

    F:\xih9.cmd

    G:\xih9.cmd

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    F:\xih9.cmd

    G:\xih9.cmd

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

    .

    2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

    2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

    2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

    2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

    2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

    2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

    2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

    2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

    2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

    2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

    2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

    2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

    2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

    2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

    2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

    2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

    2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

    2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

    2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

    2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

    2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

    2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-04-14 19:49 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2009-04-12 23:38 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

    2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

    2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

    2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

    2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

    2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

    2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

    2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

    .

    ((((((((((((((((((((((((((((( SnapShot_2009-04-13_21.09.00.46 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-04-14 16:49:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_514.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

    "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

    "WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

    "MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

    "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

    "VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

    "c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7171:TCP"= 7171:TCP:TibiaOpenServer

    "90:TCP"= 90:TCP:Habbo

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-13 96520]

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-02-17 6656]

    R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

    R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2008-02-17 28672]

    R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-07-28 6528]

    S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

    S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys [?]

    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-04-02 131072]

    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-04-02 79104]

    S3 Revolution1;Revolution1;\??\c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys --> c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys [?]

    S3 SHAK31;SHAK31;\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys --> c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys [?]

    S3 Sinistro1;Sinistro1;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys [?]

    --- ---

    *Deregistered* - NwSapAgent

    *Deregistered* - Pml Driver HPZ12

    *Deregistered* - PolicyAgent

    *Deregistered* - ProtectedStorage

    *Deregistered* - RasMan

    *Deregistered* - RpcSs

    *Deregistered* - SamSs

    *Deregistered* - Schedule

    *Deregistered* - seclogon

    *Deregistered* - SENS

    *Deregistered* - SharedAccess

    *Deregistered* - ShellHWDetection

    *Deregistered* - Spooler

    *Deregistered* - srservice

    *Deregistered* - SSDPSRV

    *Deregistered* - StarWindServiceAE

    *Deregistered* - stisvc

    *Deregistered* - TapiSrv

    *Deregistered* - TermService

    *Deregistered* - Themes

    *Deregistered* - TrkWks

    *Deregistered* - usnjsvc

    *Deregistered* - W32Time

    *Deregistered* - WebClient

    *Deregistered* - winmgmt

    *Deregistered* - WmiApSrv

    *Deregistered* - wscsvc

    *Deregistered* - wuauserv

    *Deregistered* - WZCSVC

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uSearch Page = hxxp://www.google.com

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

    TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

    FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-14 17:00:27

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    [1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

    "ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(756)

    c:\windows\system32\avgrsstx.dll

    .

    Tempo para conclusão: 2009-04-14 17:06:16

    ComboFix-quarantined-files.txt 2009-04-14 20:06:10

    ComboFix2.txt 2009-04-14 16:45:49

    ComboFix3.txt 2009-04-14 00:12:37

    ComboFix4.txt 2009-03-28 16:17:43

    Pré-execução: 21 pasta(s) 12.405.805.056 bytes disponíveis

    Pós execução: 20 pasta(s) 12,398,067,712 bytes disponíveis

    219

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O seu log está limpo

    • Clique em Iniciar depois em Executar
    • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

    CF_Cleanup.png

    Faça o download de OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone otcleanitdesktopicon.png
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

    • Elimine a Pasta (caso exista): Backups do HijackThis
    • Utilize um navegador alternativo e mais seguro:
      firefox-spread-btn-1b.png ou Opera_logo1.gif
    • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
      Boas opções grátis são:
      Comodo Firewall Pro
      Online Armor Free edition
    • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
    • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
    • Mantenha seus programas devidamente actualizados.
      Estar actualizado é estar seguro. Clique aqui

    Foi um prazer ajudar thumbsup.gif

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×