Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
mc12366

c:\windows\system32\nmdfgds0.dll

Recommended Posts

DS (Ver_09-03-16.01) - NTFSx86

Run by Michael at 20:34:44,67 on qua 25/03/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.222.50 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Office Mouse Driver\MouseDrv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - c:\arquiv~1\freshd~1\freshd~1\FDCatch.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {6ef05952-b48d-4944-aa91-57a6a1a48ef8} - c:\arquivos de programas\puxa rápido\IEBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\arquivos de programas\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\arquivos de programas\windows live toolbar\msntb.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\googletoolbar1.dll

TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\arquiv~1\freshd~1\freshd~1\fdiebar.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [AlcoholAutomount] "c:\arquivos de programas\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [kamsoft] c:\windows\system32\ckvo.exe

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun

uRun: [Azureus Ultra Accelerator] "c:\arquivos de programas\azureus ultra accelerator\Azureus Ultra Accelerator.exe" -tray

uRun: [cdoosoft] c:\windows\system32\olhrwef.exe

mRun: [RaidTool] c:\arquivos de programas\via\raid\raid_t

mRun: [VTTimer] VTTimer.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [WireLessMouse] c:\arquivos de programas\office mouse driver\StartAutorun.exe MouseDrv.exe

mRun: [PPXB Agent] c:\windows\system32\28463\PPXB.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_05\bin\jusched.exe"

mRun: [MULTIMEDIA KEYBOARD] c:\arquivos de programas\netropa\multimedia keyboard\MMKeybd.exe

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [NWEReboot]

mRun: [soundMan] SOUNDMAN.EXE

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [Atualizador - Puxa Rápido] c:\arquivos de programas\puxa rápido\Atualiza.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~2.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\AdobeCollabSync.exe

IE: &Windows Live Search - c:\arquivos de programas\windows live toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\freshdevices\freshdownload\fd.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231344667388

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\dadosd~1\mozilla\firefox\profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-13 96520]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-4 26184]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-2-17 6656]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-5-13 282904]

R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\netropa\multimedia keyboard\nhksrv.exe [2008-2-17 28672]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-7-28 6528]

S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-3-22 133104]

S3 dump_wmimmc;dump_wmimmc;\??\c:\level up! games\maplestory\gameguard\dump_wmimmc.sys --> c:\level up! games\maplestory\gameguard\dump_wmimmc.sys [?]

S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\michael\desktop\os melhores haks do brasil\kit_hack_by_rock_lee\kit hack by rock lee\kiki.sys --> c:\documents and settings\michael\desktop\os melhores haks do brasil\kit_hack_by_rock_lee\kit hack by rock lee\kiki.sys [?]

S3 Revolution1;Revolution1;\??\c:\documents and settings\michael\desktop\michael\hacks\revolution engine 5.3\revolution engine 5.3\shak3.sys --> c:\documents and settings\michael\desktop\michael\hacks\revolution engine 5.3\revolution engine 5.3\SHAK3.sys [?]

S3 SHAK31;SHAK31;\??\c:\documents and settings\michael\meus documentos\levelupgames\grand chase\revolution_4[1].2___flay___tutorial\revolution 4.2 + flay + tutorial\shak3.sys --> c:\documents and settings\michael\meus documentos\levelupgames\grand chase\revolution_4[1].2___flay___tutorial\revolution 4.2 + flay + tutorial\SHAK3.sys [?]

S3 Sinistro1;Sinistro1;\??\c:\documents and settings\michael\desktop\os melhores haks do brasil\shak3_2.2\sinistro.sys --> c:\documents and settings\michael\desktop\os melhores haks do brasil\shak3_2.2\Sinistro.sys [?]

=============== Created Last 30 ================

==================== Find3M ====================

2009-03-25 19:59 85,504 ---shr-- c:\windows\system32\ckvo0.dll

2009-03-21 07:44 85,504 ---shr-- c:\windows\system32\ckvo1.dll

2009-03-05 13:06 108,794 ---shr-- c:\windows\system32\olhrwef.exe

2009-02-12 14:54 108,565 ---shr-- C:\ur0.com

2009-02-08 06:07 348,804 a------- c:\windows\system32\perfh016.dat

2009-02-08 06:07 50,424 a------- c:\windows\system32\perfc016.dat

2009-01-21 06:33 108,869 ---shr-- C:\gy.exe

2009-01-17 18:29 499,712 a------- c:\windows\system32\msvcp71.dll

2009-01-17 18:29 348,160 a------- c:\windows\system32\msvcr71.dll

2009-01-15 19:29 108,940 ---shr-- C:\ve.exe

2007-06-06 14:02 872,809 ac------ c:\documents and settings\michael\TibiaBRCamLite-1.0.exe

2008-10-31 13:50 104,594 ---shr-- c:\windows\system32\ckvo.exe

2007-04-04 18:03 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 20:36:03,57 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,


  • NOTa: Desactive temporariamente os seus programas de proteção.

[*]Faça o download FixIEDef.exe by ShadowPuterDude para o seu desktop.

[*]Dê duplo-clique em FixIEDef.exe:

fixiedef_zip.png

[*]Irá abrir a janela do FixIEDef, clique ]OK:

about_fixiedef.png

[*]Clique no botão Scan!:

press_scan.png

[*]A ferramenta terá de ser rodada em conta com previlégios de administrador. Esta mensagem confirma que está apto a rodar a ferramenta numa conta de administração. Clique OK:

fixiedef_alert.png

[*]Aguarde que o scan seja efectuado e terminado:

FixIEDef_FileScan.png

fixiedef_scanning.png

  • Atenção: FixIEDef irá terminar o Internet Explorer e Explorer caso estejam rodando. Os icones do desktop e Menu Iniciar não estarão visiveis enquanto a ferramenta estiver rodando.

Depois de TUDO terminado, aparecerá a mensagem de aviso, clique Exit:
all_finished.png
Cole o conteúdo do log do FixIEDef, que estará localizado no seu Desktop, juntamente com um novo log do HijackThis.
Nota : process.exe é detectado como "RiskTool" por alguns programas antivirus (AntiVir, Dr.Web, Kaspersky); não é um virus, mas um programa usado para parar os processos do sistema. Os programas antivirus não conseguem distinguir quais são os "bons" e os "maliciosos" que usam estes programas, por isso poderá ser alertado pelo seu antivirus, mas simplesmente ignore esse alerta.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Compartilhar este post


Link para o post
Compartilhar em outros sites

********************************************************************************

* *

* FixIEDef Log *

* Version 1.7.22.7514 *

* *

********************************************************************************

Created at 13:39:56 on Thursday, March 26, 2009

Time Zone :

Logged On User : Michael

Operating System : Microsoft Windows XP Home Edition Service Pack 2

OS Architecture : X86

System Langauge : Portuguese (Brazilian)

Keyboard Layout : Portuguese (Brazilian)

Processor : X86 Intel® Pentium® 4 CPU 2.40GHz

System Drive : C:\

Windows Directory : C:\WINDOWS

System Directory : C:\WINDOWS\system32

System Drive Type : Fixed

System Drive Status : READY

System Drive Label :

System Drive Size : 39.2 GB

System Drive Free : 12.83 GB

Total Physical Memory: 222 MB

Free Physical Memory : 35 MB

Total Page File : 222 MB

Free Page File : 3945 MB

Total Virtual Memory : 2048 MB

Free Virtual Memory : 1969 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\autorun.inf

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

O ComboFix diz que o AVG Anti-Virus Free esta ativado, mais eu já fechei no canto da tela e também no Gereciador de Tarefas o Anti-Virus..

Posso fazer o log, mesmo dizendo isso?

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-26.03 - Michael 2009-03-27 18:58:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.38 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\minm.cmd

c:\windows\system\oeminfo.ini

c:\windows\system32\28463

c:\windows\system32\28463\Dec_01_2007__12_06_18.jpg

c:\windows\system32\28463\Dec_01_2007__12_16_18.jpg

c:\windows\system32\28463\Dec_01_2007__12_26_18.jpg

c:\windows\system32\28463\Dec_07_2007__20_26_16.jpg

c:\windows\system32\28463\Dec_07_2007__20_36_16.jpg

c:\windows\system32\28463\Dec_07_2007__20_46_16.jpg

c:\windows\system32\28463\Dec_07_2007__21_06_17.jpg

c:\windows\system32\28463\Dec_07_2007__21_16_17.jpg

c:\windows\system32\28463\Dec_07_2007__21_26_17.jpg

c:\windows\system32\28463\Dec_07_2007__21_46_18.jpg

c:\windows\system32\28463\Dec_10_2007__18_01_02.jpg

c:\windows\system32\28463\Dec_10_2007__18_11_02.jpg

c:\windows\system32\28463\Dec_10_2007__18_21_02.jpg

c:\windows\system32\28463\Dec_10_2007__18_31_02.jpg

c:\windows\system32\28463\Dec_10_2007__18_41_02.jpg

c:\windows\system32\28463\Dec_11_2007__11_16_02.jpg

c:\windows\system32\28463\Dec_11_2007__11_26_02.jpg

c:\windows\system32\28463\Dec_11_2007__11_36_02.jpg

c:\windows\system32\28463\Dec_11_2007__11_46_03.jpg

c:\windows\system32\28463\Dec_17_2007__18_45_14.jpg

c:\windows\system32\28463\Dec_21_2007__14_22_24.jpg

c:\windows\system32\28463\Dec_21_2007__14_32_25.jpg

c:\windows\system32\28463\Dec_21_2007__14_42_25.jpg

c:\windows\system32\28463\Dec_21_2007__14_52_25.jpg

c:\windows\system32\28463\Dec_21_2007__15_02_25.jpg

c:\windows\system32\28463\Dec_21_2007__15_12_25.jpg

c:\windows\system32\28463\Dec_26_2007__15_55_49.jpg

c:\windows\system32\28463\Dec_28_2007__12_46_39.jpg

c:\windows\system32\28463\Dec_28_2007__12_56_39.jpg

c:\windows\system32\28463\Dec_28_2007__13_06_40.jpg

c:\windows\system32\28463\Dec_29_2007__18_28_19.jpg

c:\windows\system32\28463\Dec_30_2007__09_38_02.jpg

c:\windows\system32\28463\Dec_31_2007__16_32_55.jpg

c:\windows\system32\28463\Dec_31_2007__16_43_02.jpg

c:\windows\system32\28463\Feb_29_2004__02_01_33.jpg

c:\windows\system32\28463\Feb_29_2004__02_11_33.jpg

c:\windows\system32\28463\Feb_29_2004__02_21_35.jpg

c:\windows\system32\28463\Feb_29_2004__02_31_47.jpg

c:\windows\system32\28463\Jan_06_2008__19_24_06.jpg

c:\windows\system32\28463\Jan_12_2008__00_05_00.jpg

c:\windows\system32\28463\Jan_12_2008__00_46_40.jpg

c:\windows\system32\28463\Jan_12_2008__00_56_40.jpg

c:\windows\system32\28463\Jan_12_2008__01_06_40.jpg

c:\windows\system32\28463\Jan_16_2008__05_56_10.jpg

c:\windows\system32\28463\Mar_01_2004__01_11_19.jpg

c:\windows\system32\28463\Mar_01_2004__01_21_19.jpg

c:\windows\system32\28463\Mar_01_2004__01_31_19.jpg

c:\windows\system32\28463\Mar_01_2004__07_57_22.jpg

c:\windows\system32\28463\Mar_01_2004__08_07_22.jpg

c:\windows\system32\28463\Mar_01_2004__08_17_22.jpg

c:\windows\system32\28463\Mar_01_2004__08_20_12.jpg

c:\windows\system32\28463\Mar_01_2004__08_27_22.jpg

c:\windows\system32\28463\Mar_01_2004__13_48_31.jpg

c:\windows\system32\28463\Mar_02_2004__01_09_15.jpg

c:\windows\system32\28463\Mar_02_2004__01_19_16.jpg

c:\windows\system32\28463\Nov_04_2007__02_07_25.jpg

c:\windows\system32\28463\Nov_08_2007__21_59_08.jpg

c:\windows\system32\28463\Nov_17_2007__18_49_16.jpg

c:\windows\system32\28463\Nov_17_2007__18_59_16.jpg

c:\windows\system32\28463\Nov_20_2007__05_44_46.jpg

c:\windows\system32\28463\Nov_22_2007__15_37_35.jpg

c:\windows\system32\28463\Nov_29_2007__16_33_52.jpg

c:\windows\system32\28463\Nov_29_2007__16_53_52.jpg

c:\windows\system32\28463\Nov_29_2007__17_14_04.jpg

c:\windows\system32\28463\Nov_29_2007__17_34_27.jpg

c:\windows\system32\28463\Nov_29_2007__17_44_27.jpg

c:\windows\system32\28463\Nov_29_2007__17_54_27.jpg

c:\windows\system32\28463\Nov_29_2007__18_04_27.jpg

c:\windows\system32\28463\Nov_29_2007__18_14_32.jpg

c:\windows\system32\28463\Nov_29_2007__18_44_48.jpg

c:\windows\system32\28463\Nov_30_2007__14_52_55.jpg

c:\windows\system32\28463\Nov_30_2007__15_02_55.jpg

c:\windows\system32\28463\Nov_30_2007__15_12_55.jpg

c:\windows\system32\28463\Nov_30_2007__15_22_55.jpg

c:\windows\system32\28463\Nov_30_2007__15_32_56.jpg

c:\windows\system32\28463\Nov_30_2007__15_42_58.jpg

c:\windows\system32\28463\Oct_23_2007__17_46_00.jpg

c:\windows\system32\28463\Oct_23_2007__18_06_08.jpg

c:\windows\system32\28463\Oct_23_2007__18_26_14.jpg

c:\windows\system32\28463\Oct_23_2007__18_44_16.jpg

c:\windows\system32\28463\PPXB.001

c:\windows\system32\28463\PPXB.002

c:\windows\system32\28463\PPXB.002.tmp

c:\windows\system32\28463\PPXB.005

c:\windows\system32\28463\PPXB.006

c:\windows\system32\28463\PPXB.007

c:\windows\system32\28463\PPXB.009

c:\windows\system32\28463\Sep_22_2007__15_10_50.jpg

c:\windows\system32\28463\Sep_23_2007__15_56_18.jpg

c:\windows\system32\28463\Sep_23_2007__16_06_18.jpg

c:\windows\system32\28463\Sep_23_2007__16_36_25.jpg

c:\windows\system32\28463\Sep_23_2007__16_46_29.jpg

c:\windows\system32\28463\Sep_23_2007__16_56_31.jpg

c:\windows\system32\28463\Sep_23_2007__17_06_33.jpg

c:\windows\system32\28463\Sep_23_2007__17_16_35.jpg

c:\windows\system32\28463\Sep_23_2007__17_26_35.jpg

c:\windows\system32\28463\Sep_23_2007__17_36_35.jpg

c:\windows\system32\28463\Sep_23_2007__17_56_47.jpg

c:\windows\system32\28463\Sep_23_2007__18_06_48.jpg

c:\windows\system32\28463\Sep_23_2007__18_26_51.jpg

c:\windows\system32\28463\Sep_23_2007__18_36_53.jpg

c:\windows\system32\28463\Sep_23_2007__18_46_53.jpg

c:\windows\system32\28463\Sep_23_2007__18_56_53.jpg

c:\windows\system32\28463\Sep_30_2007__10_15_28.jpg

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

c:\windows\system32\ibestunz.dll

c:\windows\system32\MRT.exe

c:\windows\system32\olhrwef.exe

C:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

2009-03-07 14:44 . 2009-03-07 14:44 <DIR> d-------- c:\windows\Sun

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2009-02-13 20:32 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-12 17:54 108,565 --sh--r C:\ur0.com

2009-02-01 16:04 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-01-21 09:33 108,869 --sh--r C:\gy.exe

2009-01-17 21:29 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-01-17 21:29 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-01-15 22:29 108,940 --sh--r C:\ve.exe

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

R3 dump_wmimmc;dump_wmimmc; [x]

R3 KIKIDRIVER;KIKIDRIVER; [x]

R3 Revolution1;Revolution1; [x]

R3 SHAK31;SHAK31; [x]

R3 Sinistro1;Sinistro1; [x]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

--- ---

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - avg8wd

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - gupdate1c9ab118ee411f8

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - ImapiService

*Deregistered* - Irmon

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - Netman

*Deregistered* - nhksrv

*Deregistered* - Nla

*Deregistered* - npkcrypt

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NwlnkIpx

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NwSapAgent

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - Secdrv

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3294cb8a-d265-11dd-ba1c-f83c1c4bc97d}]

\Shell\AutoRun\command - F:\xih9.cmd

\Shell\explore\Command - F:\xih9.cmd

\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c5da576-5134-11db-b4b3-00142afd0d64}]

\Shell\AutoRun\command - G:\xih9.cmd

\Shell\explore\Command - G:\xih9.cmd

\Shell\open\Command - G:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]

\Shell\AutoRun\command - F:\xih9.cmd

\Shell\explore\Command - F:\xih9.cmd

\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]

\Shell\AutoRun\command - G:\xih9.cmd

\Shell\explore\Command - G:\xih9.cmd

\Shell\open\Command - G:\xih9.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Azureus Ultra Accelerator - c:\arquivos de programas\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

HKLM-Run-PPXB Agent - c:\windows\system32\28463\PPXB.exe

HKLM-Run-Atualizador - Puxa Rápido - c:\arquivos de programas\Puxa Rápido\Atualiza.exe

HKLM-Run-NWEReboot - (no file)

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-27 19:06:59

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-27 19:15:37 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-27 22:15:22

Pré-execução: 21 pasta(s) 13.286.957.056 bytes disponíveis

Pós execução: 20 pasta(s) 15,282,511,872 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

404

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Conecte o seu pendrive ao computador, mas não execute nada dele!

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


File::
C:\ur0.com
C:\gy.exe
C:\ve.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3294cb8a-d265-11dd-ba1c-f83c1c4bc97d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c5da576-5134-11db-b4b3-00142afd0d64}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-26.03 - Michael 2009-03-28 13:05:34.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.44 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\gy.exe

C:\ur0.com

C:\ve.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\gy.exe

C:\ur0.com

C:\ve.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

2009-03-07 14:44 . 2009-03-07 14:44 <DIR> d-------- c:\windows\Sun

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2009-02-13 20:32 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-01 16:04 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-01-17 21:29 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-01-17 21:29 348,160 ----a-w c:\windows\system32\msvcr71.dll

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-13 96520]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-02-17 6656]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2008-02-17 28672]

R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-07-28 6528]

S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys [?]

S3 Revolution1;Revolution1;\??\c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys --> c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys [?]

S3 SHAK31;SHAK31;\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys --> c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys [?]

S3 Sinistro1;Sinistro1;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys [?]

--- ---

*Deregistered* - NwSapAgent

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - usnjsvc

*Deregistered* - W32Time

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-28 13:12:43

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2009-03-28 13:17:34

ComboFix-quarantined-files.txt 2009-03-28 16:17:25

Pré-execução: 21 pasta(s) 15,156,596,736 bytes disponíveis

Pós execução: 20 pasta(s) 15,192,961,024 bytes disponíveis

197

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não conectei meu pendrive, porque ele não se encontrar comigo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

É pra fazer novamente?

-----

Desculpa pelo Double

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

    [*]Gere e cole também um novo log do DDS.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não deu pra fazer agora, porque trava em 44 mb em media... Dia 31 de março, vou tira uma tarde pra tentar fazer essa atualização. :huh:

Muito Obrigado. :wub:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa pela demora, fiquei de castigo + provas =x sabe como é estudante... :D

O Scan online não pegou aqui não...tem uma parte que é em 1kb em 1kb, esperei um tempo bom.. e nada, testei no firefox e no google chrome(mais não pego, causa dos requesitos.)

Ai como meu amigo me devolveu meus pendrives...

Postei o log..não sei se fiz certo fazer o log sem tua ordens(o log estas ai abaixo) =p

Então.. amanha a tarde estarem a tarde todinhaaa *-* pra fazer o que tu mandas..

Muito Obrigado Lusitano.

(Topico InFormal)

ComboFix 09-03-26.03 - Michael 2009-04-13 20:56:14.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.53 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

FILE ::

C:\gy.exe

C:\ur0.com

C:\ve.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\olhrwef.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-04-12 20:42 . 2008-10-31 13:50 104,594 -r-hs---- C:\xih9.cmd

2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 23:43 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.12.52.85 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-12-20 12:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

+ 2001-12-20 13:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

- 2008-11-10 15:28:01 216,856 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-04-04 09:52:04 218,448 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-02-22 04:23:35 135,168 -c--a-w c:\windows\system32\java.exe

+ 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\java.exe

- 2008-02-22 04:23:39 135,168 -c--a-w c:\windows\system32\javaw.exe

+ 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-02-22 05:33:32 139,264 -c--a-w c:\windows\system32\javaws.exe

+ 2009-03-29 09:33:39 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2009-01-07 16:52:44 84,661 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-04-11 15:42:02 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2002-07-11 10:47:10 98,304 -c--a-w c:\windows\system32\msikbd.dll

+ 2002-07-11 11:47:10 98,304 ----a-w c:\windows\system32\msikbd.dll

- 2000-06-08 05:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

+ 2000-06-08 06:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

- 2009-01-17 21:29:07 278,528 ----a-w c:\windows\system32\pncrt.dll

+ 2009-04-05 10:59:46 278,528 ----a-w c:\windows\system32\pncrt.dll

- 2009-01-17 21:29:23 6,656 ----a-w c:\windows\system32\pndx5016.dll

+ 2009-04-05 11:00:19 6,656 ----a-w c:\windows\system32\pndx5016.dll

- 2009-01-17 21:29:24 5,632 ----a-w c:\windows\system32\pndx5032.dll

+ 2009-04-05 11:00:19 5,632 ----a-w c:\windows\system32\pndx5032.dll

- 2009-01-17 21:30:09 185,920 ----a-w c:\windows\system32\rmoc3260.dll

+ 2009-04-05 11:00:45 185,920 ----a-w c:\windows\system32\rmoc3260.dll

+ 2009-04-13 23:59:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4bc.dat

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

R3 KIKIDRIVER;KIKIDRIVER; [x]

R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

R3 Revolution1;Revolution1; [x]

R3 SHAK31;SHAK31; [x]

R3 Sinistro1;Sinistro1; [x]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

--- ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avg8wd

*Deregistered* - AvgLdx86

*Deregistered* - AvgMfx86

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - gupdate1c9ab118ee411f8

*Deregistered* - hamachi

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - JavaQuickStarterService

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mdmxsdk

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - nhksrv

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NwlnkIpx

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NwSapAgent

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - Secdrv

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 21:04:42

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-13 21:12:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-14 00:12:15

ComboFix2.txt 2009-03-28 16:17:43

Pré-execução: 21 pasta(s) 12.360.454.144 bytes disponíveis

Pós execução: 20 pasta(s) 12,489,846,784 bytes disponíveis

356

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa pela demora, fiquei de castigo + provas =x sabe como é estudante... :D

O Scan online não pegou aqui não...tem uma parte que é em 1kb em 1kb, esperei um tempo bom.. e nada, testei no firefox e no google chrome(mais não pego, causa dos requesitos.)

Ai como meu amigo me devolveu meus pendrives...

Postei o log..não sei se fiz certo fazer o log sem tua ordens(o log estas ai abaixo) =p

Então.. amanha a tarde estarem a tarde todinhaaa *-* pra fazer o que tu mandas..

Muito Obrigado Lusitano.

(Topico InFormal)

ComboFix 09-03-26.03 - Michael 2009-04-13 20:56:14.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.53 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

FILE ::

C:\gy.exe

C:\ur0.com

C:\ve.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\olhrwef.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-04-12 20:42 . 2008-10-31 13:50 104,594 -r-hs---- C:\xih9.cmd

2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 23:43 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2009-02-23 20:48 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.12.52.85 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-12-20 12:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

+ 2001-12-20 13:02:12 6,656 ----a-w c:\windows\system32\drivers\Msikbd2k.sys

- 2008-11-10 15:28:01 216,856 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-04-04 09:52:04 218,448 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-02-22 04:23:35 135,168 -c--a-w c:\windows\system32\java.exe

+ 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\java.exe

- 2008-02-22 04:23:39 135,168 -c--a-w c:\windows\system32\javaw.exe

+ 2009-03-29 09:33:39 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-02-22 05:33:32 139,264 -c--a-w c:\windows\system32\javaws.exe

+ 2009-03-29 09:33:39 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2009-01-07 16:52:44 84,661 -c--a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-04-11 15:42:02 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2002-07-11 10:47:10 98,304 -c--a-w c:\windows\system32\msikbd.dll

+ 2002-07-11 11:47:10 98,304 ----a-w c:\windows\system32\msikbd.dll

- 2000-06-08 05:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

+ 2000-06-08 06:09:00 28,672 ----a-w c:\windows\system32\msiosd32.dll

- 2009-01-17 21:29:07 278,528 ----a-w c:\windows\system32\pncrt.dll

+ 2009-04-05 10:59:46 278,528 ----a-w c:\windows\system32\pncrt.dll

- 2009-01-17 21:29:23 6,656 ----a-w c:\windows\system32\pndx5016.dll

+ 2009-04-05 11:00:19 6,656 ----a-w c:\windows\system32\pndx5016.dll

- 2009-01-17 21:29:24 5,632 ----a-w c:\windows\system32\pndx5032.dll

+ 2009-04-05 11:00:19 5,632 ----a-w c:\windows\system32\pndx5032.dll

- 2009-01-17 21:30:09 185,920 ----a-w c:\windows\system32\rmoc3260.dll

+ 2009-04-05 11:00:45 185,920 ----a-w c:\windows\system32\rmoc3260.dll

+ 2009-04-13 23:59:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4bc.dat

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

R3 KIKIDRIVER;KIKIDRIVER; [x]

R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

R3 Revolution1;Revolution1; [x]

R3 SHAK31;SHAK31; [x]

R3 Sinistro1;Sinistro1; [x]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

--- ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avg8wd

*Deregistered* - AvgLdx86

*Deregistered* - AvgMfx86

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - gupdate1c9ab118ee411f8

*Deregistered* - hamachi

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - JavaQuickStarterService

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mdmxsdk

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - nhksrv

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NwlnkIpx

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NwSapAgent

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - Secdrv

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 21:04:42

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Office Mouse Driver\MouseDrv.exe

c:\arquivos de programas\Netropa\Multimedia Keyboard\Traymon.exe

c:\arquivos de programas\Netropa\Onscreen Display\osd.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-13 21:12:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-14 00:12:15

ComboFix2.txt 2009-03-28 16:17:43

Pré-execução: 21 pasta(s) 12.360.454.144 bytes disponíveis

Pós execução: 20 pasta(s) 12,489,846,784 bytes disponíveis

356

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Conecte o seu pendrive, mas NÃO execute nada dele!

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


C:\xih9.cmd
c:\windows\system32\olhrwef.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
File::

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

( 3 ) Faça o download de Panda USB Vaccine e salve no desktop.

  • Retire o arquivo do zip para o seu desktop. Será gerado uma novapasta com o nome: USBVaccine.
  • Duplo clique nessa pasta e depois dê duplo clique no arquivo USBVaccine.exe e clique em Run.
  • Clique no botão "Vaccinate computer".
  • Conecte agora o seu pendrive (USB). Quando o nome aparecer na caixa, clique no botão "Vaccinate USB".
  • Clique na seta vermelha para sair do programa.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-26.03 - Michael 2009-04-14 13:39:24.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.50 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

FILE ::

c:\windows\system32\olhrwef.exe

C:\xih9.cmd

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-04-13 22:52 . 2009-04-13 22:52 713 --a------ c:\windows\system32\msexcr.ini

2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-14 00:50 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-12 23:38 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-04-13_21.09.00.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-14 16:17:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_53c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

R3 KIKIDRIVER;KIKIDRIVER; [x]

R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]

R3 Pcsacdrvlmecti;Pcsacdrvlmecti; [x]

R3 Revolution1;Revolution1; [x]

R3 SHAK31;SHAK31; [x]

R3 Sinistro1;Sinistro1; [x]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-13 96520]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

S2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2004-08-04 14336]

S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]

--- ---

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - avg8wd

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - gupdate1c9ab118ee411f8

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - JavaQuickStarterService

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mdmxsdk

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - nhksrv

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NwlnkIpx

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NwSapAgent

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - Secdrv

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]

\Shell\AutoRun\command - F:\xih9.cmd

\Shell\explore\Command - F:\xih9.cmd

\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]

\Shell\AutoRun\command - G:\xih9.cmd

\Shell\explore\Command - G:\xih9.cmd

\Shell\open\Command - G:\xih9.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 13:40:39

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2009-04-14 13:45:46

ComboFix-quarantined-files.txt 2009-04-14 16:45:37

ComboFix2.txt 2009-04-14 00:12:37

ComboFix3.txt 2009-03-28 16:17:43

Pré-execução: 21 pasta(s) 12.472.131.584 bytes disponíveis

Pós execução: 20 pasta(s) 12,463,362,048 bytes disponíveis

301

O numero 3, eu fiz perfetamente tambem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Conecte o seu pendrive, mas não execute nada dele.

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


F:\xih9.cmd
G:\xih9.cmd
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce73f6a2-b355-11dd-b9af-de77a0127c7c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dc968c-d93b-11dc-b7e2-bb59af19b17d}]
File::

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-26.03 - Michael 2009-04-14 16:59:06.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.222.54 [GMT -3:00]

Executando de: c:\documents and settings\Michael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Michael\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

FILE ::

F:\xih9.cmd

G:\xih9.cmd

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\xih9.cmd

G:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))

.

2009-06-20 16:09 . 2008-07-02 16:54 <DIR> d-------- c:\arquivos de programas\free-downloads.net

2009-06-20 16:09 . 2009-06-20 16:09 <DIR> d-------- c:\arquivos de programas\Conduit

2009-06-20 16:08 . 2009-06-20 16:08 <DIR> d-------- c:\arquivos de programas\Alcohol Soft

2009-06-20 15:40 . 2005-03-14 06:54 2,673 -ra------ c:\windows\Disktool.INI

2009-06-20 15:40 . 2005-03-14 06:52 2,498 -ra------ c:\windows\fwupgrade.ini

2009-06-20 15:40 . 2005-03-14 06:57 1,296 -ra------ c:\windows\PlaySnd.INI

2009-04-09 14:02 . 2009-04-09 14:02 <DIR> d-------- c:\documents and settings\Michael\Dados de aplicativos\Inkscape

2009-04-09 13:47 . 2009-04-09 13:57 <DIR> d-------- c:\arquivos de programas\Inkscape

2009-04-02 18:57 . 2009-04-02 18:56 767,328 --a------ c:\windows\system32\kdfinj.dll

2009-04-02 18:56 . 2008-10-17 05:50 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys

2009-04-02 18:56 . 2008-10-17 05:50 79,104 --a------ c:\windows\system32\drivers\Mkd2Nadr.sys

2009-04-02 18:39 . 2009-04-02 18:39 <DIR> d-------- c:\arquivos de programas\AhnLab

2009-04-02 16:20 . 2009-04-02 16:20 <DIR> d-------- c:\arquivos de programas\GIMP-2.0

2009-04-01 21:01 . 2009-04-09 16:04 <DIR> d-------- c:\documents and settings\Michael\.gimp-2.6

2009-04-01 21:00 . 2009-04-01 21:01 <DIR> d-------- c:\documents and settings\Michael\.gegl-0.0

2009-03-29 10:40 . 2009-03-29 10:42 <DIR> d-------- c:\arquivos de programas\GP Vs Superbike

2009-03-29 06:33 . 2009-03-29 06:33 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-26 14:42 . 2009-03-26 14:43 <DIR> d-------- c:\arquivos de programas\Tibia810

2009-03-26 13:39 . 2009-03-26 13:39 <DIR> d-------- C:\ERDNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- c:\windows\ERUNT

2009-03-26 13:38 . 2009-03-26 13:39 <DIR> d-------- C:\!FixIEDef

2009-03-17 16:15 . 2009-03-17 16:15 <DIR> d-------- c:\arquivos de programas\DownloadToolz

2009-03-15 19:34 . 2009-03-15 19:34 <DIR> d-------- C:\Nexon

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-14 19:49 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-12 23:38 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Any Video Converter

2009-04-09 19:04 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\gtk-2.0

2009-04-05 10:59 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-04-05 10:59 348,160 ----a-w c:\windows\system32\msvcr71.dll

2009-03-29 09:33 --------- d-----w c:\arquivos de programas\Java

2009-03-26 23:20 --------- d-----w c:\documents and settings\Michael\Dados de aplicativos\Tibia

2009-03-24 23:35 --------- d-----w c:\arquivos de programas\Tibia

2009-03-22 17:14 --------- d-----w c:\arquivos de programas\Google

2009-02-28 13:33 --------- d-----w c:\arquivos de programas\NAXDOWN

2007-06-06 17:02 872,809 -c--a-w c:\documents and settings\Michael\TibiaBRCamLite-1.0.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-04-13_21.09.00.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-14 16:49:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_514.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\arquivos de programas\VIA\RAID\raid_t" [X]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WireLessMouse"="c:\arquivos de programas\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

"MULTIMEDIA KEYBOARD"="c:\arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-05-13 1177368]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-05 198160]

"VTTimer"="VTTimer.exe" [2004-09-01 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-06 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Documents and Settings\\Michael\\Desktop\\++michael++\\Arquivos de Instalação\\DevLand_0[1].96b_XML\\Project-XML\\SVN.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:TibiaOpenServer

"90:TCP"= 90:TCP:Habbo

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-13 96520]

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-02-17 6656]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 282904]

R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2008-02-17 28672]

R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-07-28 6528]

S2 gupdate1c9ab118ee411f8;Google Update Service (gupdate1c9ab118ee411f8);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 133104]

S3 KIKIDRIVER;KIKIDRIVER;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\Kit_Hack_By_Rock_Lee\Kit Hack By Rock Lee\kiki.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-04-02 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-04-02 79104]

S3 Revolution1;Revolution1;\??\c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys --> c:\documents and settings\Michael\Desktop\michael\Hacks\Revolution Engine 5.3\Revolution Engine 5.3\SHAK3.sys [?]

S3 SHAK31;SHAK31;\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys --> c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys [?]

S3 Sinistro1;Sinistro1;\??\c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys --> c:\documents and settings\Michael\Desktop\Os Melhores Haks Do Brasil\ShaK3_2.2\Sinistro.sys [?]

--- ---

*Deregistered* - NwSapAgent

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - usnjsvc

*Deregistered* - W32Time

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-22 14:12]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{41BEF125-60F3-4F7C-91EA-1E47B95F2315} - c:\arquivos de programas\FreshDevices\FreshDownload\fd.exe

TCP: {6664D417-9953-46AC-A21E-B45869918095} = 200.149.55.140,200.241.52.1

FF - ProfilePath - c:\documents and settings\Michael\Dados de aplicativos\Mozilla\Firefox\Profiles\1p9s9uoe.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 17:00:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

[1].2___FLAY___TUTORIAL\REVOLUTION 4.2 + FLAY + TUTORIAL\SHAK3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SHAK31]

"ImagePath"="\??\c:\documents and settings\Michael\Meus documentos\LevelUpGames\Grand Chase\REVOLUTION_4

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(756)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2009-04-14 17:06:16

ComboFix-quarantined-files.txt 2009-04-14 20:06:10

ComboFix2.txt 2009-04-14 16:45:49

ComboFix3.txt 2009-04-14 00:12:37

ComboFix4.txt 2009-03-28 16:17:43

Pré-execução: 21 pasta(s) 12.405.805.056 bytes disponíveis

Pós execução: 20 pasta(s) 12,398,067,712 bytes disponíveis

219

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×