Publicado em 9 de out.

[Arquivado] analise de log

#topicos-arquivados-seguranca-malwares

acabei pegando um vírus chato que fica abrindo vários site de anti-vírus(ironia não?)

meu sistema é o windows vista

segue o log

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:04:57, on 09/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\vsnpstd3.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\eder\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\MiniTask\MiniTask\MiniTask.exe

C:\Program Files\JetAudio\JetAudio.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\winver.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wVppomKE.dll,#1

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [10880cb0] rundll32.exe "C:\Windows\system32\lcdrgkhd.dll",b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [Google Update] "C:\Users\eder\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: MiniTask.lnk = C:\Program Files\MiniTask\MiniTask\MiniTask.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL epoyid.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Flash Media Server (FMS) (FMS) - Adobe Systems Incorporated. - C:\FMS3\FMSMaster.exe

O23 - Service: Flash Media Administration Server (FMSAdmin) - Adobe Systems Incorporated. - C:\FMS3\FMSAdmin.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld-nt (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

End of file - 9690 bytes

Discussão (5)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

PedroN· 10 de out.

Baixe: < ComboFix.exe >

Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

Abrirá a janela Auto Scan. Aguarde!

Digite a opção para continuar! >> Enter

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

Para parar ou sair do ComboFix,tecle "N".

----------------------

Terminando,poste o relatório: C:\ComboFix.txt

Eder Fortunato· 10 de out.

esse programa aparece o progresso do scan enquanto roda?

eu executei ele,apareceu a tela de "concorda com os termos e bla bla bla", eu cliquei sim, e apareceu essa mensagem:

/applications/core/interface/imageproxy/imageproxy.php?img=http://img392.imageshack.us/img392/407/errojw3.th.jpg&key=3c0e0430dfd69e04aea9bc9c5535e662d158c9ebde7980a6bbb9b29fd7a0a5b9" alt="errojw3.th.jpg" />

ai ele fechou e não apareceu nada

fiz algo errado?

Eder Fortunato· 10 de out.

ignora minha mensagem anterior, rodei em modo de segurança e foi

depois que ele reiniciou, apareceu uma tela dizendo que ele estava gerando o relatório, ficou uns 20 minutos nela,

achei que tinha travado, mas ele já tinha gerado o log, veja se esta correto, ou se vou ter que rodar de novo

ComboFix 08-10-09.06 - eder 2008-10-10 10:00:28.1 - NTFSx86 MINIMALMicrosoft® Windows Vista™ Business 6.0.6000.0.1252.1.1046.18.1653 [GMT -3:00]

Executando de: C:\Users\eder\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\system32\axkgcurt.dll

C:\Windows\System32\bJjmVutv.ini

C:\Windows\System32\bJjmVutv.ini2

C:\Windows\system32\byXRiIAp.dll

C:\Windows\System32\dhkgrdcl.ini

C:\Windows\system32\epoyid.dll

C:\Windows\system32\fccddabc.dll

C:\Windows\system32\jukivw.dll

C:\Windows\system32\jwpknelr.dll

C:\Windows\system32\lcdrgkhd.dll

C:\Windows\System32\pAIiRXyb.ini

C:\Windows\System32\pAIiRXyb.ini2

C:\Windows\system32\rnzufg.dll

C:\Windows\system32\ssqOFXRH.dll

C:\Windows\system32\tjjbohku.ini

C:\Windows\system32\vtuVmjJb.dll

C:\Windows\system32\xdjttqrt.dll

((((((((((((((((((((((( Ficheiros criados de 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))))

Nenhum ficheiro/arquivo criado durante este período

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-10-10 12:45 --------- d-----w C:\Users\eder\AppData\Roaming\Skype

2008-10-10 12:36 --------- d-----w C:\Users\eder\AppData\Roaming\skypePM

2008-10-10 12:30 --------- d-----w C:\Users\eder\AppData\Roaming\uTorrent

2008-10-09 19:38 --------- d-----w C:\ProgramData\FLEXnet

2008-10-07 11:39 472,524 ----a-w C:\Recursos_MXSTUDIO_Adobe.zip

2008-10-06 20:30 --------- d-----w C:\Program Files\TortoiseSVN

2008-10-06 20:29 --------- d-----w C:\Program Files\Common Files\TortoiseOverlays

2008-10-06 20:27 --------- d-----w C:\Users\eder\AppData\Roaming\Subversion

2008-10-03 00:31 --------- d-----w C:\Program Files\Gravity

2008-09-26 12:31 --------- d-----w C:\Program Files\Apple Software Update

2008-09-26 12:30 --------- d-----w C:\Users\eder\AppData\Roaming\Apple Computer

2008-09-26 12:29 --------- d-----w C:\ProgramData\Apple Computer

2008-09-26 12:29 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-26 12:29 --------- d-----w C:\Program Files\iTunes

2008-09-26 12:29 --------- d-----w C:\Program Files\iPod

2008-09-26 12:28 --------- d-----w C:\Program Files\Bonjour

2008-09-26 12:27 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-26 12:16 --------- d-----w C:\Program Files\QuickTime

2008-09-24 15:02 --------- d-----w C:\ProgramData\Roxio

2008-09-24 14:58 --------- d-----w C:\Program Files\AviSynth 2.5

2008-09-24 14:56 --------- d-----w C:\Program Files\eRightSoft

2008-09-24 14:55 --------- d-----w C:\Program Files\Easiestutils

2008-09-24 14:46 --------- d-----w C:\Program Files\Riva

2008-09-24 14:46 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-09-22 20:33 --------- d-----w C:\Program Files\RichFLV

2008-09-22 20:20 --------- d-----w C:\Users\eder\AppData\Roaming\de.betriebsraum.minitask.MiniTask.59043E270734A37363A375013A0E8B7849399976.

2008-09-22 20:20 --------- d-----w C:\Program Files\MiniTask

2008-09-22 16:54 --------- d-----w C:\Program Files\BitComet

2008-09-22 16:53 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-09-19 19:31 --------- d-----w C:\Users\educandus\AppData\Roaming\COWON

2008-09-18 04:06 --------- d-----w C:\Users\educandus\AppData\Roaming\Yahoo!

2008-09-18 04:05 --------- d-----w C:\Program Files\IVT Corporation

2008-09-18 00:59 --------- d-----w C:\Program Files\McAfee

2008-09-17 11:25 4,827,432 ----a-w C:\fmseditor_eclipseplugin.zip

2008-09-16 18:05 --------- d-----w C:\ProgramData\Yahoo! Companion

2008-09-16 11:51 --------- d-----w C:\Program Files\Yahoo!

2008-09-16 11:51 --------- d-----w C:\Program Files\FLV Player

2008-09-16 11:50 --------- d-----w C:\Users\eder\AppData\Roaming\Yahoo!

2008-09-12 12:41 --------- d-----w C:\Program Files\JetAudio

2008-09-11 19:44 6,373,116 ----a-w C:\es_baixa.zip

2008-09-11 13:42 2,915,181 ----a-w C:\multipleuis.zip

2008-09-09 12:06 --------- d-----w C:\Program Files\Add Remove Pro

2008-09-06 20:01 --------- d-----w C:\ProgramData\CyberLink

2008-09-05 15:31 --------- d-----w C:\ProgramData\Skype

2008-09-05 15:31 --------- d-----w C:\Program Files\Skype

2008-09-05 15:31 --------- d-----w C:\Program Files\Common Files\Skype

2008-09-04 17:21 --------- d-----w C:\Program Files\Adobe Media Player

2008-09-04 14:54 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-09-04 14:51 --------- d-----w C:\Program Files\KwikUML

2008-09-01 20:20 --------- d-----w C:\Program Files\Easy Uninstaller

2008-08-29 00:56 --------- d-----w C:\Users\eder\AppData\Roaming\CyberLink

2008-08-29 00:55 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-29 00:55 --------- d-----w C:\Program Files\Common Files\CyberLink

2008-08-29 00:52 --------- d-----w C:\Program Files\CyberLink

2008-08-28 16:50 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-08-26 16:50 --------- d-----w C:\Program Files\FlashDevelop

2008-08-20 19:44 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 20:55 --------- d-----w C:\Users\eder\AppData\Roaming\Publish Providers

2008-08-15 20:49 --------- d-----w C:\Users\eder\AppData\Roaming\Sony

2008-08-15 20:44 --------- d-----w C:\Program Files\Sony

2008-08-15 20:41 --------- d-----w C:\Program Files\Vstplugins

2008-08-15 20:39 --------- d-----w C:\Program Files\Sony Setup

2008-08-15 19:51 --------- d-----w C:\Program Files\Fly

2008-08-15 18:17 --------- d-----w C:\ProgramData\Apple

2008-08-14 12:08 --------- d-----w C:\Program Files\Google

2008-08-13 14:12 --------- d-----w C:\Program Files\FileZilla

2008-08-12 23:24 --------- d-----w C:\Users\eder\AppData\Roaming\Media Player Classic

2008-08-11 21:23 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-11 21:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-08-11 19:07 --------- d-----w C:\Users\eder\AppData\Roaming\Notepad++

2008-08-11 15:08 --------- d-----w C:\Program Files\Notepad++

2008-08-11 12:22 --------- d-----w C:\Users\eder\AppData\Roaming\COWON

2008-08-11 12:02 --------- d-----w C:\Program Files\Common Files\COWON

2008-08-08 19:34 174 --sha-w C:\Program Files\desktop.ini

2008-08-07 23:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-08-07 23:11 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-08-07 23:11 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-08-07 23:11 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-08-07 23:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-08-07 23:00 2,923,520 ----a-w C:\Windows\explorer.exe

2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll

2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll

PedroN· 10 de out.

Acesse o site do Virus Total

Faça uma busca pelo arquivo

C:\Users\eder\AppData\Roaming\de.betriebsraum.minitask.MiniTask.59043E270734A37363A375013A0E8B7849399976.

Depois clique em Enviar Arquivo

Poste os resultados

Faça o mesmo com o(s) arquivo(s) abaixo(s)

C:\es_baixa.zip

C:\multipleuis.zip

O log do combofix estar incompleto amigo, poste um novo log.

Mário Monteiro· 15 de nov.

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.