Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kened

[Arquivado] Análise log combofix.

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Kened    0

Kened
Postado

Boa tarde.

 

Quando eu tento abrir o Gerenciador de Tarefas aparece uma mesagem assim: O 'Gerenciador de Tarefas' foi desativado pelo administrador.

 

Bom, procurei sobre isso no google.. achei um topico falando pra tentar arrumar isso pelo gpedit.msc.

Fiz tudo como estava lá e não deu certo, e verifiquei que no meu caso se tratava de um virus.

 

Também não consigo abrir/remover/instalar nenhum anti-virus, nem consigo entrar no modo de segurança... !

Aparece uma tela azul com algo escrito que eu não fiz questão de memorizar...

 

O que devo fazer agora?

 

Desde já, agradeço.

 

Segue abaixo o log do combofix.

 

 

ComboFix 09-01-11.04 - PC 2009-01-12 13:33:39.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.699 [GMT -2:00]

Executando de: c:\documents and settings\PC\Meus documentos\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\x2tpc.cmd

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))

.

 

2009-01-12 11:31 . 2004-08-03 22:45 70,144 --a------ c:\windows\AhnRpta.exe

2009-01-12 03:39 . 2004-08-03 22:45 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-12 03:37 . 2009-01-12 13:36 90,112 -r-hs---- c:\windows\system32\ciuytr0.dll

2009-01-12 00:57 . 2009-01-12 13:22 181,760 -r-hs---- c:\windows\system32\vamsoft.exe

2009-01-11 19:11 . 2009-01-11 19:11 <DIR> d-------- c:\documents and settings\PC\Dados de aplicativos\Malwarebytes

2009-01-11 19:11 . 2009-01-11 19:11 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-01-11 19:11 . 2009-01-11 19:11 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-01-11 19:11 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-11 19:11 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-11 03:32 . 2009-01-12 03:03 90,112 -r-hs---- c:\windows\system32\ciuytr2.dll

2009-01-11 02:13 . 2009-01-12 13:29 <DIR> d-------- C:\!KillBox

2009-01-11 02:02 . 2009-01-12 03:00 <DIR> d-------- C:\HijackThis

2009-01-11 02:02 . 2009-01-11 02:02 <DIR> d-------- c:\arquivos de programas\Trend Micro

2009-01-11 00:58 . 2009-01-11 21:50 <DIR> d-------- c:\arquivos de programas\MuDominium

2009-01-10 22:28 . 2001-08-17 21:53 4,992 --a------ c:\windows\system32\drivers\loop.sys

2009-01-10 22:28 . 2001-08-17 21:53 4,992 --a--c--- c:\windows\system32\dllcache\loop.sys

2009-01-10 14:58 . 2009-01-12 13:14 90,112 -r-hs---- c:\windows\system32\ciuytr1.dll

2009-01-10 14:57 . 2009-01-07 18:48 121,594 -r-hs---- C:\xcisvxl.com

2009-01-10 02:45 . 2009-01-10 02:45 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-01-10 02:26 . 2009-01-10 02:26 <DIR> d-------- c:\arquivos de programas\No-IP

2009-01-10 01:10 . 2009-01-10 01:19 1,690 --a------ c:\windows\ODBC.INI

2009-01-10 00:46 . 2009-01-10 00:46 1,744 --a------ c:\windows\sql.mif

2009-01-10 00:44 . 2000-08-06 01:51 274,489 --a------ c:\windows\system32\ntwdblib.dll

2009-01-10 00:44 . 2000-08-06 01:51 192,569 --a------ c:\windows\system32\msrpjt40.dll

2009-01-10 00:44 . 2000-07-07 12:20 81,920 --a------ c:\windows\system32\mdt2fw95.dll

2009-01-10 00:44 . 2000-08-06 01:50 36,939 --a------ c:\windows\system32\insrepim.exe

2009-01-10 00:44 . 2000-08-06 01:51 32,830 --a------ c:\windows\system32\dbmsshrn.dll

2009-01-10 00:44 . 2000-08-06 01:51 28,734 --a------ c:\windows\system32\dbmslpcn.dll

2009-01-10 00:43 . 2009-01-10 00:43 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server

2009-01-10 00:42 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-01-10 00:42 . 2009-01-10 00:46 1,273 --a------ c:\windows\setup.iss

2009-01-09 23:36 . 2009-01-10 00:02 <DIR> d-------- c:\documents and settings\PC\Dados de aplicativos\Audacity

2009-01-09 17:51 . 2009-01-09 17:51 33 --a------ c:\windows\Multimedia manager.INI

2009-01-09 15:28 . 2009-01-11 21:55 <DIR> d-------- C:\SQLEVAL

2009-01-07 20:59 . 2009-01-07 20:59 <DIR> d-------- c:\documents and settings\PC\Dados de aplicativos\Samsung

2009-01-07 20:46 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll

2009-01-07 20:45 . 2009-01-07 20:57 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys

2009-01-07 20:35 . 2009-01-07 20:35 <DIR> d-------- c:\arquivos de programas\Samsung

2009-01-07 20:33 . 2009-01-07 20:46 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers

2009-01-07 20:33 . 2007-05-02 11:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys

2009-01-07 20:33 . 2007-05-02 11:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys

2009-01-07 20:33 . 2007-05-02 11:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys

2009-01-07 20:33 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys

2009-01-07 20:33 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys

2009-01-07 20:33 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys

2009-01-07 20:33 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys

2009-01-07 20:33 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico

2009-01-06 03:00 . 2009-01-06 03:00 <DIR> d-------- c:\documents and settings\PC\Dados de aplicativos\Yahoo!

2009-01-06 03:00 . 2009-01-06 10:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-01-06 03:00 . 2009-01-06 03:00 <DIR> d-------- c:\arquivos de programas\Yahoo!

2008-12-30 16:00 . 2009-01-10 23:03 <DIR> d-------- c:\arquivos de programas\MessengerDiscovery

2008-12-30 16:00 . 2004-03-09 01:00 609,824 --a------ c:\windows\system32\COMCTL32.ocx

2008-12-30 16:00 . 2004-03-08 23:00 152,848 --a------ c:\windows\system32\comdlg32.OCX

2008-12-30 16:00 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx

2008-12-28 14:59 . 2008-12-28 14:59 268 --ah----- C:\sqmdata07.sqm

2008-12-28 14:59 . 2008-12-28 14:59 244 --ah----- C:\sqmnoopt07.sqm

2008-12-28 11:28 . 2008-12-28 11:28 244 --ah----- C:\sqmnoopt06.sqm

2008-12-28 11:28 . 2008-12-28 11:28 232 --ah----- C:\sqmdata06.sqm

2008-12-28 10:23 . 2008-12-28 10:23 268 --ah----- C:\sqmdata05.sqm

2008-12-28 10:23 . 2008-12-28 10:23 244 --ah----- C:\sqmnoopt05.sqm

2008-12-27 15:30 . 2008-12-27 15:30 <DIR> d-------- c:\arquivos de programas\CIB

2008-12-25 15:57 . 2008-12-25 15:57 <DIR> d-------- c:\documents and settings\PC\Dados de aplicativos\Foxit

2008-12-25 15:56 . 2008-12-25 15:56 <DIR> d-------- c:\arquivos de programas\Foxit Software

2008-12-20 22:29 . 2008-12-20 22:29 110,592 --a------ c:\windows\system32\gameguard.dis

2008-12-15 09:46 . 2009-01-11 18:00 <DIR> d-------- c:\arquivos de programas\Norton Security Scan

2008-12-15 09:46 . 2009-01-09 18:01 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-12-15 06:45 . 2009-01-02 17:59 <DIR> d-------- c:\windows\system32\Adobe

2008-12-14 10:15 . 2008-12-14 10:15 268 --ah----- C:\sqmdata04.sqm

2008-12-14 10:15 . 2008-12-14 10:15 244 --ah----- C:\sqmnoopt04.sqm

2008-12-13 19:11 . 2008-12-13 19:11 268 --ah----- C:\sqmdata03.sqm

2008-12-13 19:11 . 2008-12-13 19:11 244 --ah----- C:\sqmnoopt03.sqm

2008-12-12 23:07 . 2008-12-12 23:07 244 --ah----- C:\sqmnoopt02.sqm

2008-12-12 23:07 . 2008-12-12 23:07 232 --ah----- C:\sqmdata02.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-12 15:22 181,760 --sh--r C:\x2tpc.cmd

2009-01-12 04:23 --------- d-----w c:\arquivos de programas\Google

2009-01-10 16:00 --------- d-----w c:\arquivos de programas\CCleaner

2009-01-10 02:38 --------- d-----w c:\documents and settings\PC\Dados de aplicativos\LimeWire

2009-01-07 22:45 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-01-04 23:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-24 00:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-12-02 00:27 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-12-01 23:59 --------- d-----w c:\documents and settings\PC\Dados de aplicativos\DivX

2008-11-30 13:14 --------- d-----w c:\documents and settings\PC\Dados de aplicativos\Trans Wait

2008-11-30 13:09 --------- d-----w c:\arquivos de programas\Alwil Software

2008-11-29 23:26 --------- d-----w c:\arquivos de programas\Kaspersky Lab

2008-11-29 21:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg7

2008-11-28 21:17 --------- d-----w c:\arquivos de programas\Arquivos comuns\snpstd3

2008-11-28 21:16 --------- d-----w c:\documents and settings\PC\Dados de aplicativos\InstallShield

2008-11-28 20:55 --------- d-----w c:\arquivos de programas\Java

2008-11-28 20:53 --------- d-----w c:\arquivos de programas\LimeWire

2008-11-28 20:44 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-11-28 20:44 --------- d-----w c:\arquivos de programas\Circle Developement

2008-11-28 17:56 --------- d-----w c:\arquivos de programas\Windows Live

2008-11-28 17:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-11-28 17:21 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-11-28 17:08 --------- d-----w c:\arquivos de programas\AztDrv

2008-11-28 17:08 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-28 17:04 --------- d-----w c:\arquivos de programas\ATI Technologies

2008-11-28 13:49 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-28 13:46 --------- d-----w c:\arquivos de programas\DivX

2008-11-27 17:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-27 17:40 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-27 17:40 --------- d-----w c:\arquivos de programas\Ahead

2008-11-27 17:39 --------- d-----w c:\arquivos de programas\CyberLink DVD Solution

2008-11-27 17:39 --------- d-----w c:\arquivos de programas\CyberLink

2008-11-27 17:17 --------- d-----w c:\arquivos de programas\MSBuild

2008-11-27 17:17 --------- d-----w c:\arquivos de programas\Microsoft Works

2008-11-27 16:52 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-27 16:50 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-27 16:49 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2004-10-01 17:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-11_20.56.10.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2000-08-31 10:00:00 28,672 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 10:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2004-08-04 00:45:34 78,848 ----a-w c:\windows\system32\afmain0.dll

+ 2004-08-04 00:45:34 78,848 ----a-w c:\windows\system32\afmain1.dll

+ 2009-01-12 04:25:12 262,144 ----a-w c:\windows\system32\config\systemprofile\NtUser.dat

+ 2009-01-12 15:36:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_18c.dat

- 2009-01-11 22:52:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_580.dat

+ 2009-01-12 15:36:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_580.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vamsoft"="c:\windows\system32\vamsoft.exe" [2009-01-12 107623]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 413696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain1.dll" [2004-08-03 78848]

 

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\NTUSER.DAT

backup=c:\windows\pss\NTUSER.DATCommon Startup

 

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

backup=c:\windows\pss\ntuser.dat.LOGCommon Startup

 

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

backup=c:\windows\pss\ntuser.iniCommon Startup

 

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

backup=c:\windows\pss\ntuser.polCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 108840 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 102400 c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2006-09-18 14:12 913408 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-28 18:55 312728 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

--a------ 2007-03-30 17:44 331776 c:\windows\tsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vamsoft]

--a------ 2009-01-12 13:39 210023 c:\windows\system32\vamsoft.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\No-IP\\DUC20.exe"=

"c:\\x2tpc.cmd"=

"c:\\WINDOWS\\system32\\vamsoft.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\Arquivos de programas\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\Alwil Software\\Avast4\\aswRunDll.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\Arquivos de programas\\ATI Technologies\\ATI Control Panel\\atiprbxx.exe"=

"c:\\Arquivos de programas\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44405:TCP"= 44405:TCP:44405

"44405:UDP"= 44405:UDP:44405

"55901:UDP"= 55901:UDP:55901

"8090:TCP"= 8090:TCP:8090

"8090:UDP"= 8090:UDP:8090

"55557:TCP"= 55557:TCP:55557

"55557:UDP"= 55557:UDP:55557

"55901:TCP"= 55901:TCP:55901

 

S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]

 

--- ---

 

*NewlyCreated* - DAC970NT

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919dd25e-bffb-11dd-b95a-0011d8b109b8}]

\SheLl\AutOPlay\cOmmaND - D:\hjljr.pif

\SheLl\AutoRun\command - D:\hjljr.pif

\SheLl\exPlore\CommaNd - D:\hjljr.pif

\SheLl\open\CoMMand - D:\hjljr.pif

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-11 c:\windows\Tasks\Norton Security Scan for PC.job

- c:\arquivos de programas\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE

MSConfigStartUp-CTFMON - c:\windows\system32\ctfmon.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {90874C93-6A16-435F-95E2-6D180A860267} = 10.1.1.1

FF - ProfilePath - c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\fbhdepd1.default\

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=pt-br&FORM=MIMWA1&q=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

.

------- Associação de arquivos/ficheiros -------

.

txtfile=Notepad.exe "%1"

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-12 13:36:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(544)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquiv~1\MI6841~1\MSSQL\Binn\sqlservr.exe

c:\docume~1\PC\CONFIG~1\temp\wintwce.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-12 13:40:19 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-12 15:40:17

ComboFix2.txt 2009-01-12 04:58:19

 

Pré-execução: 13 pasta(s) 58.740.760.576 bytes disponíveis

Pós execução: 13 pasta(s) 58,633,285,632 bytes disponíveis

 

290

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Movido

 

Origem: Artigos, Tutoriais e Matérias (Segurança & Malwares) :seta: Destino: Segurança & Malwares

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Kened

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\docume~1\PC\CONFIG~1\temp\wintwce.exe

c:\windows\system32\ciuytr0.dll

c:\windows\system32\vamsoft.exe

c:\windows\system32\ciuytr2.dll

c:\windows\system32\ciuytr1.dll

c:\windows\system32\afmain0.dll

c:\windows\system32\afmain1.dll

C:\xcisvxl.com

C:\x2tpc.cmd

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt06.sqm

C:\sqmdata06.sqm

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt02.sqm

C:\sqmdata02.sqm

D:\hjljr.pif

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919dd25e-bffb-11dd-b95a-0011d8b109b8}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vamsoft]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vamsoft"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

"UacDisableNotify"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Dirlook::

c:\windows\system32\GroupPolicy

Folder::

C:\!KillBox

Driver::

"dac970nt"

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito