[Arquivado] Malwares malditos não saem.... analisem meu log

hisgue · Agosto 19, 2009

ComboFix 09-08-18.03 - micro 19/08/2009 14:00.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.360 [GMT -3:00]

Executando de: c:\documents and settings\micro\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\lsass.exe

A cópia de c:\windows\system32\mspmsnsv.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\system32\dllcache\mspmsnsv.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))

.

2009-08-19 17:07 . 2009-08-19 17:08 18432 ----a-w- C:\lsass.exe

2009-08-19 13:09 . 2009-08-19 13:24 -------- d-----w- C:\HiJackThis

2009-08-19 11:48 . 2009-08-12 18:26 459130 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2009-08-19 11:48 . 2009-07-22 20:43 127348 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aescn.dll

2009-08-19 11:48 . 2009-07-14 21:08 430452 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2009-08-19 11:48 . 2009-05-27 21:10 401783 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2009-08-19 11:48 . 2009-04-30 18:33 106868 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll

2009-08-19 11:48 . 2009-08-18 18:02 356725 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2009-08-19 11:48 . 2009-08-18 18:02 233846 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2009-08-19 11:48 . 2009-08-18 18:02 1921400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2009-08-19 11:48 . 2009-07-22 20:43 184694 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2009-08-19 11:48 . 2009-06-17 18:32 196987 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll

2009-08-19 11:48 . 2008-10-15 14:49 393588 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll

2009-08-19 11:48 . 2008-10-15 14:49 53618 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\FAILSAVE\aebb.dll

2009-08-19 11:28 . 2009-08-19 11:27 149508 ----a-w- c:\windows\msg.exe

2009-08-18 20:28 . 2009-08-18 20:28 -------- d-----w- c:\windows\system32\wbem\Repository

2009-08-17 20:13 . 2009-08-17 20:13 42 ----a-w- c:\arquivos de programas\Arquivos comuns\WindowsUpdate.zip

2009-08-16 19:53 . 2009-08-16 19:53 21248 ----a-w- c:\windows\system32\drivers\dup.sys

2009-08-13 17:12 . 2009-08-13 17:12 -------- d-----w- c:\windows\system32\Iosubsys

2009-08-13 17:12 . 2005-09-23 16:50 21808 ----a-w- c:\windows\system32\drivers\Aldebaran.sys

2009-08-13 17:12 . 2005-09-23 16:50 16855 ----a-w- c:\windows\system32\drivers\Achernar.sys

2009-08-13 17:10 . 2001-11-12 13:44 122880 ----a-w- c:\windows\system32\Nsvideo.dll

2009-08-13 16:59 . 2009-08-13 16:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Digi313

2009-08-13 16:59 . 2005-08-01 19:29 99476 ------w- c:\windows\system32\drivers\DXG014W2.sys

2009-08-13 16:59 . 2005-08-01 19:29 32140 ------w- c:\windows\system32\drivers\DXG014W1.sys

2009-08-13 16:59 . 2003-08-25 19:12 32768 ------r- c:\windows\system32\infcpy.dll

2009-08-13 16:40 . 2009-08-15 15:02 0 ----a-w- c:\windows\system32\drivers\ec76ad20.sys

2009-08-13 16:31 . 2009-08-13 18:44 87552 ----a-w- C:\purdrh.exe

2009-08-13 01:22 . 2009-08-15 15:02 0 ----a-w- c:\windows\system32\drivers\89689099.sys

2009-08-12 21:48 . 2009-08-19 12:19 0 ----a-w- c:\windows\system32\drivers\4ff5c451.sys

2009-08-12 18:23 . 2009-08-12 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-08-12 00:08 . 2009-08-12 00:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Newsoft

2009-08-12 00:08 . 1998-06-17 03:00 385100 ------w- c:\windows\system32\MSVCRTD.DLL

2009-08-12 00:07 . 2009-08-13 17:10 -------- d-----w- c:\arquivos de programas\NewSoft

2009-08-12 00:07 . 2009-08-13 17:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\NewSoft

2009-08-11 21:22 . 2009-08-12 21:42 0 ----a-w- c:\windows\system32\drivers\f2b8ff4.sys

2009-08-11 21:21 . 2009-08-19 17:00 18432 ----a-w- C:\emxuiyq.exe

2009-08-11 17:27 . 2009-08-11 17:27 -------- d-----w- c:\arquivos de programas\InProComm

2009-08-11 17:26 . 2003-12-30 03:00 116736 ----a-w- c:\windows\system32\drivers\i2120ntx.sys

2009-08-11 16:04 . 2009-08-19 12:28 107008 ----a-w- C:\yaewfl.exe

2009-08-10 20:56 . 2009-08-19 12:16 -------- d-----w- c:\windows\system32\NtmsData

2009-08-10 20:52 . 2009-08-10 20:54 -------- d-----w- c:\windows\system32\pt-br

2009-08-10 20:29 . 2006-09-06 20:43 22752 ----a-w- c:\windows\system32\spupdsvc.exe

2009-08-10 20:25 . 2009-08-10 20:53 -------- d--h--w- c:\windows\$hf_mig$

2009-08-10 20:25 . 2009-06-29 15:58 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-08-10 20:25 . 2009-06-29 15:58 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-08-10 20:25 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2009-08-10 20:25 . 2009-06-29 15:58 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-08-10 20:25 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2009-08-10 20:25 . 2009-06-29 15:58 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2009-08-10 20:25 . 2009-06-29 15:58 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2009-08-10 20:25 . 2009-07-19 13:29 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-08-04 01:28 . 2009-08-04 01:28 -------- d-----w- c:\documents and settings\micro\Dados de aplicativos\Samsung

2009-08-04 01:13 . 2006-05-04 01:53 174592 ----a-w- c:\windows\system32\framedyn.dll

2009-08-04 01:12 . 2007-05-02 14:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys

2009-08-04 01:12 . 2007-05-02 14:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys

2009-08-04 01:12 . 2007-05-02 14:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys

2009-08-04 01:12 . 2007-05-02 14:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys

2009-08-04 01:12 . 2007-05-02 14:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys

2009-08-04 01:12 . 2007-05-02 14:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys

2009-08-04 01:12 . 2007-05-02 14:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys

2009-08-04 01:12 . 2009-08-04 01:12 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers

2009-08-04 01:12 . 2006-07-24 19:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-08-04 01:11 . 2009-08-04 01:11 -------- d-----w- c:\arquivos de programas\Samsung

2009-08-01 16:11 . 2004-08-04 02:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-08-01 16:08 . 2009-08-01 16:08 -------- d-----w- c:\documents and settings\micro\Dados de aplicativos\Ahead

2009-08-01 15:58 . 2009-08-01 15:58 -------- d-----w- c:\documents and settings\micro\Dados de aplicativos\Media Player Classic

2009-07-31 13:02 . 2009-08-11 22:24 -------- d-----w- c:\documents and settings\micro\Contacts

2009-07-31 12:48 . 2009-07-31 12:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-07-31 12:48 . 2009-07-31 12:48 -------- d-----w- c:\arquivos de programas\CyberLink

2009-07-31 12:48 . 2009-08-13 17:12 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-31 12:48 . 2009-07-31 12:48 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution

2009-07-31 12:48 . 2004-03-11 16:27 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-07-31 12:47 . 2009-08-13 17:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-07-31 12:45 . 2003-06-19 04:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2009-07-31 12:44 . 2009-07-31 12:44 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-07-31 12:43 . 2009-07-31 12:44 -------- d-----w- c:\windows\SHELLNEW

2009-07-31 12:39 . 2009-07-31 12:39 -------- d--h--r- C:\MSOCache

2009-07-31 12:38 . 2009-08-07 20:53 -------- dc----w- c:\windows\system32\DRVSTORE

2009-07-31 12:34 . 2009-07-31 12:37 -------- dcsh--w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-07-31 12:34 . 2009-07-31 12:38 -------- d-----w- c:\arquivos de programas\Windows Live

2009-07-31 12:33 . 2009-07-31 12:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-07-31 12:33 . 2008-10-16 17:09 43544 ----a-w- c:\windows\system32\wups2.dll

2009-07-31 12:31 . 2009-07-31 12:31 -------- d-sh--w- c:\documents and settings\micro\UserData

2009-07-31 12:25 . 2009-07-31 12:25 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-07-31 12:25 . 2009-07-31 12:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-07-31 12:25 . 2009-07-31 12:25 -------- d-----w- c:\arquivos de programas\Nero

2009-07-31 12:20 . 2004-08-04 03:45 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-07-31 12:17 . 2002-06-29 17:41 414543 ----a-r- c:\windows\system32\drivers\cmuda.sys

2009-07-31 12:17 . 2002-06-14 12:51 28672 ----a-r- c:\windows\system32\udaprop.dll

2009-07-31 12:07 . 2009-07-31 12:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-07-31 12:07 . 2009-07-31 12:07 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2009-07-31 12:07 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll

2009-07-31 12:06 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-07-31 12:06 . 2008-09-25 08:03 81920 ----a-w- c:\windows\system32\dpl100.dll

2009-07-31 12:06 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll

2009-07-31 12:06 . 2008-10-28 22:35 684032 ----a-w- c:\windows\system32\divx.dll

2009-07-31 12:06 . 2008-11-24 14:32 57344 ----a-w- c:\windows\system32\ff_vfw.dll

2009-07-31 12:06 . 2009-07-31 12:06 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-07-31 12:06 . 2009-07-31 12:06 -------- d-----w- c:\arquivos de programas\DivX Total Pack

2009-07-31 12:05 . 2008-08-06 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-07-31 12:05 . 2008-08-06 18:27 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-07-31 12:05 . 2009-07-31 12:05 -------- d-----w- c:\windows\system32\Adobe

2009-07-31 12:03 . 2009-07-31 12:04 -------- d-----w- c:\arquivos de programas\Java

2009-07-31 12:03 . 2009-07-31 12:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-07-31 11:59 . 2009-08-04 01:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-07-31 11:56 . 2004-02-09 07:18 155648 ----a-r- c:\windows\system32\RTLCPAPI.dll

2009-07-31 11:56 . 2000-10-20 21:28 765952 ----a-r- c:\windows\system\crlds3d.dll

2009-07-31 11:56 . 2004-02-24 03:08 400384 ----a-r- c:\windows\system32\drivers\ALCXSENS.SYS

2009-07-31 11:56 . 2004-03-19 11:28 6964736 ----a-r- c:\windows\system32\RTLCPL.EXE

2009-07-31 11:49 . 2009-07-31 11:47 404225 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe

2009-07-31 11:49 . 2009-02-27 13:59 8961 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll

2009-07-31 11:49 . 2008-12-05 13:32 126721 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll

2009-07-31 11:46 . 2009-07-31 11:50 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-31 11:46 . 2009-07-31 11:50 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-31 11:46 . 2009-02-13 14:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-31 11:46 . 2009-02-13 14:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-31 11:46 . 2009-07-31 11:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-31 11:46 . 2009-07-31 11:46 -------- d-----w- c:\arquivos de programas\Avira

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-19 12:54 . 2001-10-28 12:07 48628 ----a-w- c:\windows\system32\perfc016.dat

2009-08-19 12:54 . 2001-10-28 12:07 344380 ----a-w- c:\windows\system32\perfh016.dat

2009-08-19 12:30 . 2009-08-17 20:24 906 ----a-w- c:\windows\Fonts\aldieofapqceo_setup.tmp

2009-08-19 12:26 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost.exe

2009-08-18 19:46 . 2009-07-30 11:59 90112 ----a-w- c:\windows\DUMPe442.tmp

2009-08-17 13:13 . 2009-07-30 11:59 90112 ----a-w- c:\windows\DUMPb456.tmp

2009-07-31 12:02 . 2009-07-31 12:02 2232 ----a-w- c:\windows\java\Packages\Data\FLBLZVZN.DAT

2009-07-31 12:02 . 2009-07-31 12:02 155995 ----a-w- c:\windows\java\Packages\57VBVP7F.ZIP

2009-07-31 12:02 . 2009-07-31 12:02 2678 ----a-w- c:\windows\java\Packages\Data\YT37F3JL.DAT

2009-07-31 12:02 . 2009-07-31 12:02 2678 ----a-w- c:\windows\java\Packages\Data\X775B9Z3.DAT

2009-07-31 12:02 . 2009-07-31 12:02 2678 ----a-w- c:\windows\java\Packages\Data\ENT3ZHF9.DAT

2009-07-31 12:02 . 2009-07-31 12:02 2678 ----a-w- c:\windows\java\Packages\Data\2YCO4649.DAT

2009-07-31 12:02 . 2009-07-31 12:02 2678 ----a-w- c:\windows\java\Packages\Data\WG35BR9F.DAT

2009-07-30 15:54 . 2009-07-30 15:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-30 15:25 . 2009-07-30 15:25 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-07-30 15:20 . 2009-07-30 15:20 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-07-30 15:19 . 2009-07-30 15:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-07-30 15:18 . 2009-07-30 15:18 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-29 15:58 . 2004-08-04 03:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 03:45 78336 ------w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 03:45 17408 ------w- c:\windows\system32\corpol.dll

2004-08-04 03:45 . 2004-08-04 03:45 174852 --sha-r- c:\windows\system32\ifrsid.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_12.51.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 12:07 . 2009-08-19 12:26 39992 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2009-08-19 12:54 39992 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2009-08-19 12:54 311604 c:\windows\system32\perfh009.dat

- 2001-10-28 12:07 . 2009-08-19 12:26 311604 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"16694"="C:\emxuiyq.exe" [2009-08-19 18432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

IPN2120 WLAN Configuration Utility.lnk - c:\arquivos de programas\InProComm\IPN2120\wlan_ui.exe [2003-12-30 446464]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\emxuiyq.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8437:TCP"= 8437:TCP:ewppckln

R0 achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [13/8/2009 14:12 16855]

R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

R3 aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [13/8/2009 14:12 21808]

R3 cwrwdm;SoundFusion WDM Driver;c:\windows\system32\drivers\cwrwdm.sys [30/7/2009 09:09 48640]

R3 ipn2120;INPROCOMM IPN2120 Wireless LAN Card Driver;c:\windows\system32\drivers\i2120ntx.sys [11/8/2009 14:26 116736]

S1 4ff5c451;4ff5c451;c:\windows\system32\drivers\4ff5c451.sys [12/8/2009 18:48 0]

S1 89689099;89689099;c:\windows\system32\drivers\89689099.sys [12/8/2009 22:22 0]

S1 ec76ad20;ec76ad20;c:\windows\system32\drivers\ec76ad20.sys [13/8/2009 13:40 0]

S1 f2b8ff4;f2b8ff4;c:\windows\system32\drivers\f2b8ff4.sys [11/8/2009 18:22 0]

S2 heuiakcvw;Server Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 wbydcz;Driver Image;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 hftoqn;hftoqn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

wbydcz

heuiakcvw

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 14:07

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8704"="c:\\emxuiyq.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hftoqn]

"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\heuiakcvw]

"ServiceDll"="c:\windows\system32\ifrsid.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wbydcz]

"ServiceDll"="c:\windows\system32\ifrsid.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2952)

c:\windows\system32\WININET.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

C:\lsass.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-19 14:11 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-19 17:11

ComboFix2.txt 2009-08-19 14:58

ComboFix3.txt 2009-08-19 12:54

Pré-execução: 4.345.929.728 bytes disponíveis

Pós execução: 4.337.008.640 bytes disponíveis

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

251

Power Max · Agosto 19, 2009

:thumbsup: Olá Hisgue! Seja bem-vindo ao Fórum Imasters.

:seta: O seu log já está sendo analizado no endereço abaixo:

http://www.guiadohardware.net/comunidade/malwares-malditos/1001524/

Mário Monteiro · Setembro 19, 2009

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Entrar

Arquivado

[Arquivado] Malwares malditos não saem.... analisem meu log

Recommended Posts

hisgue 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

Javascript - Passar Parâmetros para uma Função.

Tem como JS executar/chamar um programa externo?

PHP+Codeigniter - Importar Dados de uma Tabela para outra - MySql

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante