Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Combo Fix

    Hochgeladen von

    Jobert Abrahão
    33 Ansichten4 Seiten

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    33 Ansichten4 Seiten

    Combo Fix

    Hochgeladen von

    Jobert Abrahão

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    ComboFix 11-10-18.02 - sula.vasques 18/10/2011 15:25:14.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1983.1223 [GMT -3:
    00]
    Executando de: c:\documents and settings\sula.vasques\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868
    DEABF7F0}
    .
    ATENAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAO INSTALADO !!
    .
    [i] ADS - system32: deleted 2 bytes in 1 streams. [/i]
    [i] ADS - drivers: deleted 208 bytes in 1 streams. [/i]
    .
    ((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    C:\JAMA
    c:\jama\CRAFT\DeSKtOp.InI
    c:\jama\CRAFT\pop.exe
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-09-18 to 2011-10-18 )))))
    )))))))))))))))))))))))
    .
    .
    2011-10-17 14:05 . 2011-10-17 14:05
    -------d-----wc:\docum
    ents and settings\All Users\Dados de aplicativos\Hewlett-Packard
    2011-10-17 14:04 . 2008-01-16 21:46
    117248 ----a-wc:\windows\syste
    m32\hpzpnp.dll
    2011-10-17 14:04 . 2008-01-16 21:45
    241664 ----a-wc:\windows\syste
    m32\Spool\prtprocs\w32x86\hpzpp5k4.DLL
    2011-10-17 14:04 . 2007-11-21 18:44
    348160 ----a-rc:\windows\syste
    m32\hpbicoin.dll
    2011-10-17 13:15 . 2011-10-17 13:15
    -------d-----wc:\docum
    ents and settings\Administrador\Dados de aplicativos\Softland
    2011-10-11 14:14 . 2011-10-11 14:14
    -------d-----wc:\docum
    ents and settings\genardo.oliveira
    2011-09-28 11:53 . 2011-10-13 15:47
    -------d-----wc:\docum
    ents and settings\sandro.foro
    2011-09-26 11:53 . 2011-09-26 11:54
    -------d-----wc:\docum
    ents and settings\wladimir.cardoso
    2011-09-20 18:39 . 2011-09-20 18:40
    -------d-----wc:\docum
    ents and settings\sula.vasques\Configuraes locais\Dados de aplicativos\WMTools Dow
    nloaded Files
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2011-10-17 12:39 . 2011-07-08 11:17
    414368 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legtimas por padro no so apresentadas.
    REGEDIT4

    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe"
    [2009-08-04 346320]
    "nwiz"="nwiz.exe" [2006-10-31 1622016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
    "McAfeeUpdaterUI"="c:\arquivos de programas\McAfee\Common Framework\udaterui.exe
    " [2009-01-16 136512]
    "ShStatEXE"="c:\arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2
    009-04-29 124240]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
    "SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
    "googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [200701-01 3735552]
    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2
    011-06-16 77824]
    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\
    Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
    " [2009-09-04 935288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
    Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSear
    ch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
    uteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desk
    top Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \ GbPluginCef]
    2011-04-18 18:12
    496072 ------wc:\arquivos de programas\GbPlugi
    n\gbiehcef.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngi
    neService]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [26/7/2011 11:06 4
    6664]
    R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\arquivos de programas\ASTRA32\astra3
    2.sys [22/2/2007 11:28 30864]
    R2 BCUService;Browser Configuration Utility Service;c:\arquivos de programas\Dev
    iceVM\Browser Configuration Utility\BCUService.exe [10/5/2011 11:33 219360]
    R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.e

    xe [9/3/2009 16:07 518688]


    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [26/7/2011 11:06 56776]
    R2 McAfeeEngineService;McAfee Engine Service;c:\arquivos de programas\McAfee\Vir
    usScan Enterprise\EngineServer.exe [29/4/2009 20:07 21256]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps
    .exe [10/5/2011 13:45 70216]
    R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [3/2/2009 12:43
    36384]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\arquivos de programas\ESRI\L
    icense\arcgis9x\lmgrd.exe [28/7/2011 10:51 467968]
    S2 gupdate;Servio do Google Update (gupdate);c:\arquivos de programas\Google\Upda
    te\GoogleUpdate.exe [17/8/2011 12:10 136176]
    S3 gupdatem;Servio do Google Update (gupdatem);c:\arquivos de programas\Google\Up
    date\GoogleUpdate.exe [17/8/2011 12:10 136176]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/5/
    2011 13:45 65224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ
    Pml Driver HPZ12 Net Driver HPZ12
    .
    Contedo da pasta 'Tarefas Agendadas'
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-17 15:10]
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-17 15:10]
    .
    2011-10-18 c:\windows\Tasks\User_Feed_Synchronization-{21D71A72-BC1C-4AB5-885F-5
    8850C0B53C8}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    2011-10-18 c:\windows\Tasks\User_Feed_Synchronization-{23B9E504-7119-4C69-8109-A
    AF340C7BE2F}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Scan Suplementar ------.
    uStart Page = hxxp://www.google.com.br/
    mStart Page = hxxp://br.yahoo.com/?fr=fp-grpj
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = 172.16.0.3:80
    uInternet Settings,ProxyOverride = <local>
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3
    000
    TCP: DhcpNameServer = 172.16.0.2
    .
    - - - - ORFOS REMOVIDOS - - - .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    HKLM_ActiveSetup-{13POP6M8-1MAD-24AD-JIM1-73OP5G2223335} - c:\jama\CRAFT\pop.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-10-18 15:31

    Windows 5.1.2600 Service Pack 3 NTFS


    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
    "ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.5\bin\mysqld\" --de
    faults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.5\my.ini\" MySQL"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execuo -------------------.
    - - - - - - - > 'winlogon.exe'(728)
    c:\arquivos de programas\GbPlugin\gbiehcef.dll
    c:\windows\system32\ieframe.dll
    .
    Tempo para concluso: 2011-10-18 15:33:05
    ComboFix-quarantined-files.txt 2011-10-18 18:33
    .
    Pr-execuo: 8 pasta(s) 63.402.520.576 bytes disponveis
    Ps execuo: 10 pasta(s) 63.920.537.600 bytes disponveis
    .
    - - End Of File - - 5AB373F607A66C8FBA9EB65657A90820

    Das könnte Ihnen auch gefallen