Scribd Logo
Importer

Bienvenue sur Scribd !

  • Análise de Remoção

    Transféré par

    sjames2014
    6 vues4 pages
    como foi feita a remoção de problema no micro.

    Titre original

    Análise de remoção

    Copyright

    © © All Rights Reserved

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    como foi feita a remoção de problema no micro.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    6 vues4 pages

    Análise de Remoção

    Transféré par

    sjames2014
    como foi feita a remoção de problema no micro.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    ComboFix 13-08-25.01 - Tcnico 27/08/2013 8:33.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1419 [GMT -3:
    00]
    Executando de: E:\ComboFix.exe
    AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    c:\windows\system64
    c:\windows\system64\msvcp100.dll
    c:\windows\system64\msvcr100.dll
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-07-27 to 2013-08-27 )))))
    )))))))))))))))))))))))
    .
    .
    2013-08-27 11:21 . 2013-08-27 11:21
    -------d-----wC:\User
    Data
    2013-08-22 13:49 . 2013-08-22 13:53
    -------d-----wC:\Temp
    2013-08-22 13:37 . 2013-08-22 13:37
    -------d-----wC:\MyWor
    ks
    2013-08-15 18:21 . 2013-08-15 18:21
    -------d-----wC:\ATI
    2013-08-14 18:33 . 2013-08-14 18:33
    -------d-----wC:\e57f8
    ee862c2a2582459d1889959
    2013-08-14 12:45 . 2013-08-14 13:04
    -------d-----wC:\7f1bb
    1f0c1fc52a43d262fb803a62897
    2013-08-13 18:28 . 2013-08-13 18:28
    -------d-----wC:\Intel
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2013-07-26 02:48 . 2004-08-04 12:00
    920064 ----a-wc:\windows\syste
    m32\wininet.dll
    2013-07-26 02:48 . 2004-08-04 12:00
    43520 ------wc:\windows\syste
    m32\licmgr10.dll
    2013-07-26 02:48 . 2004-08-04 12:00
    1469440 ------wc:\windows\syste
    m32\inetcpl.cpl
    2013-07-25 15:58 . 2004-08-04 12:00
    385024 ------wc:\windows\syste
    m32\html.iec
    2013-07-10 10:37 . 2004-08-04 12:00
    406016 ----a-wc:\windows\syste
    m32\usp10.dll
    2013-07-04 07:34 . 2004-08-04 12:00
    2153984 ----a-wc:\windows\syste
    m32\ntoskrnl.exe
    2013-07-04 07:33 . 2004-08-04 00:40
    2032640 ----a-wc:\windows\syste
    m32\ntkrnlpa.exe
    2013-06-05 09:08 . 2004-08-04 12:00
    1876864 ----a-wc:\windows\syste
    m32\win32k.sys
    2013-06-04 07:22 . 2004-08-04 12:00
    563712 ----a-wc:\windows\syste
    m32\qedit.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .

    .
    *Nota* entradas vazias e legtimas por padro no so apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859136]
    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2013-08-13 3
    45144]
    "StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLISta
    rt.exe" [2010-02-11 61440]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\
    jusched.exe" [2013-03-12 253816]
    "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDSe
    rv.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LGODDFU"="c:\arquivos de programas\lg_fwupdate\lgfw.exe" [2013-08-22 27760]
    "snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
    Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSear
    ch.exe /startup [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
    uteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desk
    top Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\eSafe\\eGdpSvc.exe
    "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [27/8/2013 08:2
    2 64480]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13/8/2013 16:39 37352]
    R2 AntiVirSchedulerService;Avira Agendamento;c:\arquivos de programas\Avira\Anti
    Vir Desktop\sched.exe [13/8/2013 16:40 84024]
    R3 BprotectEx;Baidu ProtectEx;\??\c:\windows\System32\drivers\BprotectEx.sys -->
    c:\windows\System32\drivers\BprotectEx.sys [?]
    R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [13/1
    /2009 03:00 451456]
    S4 AntiVirWebService;Avira Web Protection;c:\arquivos de programas\Avira\AntiVir
    Desktop\avwebgrd.exe [13/8/2013 16:39 589368]
    .
    --- =Outros Servios/Drivers Na Memria --.
    *NewlyCreated* - BHBASE
    *NewlyCreated* - BPROTECTEX
    .
    Contedo da pasta 'Tarefas Agendadas'
    .

    2013-08-27 c:\windows\Tasks\User_Feed_Synchronization-{4CEDCEF5-125C-4A9F-B1E6-A
    E1BF3D0E5B0}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Scan Suplementar ------.
    uStart Page = https://www.google.com.br/
    mStart Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor
    &uid=WDCXWD2500AAJS-00VTA0_WD-WMART097879278792&ts=1377602499
    LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
    TCP: DhcpNameServer = 143.107.209.9 143.107.209.10
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2013-08-27 08:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800
    _94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execuo -------------------.
    - - - - - - - > 'winlogon.exe'(756)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(812)
    c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll
    .
    Tempo para concluso: 2013-08-27 08:38:28
    ComboFix-quarantined-files.txt 2013-08-27 11:38
    .
    Pr-execuo: 11 pasta(s) 223.670.730.752 bytes disponveis
    Ps execuo: 12 pasta(s) 224.152.526.848 bytes disponveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - 7EF5E8FC9AB741180B3D77218B9AEA78
    239FC8B1C26D5286165A956F5A98D8D7

    Vous aimerez peut-être aussi