Scribd Logo
Importer

Bienvenue sur Scribd !

  • Combo Fix

    Transféré par

    olivansilva
    58 vues5 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    58 vues5 pages

    Combo Fix

    Transféré par

    olivansilva

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 5

    ComboFix 09-10-20.03 - rmartinho 21/10/2009 15:12.1.

    2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.495 [GMT -3:00
    ]
    Executando de: c:\documents and settings\rmartinho\Desktop\ComboFix.exe
    AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {B
    6BC6EF5-44E1-45DA-8B6B-355C323447CD}
    FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3E
    B6}
    ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
    .
    [i] ADS - system32: deleted 2 bytes in 1 streams. [/i]
    [i] ADS - drivers: deleted 254 bytes in 1 streams. [/i]
    (((((((((((((((( Arquivos/Ficheiros criados de 2009-09-21 to 2009-10-21 )))))
    )))))))))))))))))))))))
    .
    2009-10-19 19:36 . 2009-10-19 20:25 -------- d-----w- c:\temp\
    ncs
    2009-10-16 12:45 . 2009-10-21 17:17 -------- d-----w- c:\temp\
    admfin
    2009-09-30 20:47 . 2009-10-21 14:12 -------- d-----w- c:\arqui
    vos de programas\Time Sheet Fast Registry
    2009-09-30 18:43 . 2009-09-30 18:43 2455810 ----a-w- c:\arquivos de p
    rogramas\install.exe
    2009-09-23 12:35 . 2009-09-23 12:35 -------- d-----w- c:\temp\
    processo
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2009-10-21 18:26 . 2009-09-02 11:35 -------- d-----w- c:\arqui
    vos de programas\OCS Inventory Agent
    2009-10-21 18:24 . 2007-03-14 16:47 -------- d-----w- c:\docum
    ents and settings\All Users\Dados de aplicativos\GbPlugin
    2009-10-21 17:21 . 2007-11-09 16:53 -------- d-----w- c:\docum
    ents and settings\rmartinho\Dados de aplicativos\FileZilla
    2009-10-14 10:57 . 2007-03-14 16:49 -------- d-----w- c:\arqui
    vos de programas\GbPlugin
    2009-09-30 11:24 . 2009-01-21 12:48 -------- d-----w- c:\arqui
    vos de programas\Java
    2009-09-24 19:19 . 2008-12-11 12:01 30344 ----a-w- c:\windows\syste
    m32\drivers\GbpKm.sys
    2009-08-31 17:10 . 2007-07-26 16:02 -------- d-----w- c:\docum
    ents and settings\All Users\Dados de aplicativos\Skype
    2009-08-10 13:57 . 2009-08-10 13:53 21935408 ----a-w- c:\arqui
    vos de programas\QuickTimeInstaller.exe
    2009-07-25 08:23 . 2008-12-19 12:48 411368 ----a-w- c:\windows\syste
    m32\deploytk.dll
    2009-07-24 11:31 . 2009-07-24 11:31 302 ----a-w- c:\windows\chksi
    s.dat
    2009-07-23 11:20 . 2009-07-23 11:20 7945496 ----a-w- c:\arquivos de p
    rogramas\Firefox Setup 3.5.1.exe
    2009-06-25 15:05 . 2009-06-25 14:56 20631848 ----a-w- c:\arqui
    vos de programas\SkypeSetupFull.exe
    2009-06-17 20:07 . 2009-06-25 14:48 6831104 ----a-w- c:\arquivos de p
    rogramas\openproj-1.4.msi
    2009-05-15 12:25 . 2009-07-16 12:48 303473072 ----a-w- c:\arqui
    vos de programas\Office 2007 - SP2.exe
    2009-04-28 17:08 . 2009-04-28 17:03 7335872 ----a-w- c:\arquivos de p
    rogramas\Firefox Setup 3.0.4.exe
    2009-02-06 16:37 . 2008-06-09 14:21 2249512 ----a-w- c:\arquivos de p
    rogramas\SkypeSetup.exe
    2008-02-26 17:29 . 2008-02-26 17:29 8705840 ----a-w- c:\arquivos de p
    rogramas\winamp552_full_emusic-7plus_en-us.exe
    2008-01-09 13:43 . 2008-01-09 13:43 29011072 ----a-w- c:\arqui
    vos de programas\FileFormatConverters.exe
    2007-09-03 12:37 . 2007-09-03 12:37 13256032 ----a-w- c:\arqui
    vos de programas\PDFCreator-0_9_3_GPLGhostscript.exe
    2007-08-21 14:44 . 2007-08-21 14:44 31649848 ----a-w- c:\arqui
    vos de programas\visualmindsetup.exe
    2007-08-21 14:29 . 2007-08-21 14:29 5100848 ----a-w- c:\arquivos de p
    rogramas\dia-setup-0.95-1.zip
    2006-10-18 02:10 . 2007-09-19 13:45 14295672 ----a-w- c:\arqui
    vos de programas\gimp-2.3.12-i586-setup.exe
    2006-01-10 16:48 . 2007-09-19 13:33 3305152 ----a-w- c:\arquivos de p
    rogramas\ButtonFactory3.exe
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeScanNT Monitor"="c:\arquivos de programas\Trend Micro\OfficeScan Client\p
    ccntmon.exe" [2009-01-16 718120]
    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-
    07-25 149280]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\rmartinho\Menu Iniciar\Programas\Inicializar\
    AlarmeWebCalendar-Multi.exe.lnk - c:\webcalendar-lembrete\AlarmeWebCalendar-Mult
    i.exe [2009-9-30 1206784]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
    uteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbi
    ehuni.dll" [2009-09-18 314272]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \ GbPluginBb]
    2009-09-24 19:15 313224 ----a-w- c:\arquiv~1\GbPlugin\gbieh.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \ GbPluginUni]
    2009-09-18 19:57 314272 ------w- c:\arquivos de programas\GbPlugi
    n\gbiehuni.dll
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas
    ^Inicializar^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas
    ^Inicializar^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus
    ]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\CorporeRM\\RMNucleus\\RMNucleus.exe"=
    "c:\\cacic\\chkcacic.exe"=
    "c:\\WINDOWS\\chksis.exe"=
    "c:\\Cacic\\modulos\\ger_cols.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "55555:TCP"= 55555:TCP:Trend Micro OfficeScan Listener
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [11/12/2008 09:01
    30344]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [14/3/2007 13:49 53632]
    R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\arquivos de programas\OCS Inventory Ag
    ent\OcsService.exe [16/4/2009 11:24 69632]
    R2 RM.Host.Service;RM.Host.Service;c:\corporerm\RM.Net\RM.Host.Service.exe [24/1
    0/2007 17:09 20480]
    R2 TmFilter;Trend Micro Filter;c:\arquivos de programas\Trend Micro\OfficeScan C
    lient\TmXPFlt.sys [26/11/2008 14:42 225296]
    R2 TmPreFilter;Trend Micro PreFilter;c:\arquivos de programas\Trend Micro\Office
    Scan Client\tmpreflt.sys [26/11/2008 14:42 36368]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.
    sys [16/1/2009 16:13 338448]
    R3 TmPfw;OfficeScan NT Firewall;c:\arquivos de programas\Trend Micro\OfficeScan
    Client\TmPfw.exe [16/1/2009 16:10 488768]
    R3 TmProxy;OfficeScan NT Proxy Service;c:\arquivos de programas\Trend Micro\Offi
    ceScan Client\TmProxy.exe [16/1/2009 16:10 652552]
    S3 Oracleoracle92ClientCache;Oracleoracle92ClientCache;c:\oracle92\bin\ONRSD.EXE
    [26/4/2002 19:34 242328]
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    2009-10-21 c:\windows\Tasks\SDMsgUpdate (SD).job
    - c:\arquiv~1\SMARTD~1\Messages\SDNotify.exe [2007-10-02 19:28]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = hxxp://www.yahoo.com.br/
    uInternet Settings,ProxyServer = proxy.ima.sp.gov.br:3128
    uInternet Settings,ProxyOverride = *.ima.sp.gov.br;*.campinas.sp.gov.br;*.matera
    .com;172.16.*; 172.23.*;172.22.*;<local>
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3
    000
    Trusted Zone: madiaimoveis.com.br\www
    Trusted Zone: microsoft.com\office
    TCP: {22226F49-FC3A-46FB-AD57-DA1FD8DC8E98} = 172.21.0.197,172.23.24.4,172.16.10
    0.11
    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/p
    lugin/GbpDist.cab
    DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.
    br/GbPlugin/cab/GbPluginUni.cab
    FF - ProfilePath - c:\documents and settings\rmartinho\Dados de aplicativos\Mozi
    lla\Firefox\Profiles\p5o7na7x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.br/
    FF - prefs.js: network.proxy.ftp - proxy.ima.sp.gov.br
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.gopher - proxy.ima.sp.gov.br
    FF - prefs.js: network.proxy.gopher_port - 3128
    FF - prefs.js: network.proxy.http - proxy.ima.sp.gov.br
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - proxy.ima.sp.gov.br
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - proxy.ima.sp.gov.br
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\rmartinho\Dados de aplicativos\Mozilla
    \Firefox\Profiles\p5o7na7x.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8
    86C}\components\GbMzhBb.dll
    ---- FIREFOX POLICIES ----
    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
    rowser.fixup.alternate.suffix", ".com.br");
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2009-10-21 15:26
    Windows 5.1.2600 Service Pack 3 NTFS
    Procurando processos ocultos ...
    Procurando entradas auto inicializáveis ocultas ...
    Procurando ficheiros/arquivos ocultos ...
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    **************************************************************************
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução -----------------
    ----
    - - - - - - - > 'winlogon.exe'(976)
    c:\arquiv~1\GBPLUGIN\gbieh.dll
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    - - - - - - - > 'explorer.exe'(3696)
    c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll
    c:\arquivos de programas\TortoiseSVN\bin\intl3_svn.dll
    c:\arquiv~1\GBPLUGIN\gbieh.dll
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\Java\jre6\bin\jqs.exe
    c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
    c:\oracle92\bin\omtsreco.exe
    c:\arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
    c:\arquivos de programas\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    c:\windows\TEMP\BR7F2B.EXE
    c:\combofix\CF12185.exe
    c:\arquivos de programas\TortoiseSVN\bin\TSVNCache.exe
    c:\combofix\PEV.cfxxe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2009-10-21 15:30 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2009-10-21 18:30
    Pré-execução: 21 pasta(s) 47.162.929.152 bytes disponíveis
    Pós execução: 27 pasta(s) 46.308.696.064 bytes disponíveis
    - - End Of File - - ADDE487343971F7AB93EB91A23CC2CDE

    Vous aimerez peut-être aussi