Scribd Logo
Importer

Bienvenue sur Scribd !

  • Combo Fix

    Transféré par

    elianerigato
    29 vues4 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    29 vues4 pages

    Combo Fix

    Transféré par

    elianerigato

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    ComboFix 12-01-23.02 - CLIENTE1 25/01/2012 9:15.1.

    1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.218 [GMT -2:00
    ]
    Executando de: c:\documents and settings\CLIENTE1\Meus documentos\Downloads\Comb
    oFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\078441d787a582adce0e7e2171812479
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\33f11277e5483b8207cde8ef71134210
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\4d2a15efb49fc02fe1ea1ba7cc36c7e8
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\4df398849b3c943ab608c417a877b12f
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\53399d9b1479c70296a4a7e0bc2ba9d1
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\60a0e7d31b853c75208a1d53ad68b3b1
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\7f10799b520eb75068523ed6bc9b4e3b
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\baf9ede953b14674fdac47589172031c
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\cache\cf4a2d64dc04acfea07c1e0c7d381ff2
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\include_files\10df9536f6a94fe378e20591f7829077
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\include_files\2457f858f97e82eda65e432eac74be80
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\include_files\f2d989530c2d8ae086261e590356fc71
    c:\documents and settings\CLIENTE1\Dados de aplicativos\Toolbar4\{977AE9CC-AF8345E8-9E03-E2798216E2D5}\include_files\f82075d3aae23204b585939f84953196
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-12-25 to 2012-01-25 )))))
    )))))))))))))))))))))))
    .
    .
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2008-04-14 09:00
    293888 ----a-wc:\windows\syste
    m32\winsrv.dll
    2011-11-23 14:40 . 2008-04-14 09:00
    1859712 ----a-wc:\windows\syste
    m32\win32k.sys
    2011-11-16 14:21 . 2008-04-14 09:00
    354816 ----a-wc:\windows\syste
    m32\winhttp.dll
    2011-11-16 14:21 . 2008-04-14 09:00
    152064 ----a-wc:\windows\syste
    m32\schannel.dll
    2011-11-04 19:13 . 2008-05-08 01:11
    916992 ----a-wc:\windows\syste

    m32\wininet.dll
    2011-11-04 19:13 . 2008-05-08 01:11
    43520 ----a-wc:\windows\syste
    m32\licmgr10.dll
    2011-11-04 19:13 . 2008-04-14 09:00
    1469440 ----a-wc:\windows\syste
    m32\inetcpl.cpl
    2011-11-04 11:25 . 2008-05-08 01:11
    385024 ----a-wc:\windows\syste
    m32\html.iec
    2011-11-03 15:28 . 2008-04-14 09:00
    386560 ----a-wc:\windows\syste
    m32\qdvd.dll
    2011-11-03 15:28 . 2008-04-14 09:00
    1296896 ----a-wc:\windows\syste
    m32\quartz.dll
    2011-11-01 16:07 . 2008-04-14 09:00
    1288192 ----a-wc:\windows\syste
    m32\ole32.dll
    2011-10-28 05:31 . 2008-04-14 09:00
    33280 ----a-wc:\windows\syste
    m32\csrsrv.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-05-08 . 5AFEEB90A6BD5885608F05E27CBEC1F8 . 1571840 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legtimas por padro no so apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE340
    26}]
    2010-07-02 11:54
    2607872 ----a-wc:\arquivos de programas\IMinent
    Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\arquivos de programas\IMinent Tool
    bar\tbcore3.dll" [2010-07-02 2607872]
    .
    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\arquivos de programas\IMinent Tool
    bar\tbcore3.dll" [2010-07-02 2607872]
    .
    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonito
    r.exe" [2006-10-27 31016]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 2
    81768]

    "IMBooster"="c:\arquivos de programas\Iminent\IMBooster\imbooster.exe" [2011-0330 1324008]


    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\
    jusched.exe" [2011-06-09 254696]
    "qubnfe"="c:\arquivos de programas\qubnfe\qubnfe.exe" [2011-08-01 1161008]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2009-03-08 128512]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
    Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader
    \reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader
    \AdobeCollabSync.exe [2006-10-23 734872]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ
    msv1_0 nwprovau
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Iminent\\IMBooster\\IMBooster.exe"=
    "c:\\Arquivos de programas\\Iminent\\MMServer\\Iminent.MMServer.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
    .
    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Av
    ira\AntiVir Desktop\sched.exe [17/11/2011 21:04 136360]
    .
    Contedo da pasta 'Tarefas Agendadas'
    .
    2100-01-10 c:\windows\Tasks\User_Feed_Synchronization-{C914C58A-350D-4647-B7BE-8
    CC93574EA26}.job
    - c:\windows\system32\msfeedssync.exe [2008-05-08 06:31]
    .
    .
    ------- Scan Suplementar ------.
    uStart Page = hxxp://search.iminent.com/?appId=da9aea6d-f7a0-4561-8cca-965d91e62
    00a&ref=homepage
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3
    000
    Trusted Zone: hotmail.com\www
    TCP: Interfaces\{D0C44ED1-02BF-43BE-A557-4352472A34BF}: NameServer = 187.60.160.
    35,187.60.160.36

    DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} - hxxp://www.fotoregistro.com.br/sof


    twares/ImageUploader7.cab
    .
    - - - - ORFOS REMOVIDOS - - - .
    URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2012-01-25 09:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    Tempo para concluso: 2012-01-25 09:30:24
    ComboFix-quarantined-files.txt 2012-01-25 11:30
    .
    Pr-execuo: 8 pasta(s) 31.031.046.144 bytes disponveis
    Ps execuo: 11 pasta(s) 31.309.942.784 bytes disponveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - 8D4AF40958602B2E1622631B9C687F09

    Vous aimerez peut-être aussi