Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Combo Fix

    Загружено:

    manoelsilbadada
    28 просмотров5 страниц

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    28 просмотров5 страниц

    Combo Fix

    Загружено:

    manoelsilbadada

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 5

    ComboFix 09-03-15.01 - User 2009-03-17 11:28:18.

    1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1013.603 [GMT -3:00
    ]
    Executando de: D:\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning enabled* (Updat
    ed)
    * Criado um novo ponto de restauro
    ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    -------\Legacy_GBPSV
    -------\Service_GbpSv

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-02-17 to 2009-03-17 )))))


    )))))))))))))))))))))))
    .
    2009-03-04 11:04 . 2009-03-04 11:04 32,480 --a------ c:\windows\syste
    m32\amFMExcul.exe
    2009-02-18 14:26 . 2001-08-17 21:56 7,552 --a------ c:\windows\syste
    m32\drivers\SONYPVU1.SYS
    2009-02-18 14:26 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\syste
    m32\dllcache\sonypvu1.sys
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2009-03-06 11:30 --------- d-----w c:\arquivos de programas\GbPlugi
    n
    2009-01-29 17:25 --------- d-----w c:\documents and settings\All Us
    ers\Dados de aplicativos\Advanced Chemistry Development
    2009-01-22 09:28 --------- d-----w c:\documents and settings\All Us
    ers\Dados de aplicativos\GbPlugin
    2008-10-03 12:03 32,768 -csha-w c:\windows\system32\config\systemprofile
    \Configurações locais\Histórico\History.IE5\MSHist012008100320081004\index.dat
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
    [2007-06-06 132760]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005
    -12-07 30208]
    "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Languag
    e.exe" [2006-05-18 49152]
    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\
    Reader_sl.exe" [2008-01-11 39792]
    "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 c:\windows\RTHDCPL.exe]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
    uteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2
    008-11-04 396192]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]amFMExcul
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
    rus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewa
    ll]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "2883:UDP"= 2883:UDP:Windows Media Format SDK (iexplore.exe)
    "2882:UDP"= 2882:UDP:Windows Media Format SDK (iexplore.exe)
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2009-01-21 31104]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-2
    7 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-27 20560]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{2236c060-1c5e-11dd-8a0c-0019d195d0a5}]
    \Shell\AutoRun\command - F:\30ed3.exe
    \Shell\explore\Command - F:\30ed3.exe
    \Shell\open\Command - F:\30ed3.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{745ffbb0-6fa4-11dd-8a85-0019d195d0a5}]
    \Shell\AutoRun\command - F:\laucher.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{745ffbb1-6fa4-11dd-8a85-0019d195d0a5}]
    \Shell\AutoRun\command - 2u.com
    \Shell\explore\Command - 2u.com
    \Shell\open\Command - 2u.com
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{7cc4dcae-aa74-11dd-8ac9-0019d195d0a5}]
    \Shell\AutoRun\command - ywkyql.exe
    \Shell\explore\Command - ywkyql.exe
    \Shell\open\Command - ywkyql.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{b2e6fe27-d1b6-11dd-8ae3-0019d195d0a5}]
    \Shell\AutoRun\command - 2u.com
    \Shell\explore\Command - 2u.com
    \Shell\open\Command - 2u.com
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{b7329c4a-f20a-11dd-8b1b-0019d195d0a5}]
    \Shell\Auto\command - sal.xls.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_
    RunDLL sal.xls.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{bb118bc7-f2b9-11dd-8b0a-0019d195d0a5}]
    \Shell\AutoRun\command - NTsys.exe
    \Shell\explore\Command - NTsys.exe
    \Shell\open\Command - NTsys.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
    s2\{bb118bcc-f2b9-11dd-8b0a-0019d195d0a5}]
    \Shell\AutoRun\command - F:\2u.com
    \Shell\explore\Command - F:\2u.com
    \Shell\open\Command - F:\2u.com
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = hxxp://www.puc-rio.br/
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3
    000
    DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.
    br/GbPlugin/cab/GbPluginUni.cab
    .
    .
    ------- Associação de arquivos/ficheiros -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2009-03-17 11:33:30
    Windows 5.1.2600 Service Pack 3 NTFS
    Procurando processos ocultos ...
    Procurando entradas auto inicializáveis ocultas ...
    Procurando ficheiros/arquivos ocultos ...
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    ]
    @DACL=(02 0000)
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    \dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    \igfxcui]
    @DACL=(02 0000)
    @=""
    "DLLName"="igfxdev.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução -----------------
    ----
    - - - - - - - > 'winlogon.exe'(728)
    c:\arquiv~1\GbPlugin\gbiehuni.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
    c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe
    c:\windows\system32\igfxsrvc.exe
    c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
    c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2009-03-17 11:38:35 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2009-03-17 14:38:32
    Pré-execução: 14 pasta(s) 26,306,244,608 bytes disponíveis
    Pós execução: 14 pasta(s) 26,298,191,872 bytes disponíveis
    160 --- E O F --- 2009-03-17 00:11:47

    Вам также может понравиться