Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    desigon
    26 views6 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views6 pages

    Combo Fix

    Uploaded by

    desigon

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ComboFix 11-12-05.04 - Jeane 06/12/2011 10:12:47.4.1 - x86 Executando de: c:\documents and settings\Jeane\Meus documentos\Downloads\ComboFi x.

    exe * Criado um novo ponto de restaurao . . ((((((((((((((((((((((((((((((((((((( Outras Excluses ))))))))))))))))))))))) )))))))))))))))))))))))))))) . . c:\documents and settings\Jeane\Dados de aplicativos\PriceGong c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\1.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\1.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\2229.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\2355.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\2666.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\450.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\a.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\a.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\b.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\b.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\c.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\c.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\d.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\d.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\e.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\e.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\f.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\f.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\g.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\g.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\h.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\h.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\i.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\i.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\j.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\J.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\k.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\k.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\l.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\l.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\m.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\m.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\mru.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\n.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\n.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\o.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\o.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\p.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\p.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\q.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\q.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\r.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\r.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\s.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\s.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\t.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\t.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\u.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\u.xml

    c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\v.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\v.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\w.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\w.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\wlu.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\x.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\x.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\y.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\y.xml c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\z.txt c:\documents and settings\Jeane\Dados de aplicativos\PriceGong\Data\z.xml c:\documents and settings\Jeane\WINDOWS c:\windows\CSC\d6 c:\windows\IsUn0416.exe c:\windows\Media\_tmp c:\windows\system32\_000002_.tmp.dll c:\windows\system32\_000004_.tmp.dll c:\windows\unin0416.exe . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-11-06 to 2011-12-06 ))))) ))))))))))))))))))))))) . . 2011-12-06 11:38 . 2011-12-06 11:38 29904 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definit ion Updates\{F7E4F83D-09B1-40CA-9DC3-F75C427ACE4F}\MpKsl7fdecd0b.sys 2011-12-05 12:01 . 2011-12-05 12:01 29904 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definit ion Updates\{F7E4F83D-09B1-40CA-9DC3-F75C427ACE4F}\MpKslf8306c8d.sys 2011-12-05 12:01 . 2011-12-06 11:38 56200 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definit ion Updates\{F7E4F83D-09B1-40CA-9DC3-F75C427ACE4F}\offreg.dll 2011-12-05 12:01 . 2011-11-21 10:47 6823496 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definit ion Updates\{F7E4F83D-09B1-40CA-9DC3-F75C427ACE4F}\mpengine.dll 2011-11-17 16:12 . 2011-11-17 16:12 389120 ------wc:\windows\Setup 1.exe 2011-11-16 11:21 . 2011-11-16 11:21 -------d-----wc:\docum ents and settings\Jeane\Dados de aplicativos\HiYo 2011-11-14 11:54 . 2011-11-14 11:54 -------d-----wc:\docum ents and settings\All Users\Dados de aplicativos\HiYo 2011-11-14 11:54 . 2011-11-14 11:54 -------d-----wc:\arqui vos de programas\HiYo . . . ((((((((((((((((((((((((((((((((((((( Relatrio Find3M ))))))))))))))))))))))) ))))))))))))))))))))))))))))) . 2011-11-17 16:12 . 2007-12-18 18:35 73216 ----a-wc:\windows\ST6UN ST.EXE 2011-10-14 11:15 . 2011-05-18 11:33 414368 ----a-wc:\windows\syste m32\FlashPlayerCPLApp.cpl 2011-10-07 03:48 . 2010-05-05 15:08 6668624 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definit ion Updates\Backup\mpengine.dll 2011-10-03 08:06 . 2010-04-28 14:19 472808 ----a-wc:\windows\syste m32\deployJava1.dll 2011-10-03 05:37 . 2008-03-05 12:34 73728 ----a-wc:\windows\syste

    m32\javacpl.cpl . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))) ))))))))))))))))))))))))) . . *Nota* entradas vazias e legtimas por padro no so apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2008-06-23 49152] "CertificateRegistration"="aetcrss1.exe" [2007-10-17 163840] "MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2010-1130 997408] "PlusService"="c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusServic e.exe" [2011-09-20 801792] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\ jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\ Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe " [2011-03-30 937920] "Hiyo"="c:\arquivos de programas\HiYo\bin\HiYo.exe" [2011-11-14 238960] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec uteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\windows\Downloaded Program Files\g biehuni.dll" [2007-10-08 336800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify \LMIinit] 2010-12-08 16:11 87424 ----a-wc:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas ^Inicializar^fbguad.exe] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas ^Inicializar^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas ^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE ] 2001-09-06 02:50 86016 ----a-wc:\windows\system32\pctspk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    2004-01-15 12:33 49152 -c--a-rc:\windows\system32\VTTimer.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Nasajon\\Sistemas\\persona.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R1 MpKslae17be0e;MpKslae17be0e; [x] R1 MpKslfb20f384;MpKslfb20f384; [x] R2 LMIGuardianSvc;LMIGuardianSvc; [x] R2 LMIInfo;LogMeIn Kernel Information Provider; [x] R3 GTwinUSB;GTwinUSB;c:\windows\system32\Drivers\GTwinUSB.sys [2004-06-28 61840] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008 -04-14 14336] R3 SWLD12;SAMSUNG 11Mbps WLAN MiniPCI/PCI Card;c:\windows\system32\DRIVERS\swld1 2.sys [2002-08-23 32768] S1 MpKsl7fdecd0b;MpKsl7fdecd0b;c:\documents and settings\All Users\Dados de apli cativos\Microsoft\Microsoft Antimalware\Definition Updates\{F7E4F83D-09B1-40CA-9 DC3-F75C427ACE4F}\MpKsl7fdecd0b.sys [2011-12-06 29904] S1 MpKslf8306c8d;MpKslf8306c8d;c:\documents and settings\All Users\Dados de apli cativos\Microsoft\Microsoft Antimalware\Definition Updates\{F7E4F83D-09B1-40CA-9 DC3-F75C427ACE4F}\MpKslf8306c8d.sys [2011-12-05 29904] . . --- =Outros Servios/Drivers Na Memria --. *NewlyCreated* - MPKSL7FDECD0B . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetspro v] 2007-10-18 16:06 77824 ----a-wc:\windows\system32\aetsprov.dll . Contedo da pasta 'Tarefas Agendadas' . 2011-12-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2 010-11-11 15:26]

    . . ------- Scan Suplementar ------. uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 192.168.0.1:6588 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com. br/GbPlugin/cab/GbPluginUni.cab . - - - - ORFOS REMOVIDOS - - - . AddRemove-ACI Windows - c:\windows\IsUn0416.exe AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0416.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/ /www.gmer.net Rootkit scan 2011-12-06 10:24 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------. [HKEY_USERS\S-1-5-21-789336058-1078145449-1801674531-1003\Software\Microsoft\Win dows\CurrentVersion\Explorer\FileExts\.*)*w*c%\OpenWithList] @Class="Shell" "a"="wmplayer.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-789336058-1078145449-1801674531-1003\Software\Microsoft\Win dows\CurrentVersion\Explorer\FileExts\.*)*w*c%\OpenWithProgids] ")w_auto_file"=hex(0): . --------------------- DLLs Carregadas Sob os Processos em Execuo -------------------. - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\Downloaded Program Files\gbiehuni.dll .

    Tempo para concluso: 2011-12-06 10:27:26 ComboFix-quarantined-files.txt 2011-12-06 13:27 ComboFix2.txt 2010-08-11 22:16 . Pr-execuo: 51 pasta(s) 227.759.902.720 bytes disponveis Ps execuo: 53 pasta(s) 228.080.750.592 bytes disponveis . - - End Of File - - 36096E943AB9924C98049A94B708AF30

    You might also like