Combo Fix
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Combo Fix as PDF for free.
More details
- Words: 517
- Pages: 4
ComboFix 09-08-31.03 - Lan 01/09/2009 9:55.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.729 [GMT -3:00] Executando de: c:\documents and settings\Lan\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482AA743-FDD3350758C7} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-01 to 2009-0901 )))))))))))))))))))))))))))) . 2009-09-01 12:28 . 2009-02-13 19:01 79105 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-09-01 12:28 . 2009-09-01 12:08 404737 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-09-01 12:28 . 2009-06-03 19:26 345345 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-09-01 12:28 . 2009-04-09 13:20 79105 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-09-01 12:28 . 2008-12-05 14:32 126721 ----a-wc:\documents and settings\All Users\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll . ((((((((((((((((((((((((((((((((((((( Relat�rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-01 12:29 . 2005-09-23 21:10 55656 ----a-wc:\windows\system32\drivers\avgntflt.sys 2009-07-30 11:39 . 2009-07-30 11:39 -------d-----wc:\arquivos programas\Arquivos comuns\Adobe 2009-07-09 11:49 . 2009-07-09 11:49 -------d-----wc:\arquivos programas\XMoto 2009-07-03 21:51 . 2009-07-03 21:50 -------d-----wc:\arquivos programas\PhotoScape 2009-07-03 21:35 . 2009-07-03 21:35 -------d-----wc:\arquivos programas\Google 2009-07-03 20:55 . 2005-09-23 18:46 -------d-----wc:\arquivos programas\FirebirdClient 2009-07-03 20:32 . 2009-07-03 20:32 -------d-----wc:\arquivos programas\Windows Media Connect 2 .
de de de de de de
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e leg�timas por defeito n�o s�o mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"
[2005-11-10 36975] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "VSCyber"="c:\vitesoft\Client\VSCyberClient.exe" [2009-02-09 1444352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon] 2005-11-20 11:21 49152 ----a-wc:\windows\system32\LogonDll.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /k:C * [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized Applications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOp enPorts\List] "1155:TCP"= 1155:TCP:VSCyber "445:TCP"= 445:TCP:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:@xpsp2res.dll,-22001 R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [20/11/2005 08:16 134016] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/9/2005 18:10 108289] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23/9/2005 10:53 10394624] . - - - - ORF�OS REMOVIDOS - - - HKLM-Run-Cmaudio - cmicnfg.cpl
. ------- Scan Suplementar ------. IE: E&xportar para o Microsoft Excel c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F1E7B069-48D3-4611-BACA-09DAD8D8300C} = 192.168.0.18 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Lan\Dados de aplicativos\Mozilla\Firefox\Profiles\yjsmti17.default\ FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll ---- FIREFOX POLICIES ---c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 10:01 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ�veis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execu��o --------------------- - - - - - - > 'winlogon.exe'(768) c:\windows\system32\LogonDll.dll - - - - - - - > 'explorer.exe'(2668) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclus�o: 2009-09-01 10:05 ComboFix-quarantined-files.txt 2009-09-01 13:04 Pr�-execu��o: 7 pasta(s) 99.329.150.976 bytes dispon�veis P�s execu��o: 7 pasta(s) 99.301.187.584 bytes dispon�veis
110
de de de de de de
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e leg�timas por defeito n�o s�o mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe"
[2005-11-10 36975] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "VSCyber"="c:\vitesoft\Client\VSCyberClient.exe" [2009-02-09 1444352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon] 2005-11-20 11:21 49152 ----a-wc:\windows\system32\LogonDll.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /k:C * [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized Applications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOp enPorts\List] "1155:TCP"= 1155:TCP:VSCyber "445:TCP"= 445:TCP:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:@xpsp2res.dll,-22001 R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [20/11/2005 08:16 134016] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/9/2005 18:10 108289] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23/9/2005 10:53 10394624] . - - - - ORF�OS REMOVIDOS - - - HKLM-Run-Cmaudio - cmicnfg.cpl
. ------- Scan Suplementar ------. IE: E&xportar para o Microsoft Excel c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F1E7B069-48D3-4611-BACA-09DAD8D8300C} = 192.168.0.18 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Lan\Dados de aplicativos\Mozilla\Firefox\Profiles\yjsmti17.default\ FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll ---- FIREFOX POLICIES ---c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 10:01 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ�veis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execu��o --------------------- - - - - - - > 'winlogon.exe'(768) c:\windows\system32\LogonDll.dll - - - - - - - > 'explorer.exe'(2668) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclus�o: 2009-09-01 10:05 ComboFix-quarantined-files.txt 2009-09-01 13:04 Pr�-execu��o: 7 pasta(s) 99.329.150.976 bytes dispon�veis P�s execu��o: 7 pasta(s) 99.301.187.584 bytes dispon�veis
110
