Combo Fix

ComboFix 09-10-06.04 - Antonio 07/10/2009 19:11.3.
1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.959.668 [GMT -3:00]
Executando de: c:\documents and settings\Antonio\Meus documentos\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091007-0] *On-access scanning disabled*
(Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-07 to 2009-10-

07 ))))))))))))))))))))))))))))
.
2009-10-05 18:01 . 2004-08-04 01:58 5504 -c--a-w-

c:\windows\system32\dllcache\mstee.sys
2009-10-05 18:01 . 2004-08-04 01:58 5504 ----a-w-
c:\windows\system32\drivers\MSTEE.sys
2009-10-05 18:01 . 2004-08-04 02:10 10880 -c--a-w-
c:\windows\system32\dllcache\ndisip.sys
2009-10-05 18:01 . 2004-08-04 02:10 10880 ----a-w-
c:\windows\system32\drivers\NdisIP.sys
2009-10-05 18:01 . 2004-08-04 02:10 15360 -c--a-w-
c:\windows\system32\dllcache\streamip.sys
2009-10-05 18:01 . 2004-08-04 02:10 15360 ----a-w-
c:\windows\system32\drivers\StreamIP.sys
2009-10-05 18:01 . 2004-08-04 02:10 11136 -c--a-w-
c:\windows\system32\dllcache\slip.sys
2009-10-05 18:01 . 2004-08-04 02:10 11136 ----a-w-
c:\windows\system32\drivers\SLIP.sys
2009-10-05 18:00 . 2004-08-04 02:10 19328 -c--a-w-
c:\windows\system32\dllcache\wstcodec.sys
2009-10-05 18:00 . 2004-08-04 02:10 19328 ----a-w-
c:\windows\system32\drivers\WSTCODEC.SYS
2009-10-05 18:00 . 2004-08-04 02:10 85376 -c--a-w-
c:\windows\system32\dllcache\nabtsfec.sys
2009-10-05 18:00 . 2004-08-04 02:10 85376 ----a-w-
c:\windows\system32\drivers\NABTSFEC.sys
2009-10-05 18:00 . 2004-08-04 02:10 17024 -c--a-w-
c:\windows\system32\dllcache\ccdecode.sys
2009-10-05 18:00 . 2004-08-04 02:10 17024 ----a-w-
c:\windows\system32\drivers\CCDECODE.sys
2009-10-05 18:00 . 2004-08-04 03:45 54784 -c--a-w-
c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-05 18:00 . 2004-08-04 03:45 54784 ----a-w-
c:\windows\system32\vfwwdm32.dll
2009-10-05 18:00 . 2004-08-04 02:10 78464 -c--a-w-
c:\windows\system32\dllcache\usbvideo.sys
2009-10-05 18:00 . 2004-08-04 02:10 78464 ----a-w-
c:\windows\system32\drivers\usbvideo.sys
2009-10-05 04:33 . 2003-04-03 15:10 46080 ----a-w-
c:\windows\system32\_easywall.dll
2009-10-05 04:32 . 2009-10-05 04:32 -------- d-----w- c:\arquivos de
programas\TinaSoft
2009-10-05 04:32 . 2002-05-09 21:37 97792 ----a-w-
c:\windows\system32\gjfbus17.dll
2009-10-05 04:32 . 1997-09-18 09:12 9488 ----a-w-
c:\windows\system32\sporder.Dll
2009-10-05 03:41 . 2009-10-05 03:41 -------- d-----w- c:\arquivos de
programas\Microsoft Works
2009-10-05 03:36 . 2009-10-05 03:41 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 03:36 . 2009-10-05 03:42 -------- d-----w- c:\documents and
settings\All Users\Dados de aplicativos\Microsoft Help
2009-10-05 03:35 . 2009-10-05 03:35 -------- d-----r- C:\MSOCache
settings\All Users\Dados de aplicativos\NOS
2009-10-04 20:50 . 2009-10-04 20:50 -------- d-----w- c:\arquivos de
programas\NOS
settings\Antonio\Dados de aplicativos\AdobeUM
2009-10-04 19:58 . 2009-10-04 20:00 -------- d-----w- c:\arquivos de
programas\Valve
2009-10-04 19:43 . 2009-10-04 19:43 -------- d-sh--w- c:\documents and
settings\Antonio\IECompatCache
settings\Antonio\PrivacIE
settings\Antonio\Tracing
2009-10-04 19:31 . 2009-10-04 19:31 -------- d-----w- c:\arquivos de
programas\Microsoft
2009-10-04 19:31 . 2009-10-04 19:31 -------- d-----w- c:\arquivos de
programas\Windows Live SkyDrive
2009-10-04 19:31 . 2009-10-04 19:31 -------- d-----w- c:\arquivos de
programas\Windows Live
2009-10-04 19:29 . 2009-10-04 19:29 -------- d-----w- c:\arquivos de
programas\Arquivos comuns\Windows Live
settings\Antonio\IETldCache
2009-10-04 19:25 . 2009-10-04 19:27 -------- dc-h--w- c:\windows\ie8
2009-10-04 19:25 . 2009-10-04 19:27 -------- d-----w- c:\windows\system32\pt-
BR
2009-10-04 19:13 . 2009-10-04 19:13 -------- d-----w- c:\arquivos de
programas\InterVideo
2009-10-04 19:05 . 2009-08-17 16:04 23152 ----a-w-
c:\windows\system32\drivers\aswRdr.sys
2009-10-04 19:05 . 2009-08-17 16:04 51376 ----a-w-
c:\windows\system32\drivers\aswTdi.sys
2009-10-04 19:05 . 2009-08-17 16:03 26944 ----a-w-
c:\windows\system32\drivers\aavmker4.sys
2009-10-04 19:05 . 2009-08-17 16:02 97480 ----a-w-
c:\windows\system32\AvastSS.scr
2009-10-04 19:04 . 2009-08-17 16:06 93392 ----a-w-
c:\windows\system32\drivers\aswmon.sys
2009-10-04 19:04 . 2009-08-17 16:06 94160 ----a-w-
c:\windows\system32\drivers\aswmon2.sys
2009-10-04 19:04 . 2009-08-17 16:05 114768 ----a-w-
c:\windows\system32\drivers\aswSP.sys
2009-10-04 19:04 . 2009-08-17 16:05 20560 ----a-w-
c:\windows\system32\drivers\aswFsBlk.sys
2009-10-04 19:04 . 2009-08-17 16:10 1279456 ----a-w-
c:\windows\system32\aswBoot.exe
2009-10-04 19:04 . 2003-03-18 21:20 1060864 ----a-w-
c:\windows\system32\MFC71.dll
2009-10-04 19:04 . 2009-10-04 19:04 -------- d-----w- c:\arquivos de
programas\Alwil Software
2009-10-04 19:03 . 2004-08-04 02:08 26496 -c--a-w-
c:\windows\system32\dllcache\usbstor.sys
2009-10-04 18:31 . 2009-10-04 18:32 -------- d-----w- c:\arquivos de
programas\Activision
2009-10-04 18:24 . 2009-10-04 18:24 -------- d-----w- c:\arquivos de
programas\Arquivos comuns\Adobe
2009-10-04 18:14 . 2005-01-06 02:02 6912 ----a-w-
c:\windows\system32\drivers\vulfnth.sys
2009-10-04 18:14 . 2003-10-03 19:28 45056 ----a-w-
c:\windows\system32\vusetup.dll
2009-10-04 18:14 . 2005-06-07 01:51 11264 ----a-w-
c:\windows\system32\drivers\vulfntr.sys
2009-10-04 18:14 . 1998-11-13 16:18 308224 ----a-w- c:\windows\IsUn0416.exe
2009-10-04 18:13 . 2005-06-22 10:35 43008 ----a-w-
c:\windows\system32\drivers\fetnd5bv.sys
2009-10-04 18:13 . 2005-06-17 11:41 61440 ----a-w-
c:\windows\system32\vuins32.dll
2009-10-04 18:13 . 2009-10-04 18:13 -------- d-----w- c:\windows\vnDrvBas
2009-10-04 18:11 . 2009-10-07 22:04 -------- d-----w-
c:\windows\system32\Lang
2009-10-04 18:00 . 2009-01-07 21:21 26144 ----a-w-
c:\windows\system32\spupdsvc.exe
2009-10-04 18:00 . 2006-03-02 12:13 360448 ------r- c:\windows\RtlUpd.exe
2009-10-04 18:00 . 2006-02-20 09:00 86016 ------r- c:\windows\SoundMan.exe
2009-10-04 18:00 . 2006-03-03 11:12 4244480 ------r-
c:\windows\system32\drivers\RtkHDAud.Sys
2009-10-04 18:00 . 2006-02-20 09:05 9712640 ------r- c:\windows\RTLCPL.exe
2009-10-04 18:00 . 2006-03-03 22:44 16006656 ------r- c:\windows\RTHDCPL.exe
2009-10-04 18:00 . 2006-01-09 06:32 2158592 ------r- c:\windows\MicCal.exe
2009-10-04 18:00 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-10-04 18:00 . 2006-02-20 09:01 2809856 ------r- c:\windows\alcwzrd.exe
2009-10-04 18:00 . 2009-10-04 18:00 -------- d-----w- c:\arquivos de
programas\Realtek
.
((((((((((((((((((((((((((((((((((((( Relat�rio
Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 19:58 . 2009-10-04 17:47 -------- d--h--w- c:\arquivos de
programas\InstallShield Installation Information
2009-10-04 19:12 . 2009-10-04 17:47 -------- d-----w- c:\arquivos de
programas\Arquivos comuns\InstallShield
2009-10-04 18:02 . 2001-10-28 17:07 48846 ----a-w-
c:\windows\system32\perfc016.dat
2009-10-04 18:02 . 2001-10-28 17:07 344734 ----a-w-
c:\windows\system32\perfh016.dat
2009-10-04 17:56 . 2009-10-04 17:56 -------- d-----w- c:\arquivos de
programas\S3
2009-10-04 17:51 . 2009-10-04 17:51 -------- d-----w- c:\arquivos de
programas\VIA
2009-10-04 17:47 . 2009-10-04 17:47 -------- d-----w- c:\arquivos de
programas\AMD
2009-10-04 17:29 . 2009-10-04 17:29 -------- d-----w- c:\arquivos de
programas\microsoft frontpage
2009-10-04 17:26 . 2009-10-04 17:26 -------- d-----w- c:\arquivos de
programas\Servi�os on-line
2009-10-04 17:25 . 2009-10-04 17:25 -------- d-----w- c:\arquivos de
programas\Arquivos comuns\Servi�os
2009-10-04 17:23 . 2009-10-04 17:23 21844 ----a-w-
c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-10-
05_04.05.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 22:04 . 2009-10-07 22:04 16384
c:\windows\Temp\Perflib_Perfdata_618.dat
+ 2009-10-05 04:33 . 2003-04-03 15:10 46080
c:\windows\system32\_easywall.dll
+ 2009-10-04 17:27 . 2009-10-06 18:22 86327
c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-10-04 17:27 . 2009-10-04 17:27 86327
c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-10-05 18:01 . 2009-10-05 18:01 80395 c:\windows\Installer\
{BF6CDAFB-F8C3-4DE1-B2E6-25F4EC27CAA2}\MsblIco.Exe
- 2009-10-04 19:32 . 2009-10-04 19:32 80395 c:\windows\Installer\
{BF6CDAFB-F8C3-4DE1-B2E6-25F4EC27CAA2}\MsblIco.Exe
+ 2009-10-04 17:27 . 2009-10-06 18:22 2426
c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-10-04 17:27 . 2009-10-06 18:21 8972
c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-10-04 13:52 . 2009-10-05 11:19 263824
c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((( Pontos de Carregamento do
Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg�timas por defeito n�o s�o mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Client"="c:\arquiv~1\TinaSoft\EASYCA~1\client.exe" [2003-04-14 451072]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-04-05 159744]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-03 16006656]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat
7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized
Applications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\TinaSoft\\Easy Cafe Client\\client.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/10/2009

16:04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2009 16:04
20560]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [4/10/2009 14:56 792576]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k
getPlusHelper [4/8/2004 00:45 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe"
"c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conte�do da pasta 'Tarefas Agendadas'
2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{9503CB9F-2134-445C-9A72-
E2A7C26CB6CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = hxxp://192.168.2.2:918
IE: E&xportar para o Microsoft Excel -
c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {9B0A17EF-CFF5-46CF-B42A-5C9F04BEDAEB} = 189.43.121.138,189.43.121.136
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2009-10-07 19:14
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ�veis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso

arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-
17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-
98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execu��o
---------------------
- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclus�o: 2009-10-07 19:15
ComboFix-quarantined-files.txt 2009-10-07 22:15
ComboFix2.txt 2009-10-05 04:07
ComboFix3.txt 2009-10-05 01:25
Pr�-execu��o: 5 pasta(s) 45.250.551.808 bytes dispon�veis

P�s execu��o: 6 pasta(s) 45.316.820.992 bytes dispon�veis
193

Combo Fix

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Combo Fix

Diunggah oleh

Hak Cipta:

Format Tersedia

ComboFix 09-10-06.04 - Antonio 07/10/2009 19:11.3.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-07 to 2009-10-

2009-10-05 18:01 . 2004-08-04 01:58 5504 -c--a-w-

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/10/2009

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Procurando processos ocultos ...

Procurando entradas auto inicializ�veis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

Pr�-execu��o: 5 pasta(s) 45.250.551.808 bytes dispon�veis

Anda mungkin juga menyukai