Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Combo Fix

    Hochgeladen von

    antoniogmneto
    24 Ansichten5 Seiten

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    24 Ansichten5 Seiten

    Combo Fix

    Hochgeladen von

    antoniogmneto

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    ComboFix 09-11-20.01 - Antonio G 20/11/2009 17:31.1.

    2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1014.529 [GMT -2:0
    0]
    Executando de: c:\documents and settings\Antonio G\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-
    A743-FDD3350758C7}
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    c:\windows\system32\bcmwl5.inf
    c:\windows\system32\Desktop_.ini
    c:\windows\system32\drivers\pciide.sys
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-20 to 2009-11-20 )))))
    )))))))))))))))))))))))
    .
    2009-11-20 17:09 . 2009-11-20 19:43 -------- d-----w- c:\arqui
    vos de programas\Microsoft Silverlight
    2009-11-17 16:12 . 2009-11-17 16:12 -------- d-----r- c:\docum
    ents and settings\LocalService\Favoritos
    2009-11-16 14:19 . 2009-11-16 14:19 -------- d-----w- c:\arqui
    vos de programas\VDOWNLOADER
    2009-10-23 22:19 . 2009-10-23 22:19 -------- d-sh--w- c:\docum
    ents and settings\LocalService\IETldCache
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2009-11-20 19:11 . 2009-01-23 07:05 81246 ----a-w- c:\windows\syste
    m32\perfc016.dat
    2009-11-20 19:11 . 2009-01-23 07:05 473114 ----a-w- c:\windows\syste
    m32\perfh016.dat
    2009-11-20 17:10 . 2009-01-23 02:18 -------- d-----w- c:\docum
    ents and settings\All Users\Dados de aplicativos\Microsoft Help
    2009-11-19 13:08 . 2009-08-11 18:11 1 ----a-w- c:\documents and
    settings\Antonio G\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\
    stamp.sys
    2009-11-18 12:32 . 2009-08-04 13:58 -------- d-----w- c:\arqui
    vos de programas\Superprovas
    2009-11-05 13:12 . 2009-01-23 02:48 -------- d-----w- c:\arqui
    vos de programas\Arquivos comuns\Adobe
    2009-10-16 22:21 . 2009-01-23 02:34 -------- d-----w- c:\arqui
    vos de programas\Windows Live
    2009-10-16 22:18 . 2009-10-16 22:18 -------- d-----w- c:\arqui
    vos de programas\Microsoft
    2009-10-04 17:54 . 2009-10-04 17:53 -------- d-----w- c:\arqui
    vos de programas\Arquivos comuns\Real
    2009-10-04 17:54 . 2009-10-04 17:54 -------- d-----w- c:\arqui
    vos de programas\Arquivos comuns\xing shared
    2009-10-04 17:53 . 2009-10-04 17:53 499712 ----a-w- c:\windows\syste
    m32\msvcp71.dll
    2009-10-04 17:53 . 2009-10-04 17:53 348160 ----a-w- c:\windows\syste
    m32\msvcr71.dll
    2009-10-04 17:53 . 2009-10-04 17:53 -------- d-----w- c:\arqui
    vos de programas\Real
    2009-10-03 17:56 . 2009-10-03 17:56 -------- d-----w- c:\docum
    ents and settings\All Users\Dados de aplicativos\Avira
    2009-10-03 17:56 . 2009-10-03 17:56 -------- d-----w- c:\arqui
    vos de programas\Avira
    2009-09-18 19:02 . 2009-09-18 19:02 0 ----a-w- c:\windows\nsreg
    .dat
    2009-09-11 14:19 . 2009-01-23 07:05 136192 ----a-w- c:\windows\syste
    m32\msv1_0.dll
    2009-09-04 21:04 . 2009-01-23 07:05 58880 ----a-w- c:\windows\syste
    m32\msasn1.dll
    2009-08-29 07:57 . 2009-01-23 07:05 916480 ----a-w- c:\windows\syste
    m32\wininet.dll
    2009-08-26 08:01 . 2009-01-23 07:05 247326 ----a-w- c:\windows\syste
    m32\strmdll.dll
    2009-08-25 14:10 . 2009-08-03 00:30 0 ----a-w- c:\documents and
    settings\Antonio G\Dados de aplicativos\wklnhst.dat
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif
    .exe" [2008-04-15 178712]
    "AzMixerSel"="c:\arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe" [20
    06-01-25 53248]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1
    430824]
    "LManager"="c:\arquiv~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455
    168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
    "snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
    "NotificationCenterLauncher"="c:\arquivos de programas\Acer\Acer eRecovery Manag
    ement\NotificationLauncher.exe" [2008-12-22 225280]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonito
    r.exe" [2008-10-25 31072]
    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 2
    09153]
    "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.e
    xe" [2009-10-04 198160]
    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\
    Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
    " [2009-09-04 935288]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\Antonio G\Menu Iniciar\Programas\Inicializar\
    BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstar
    t.exe [2009-4-16 384000]
    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
    Acer VCM.lnk - c:\arquivos de programas\Acer\Acer VCM\AcerVCM.exe [2009-1-23 565
    248]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
    ys]
    @="Driver"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Arquivos de programas\\Acer\\Acer VCM\\VC.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avir
    a\AntiVir Desktop\sched.exe [3/10/2009 15:56 108289]
    R2 RS_Service;Raw Socket Service;c:\arquivos de programas\Acer\Acer VCM\RS_Servi
    ce.exe [23/1/2009 00:50 237568]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\arquivos de programas\Arquivos c
    omuns\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/3/2009 16:28 1533808]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controlle
    r;c:\windows\system32\drivers\l1e51x86.sys [23/1/2009 05:06 38400]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS
    5121.sys [23/1/2009 00:14 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\
    windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = hxxp://www.globo.com/
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3
    000
    FF - ProfilePath - c:\documents and settings\Antonio G\Dados de aplicativos\Mozi
    lla\Firefox\Profiles\8y7x3tm6.default\
    FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
    e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
    Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("secu
    rity.ssl3.rsa_seed_sha", true);
    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
    rowser.fixup.alternate.suffix", ".com.br");
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    SafeBoot-mcmscsvc
    SafeBoot-MCODS

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2009-11-20 17:43
    Windows 5.1.2600 Service Pack 3 NTFS
    Procurando processos ocultos ...
    Procurando entradas auto inicializáveis ocultas ...
    Procurando ficheiros/arquivos ocultos ...
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    **************************************************************************
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução -----------------
    ----
    - - - - - - - > 'explorer.exe'(1152)
    c:\windows\system32\WININET.dll
    c:\arquiv~1\WINDOW~2\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
    c:\arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.
    exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\arquivos de programas\BrOffice.org 3\program\soffice.exe
    c:\arquivos de programas\BrOffice.org 3\program\soffice.bin
    c:\docume~1\ANTONI~1\CONFIG~1\Temp\RtkBtMnt.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2009-11-20 17:47 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2009-11-20 19:47
    Pré-execução: 9 pasta(s) 115.315.650.560 bytes disponíveis
    Pós execução: 13 pasta(s) 115.637.104.640 bytes disponíveis
    WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition"
    /noexecute=optin /fastdetect
    - - End Of File - - 19B6B41B00E835F81B71CCF1B69A0F83

    Das könnte Ihnen auch gefallen