Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Philippe Bellaver
    25 views7 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views7 pages

    Combo Fix

    Uploaded by

    Philippe Bellaver

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    ComboFix 11-07-03.04 - Bellaver 04/07/2011 20:25:48.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1791.1154 [GMT -3:
    00]
    Executando de: c:\documents and settings\Bellaver\Meus documentos\Downloads\Comb
    oFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    c:\arquivos de programas\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA
    51D6B6B03}
    c:\arquivos de programas\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA
    51D6B6B03}\chrome.manifest
    c:\arquivos de programas\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA
    51D6B6B03}\chrome\tabdiscover.jar
    c:\arquivos de programas\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA
    51D6B6B03}\defaults\preferences\prefs.js
    c:\arquivos de programas\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA
    51D6B6B03}\install.rdf
    c:\documents and settings\All Users\Dados de aplicativos\TabDiscover
    c:\documents and settings\Bellaver\Dados de aplicativos\facemoods.com
    c:\documents and settings\Bellaver\WINDOWS
    c:\windows\system32\kernel1.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Servios )))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_TABDISCOVER_SERVICE
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-06-04 to 2011-07-04 )))))
    )))))))))))))))))))))))
    .
    .
    2011-07-04 23:19 . 2011-07-04 23:19
    -------d-----wc:\arqui
    vos de programas\CCleaner
    2011-07-02 13:17 . 2011-07-02 13:17
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\vlc
    2011-07-02 13:03 . 2011-07-02 13:03
    -------d-----wc:\arqui
    vos de programas\VideoLAN
    2011-06-24 21:51 . 2011-06-24 21:51
    1409
    ----a-wc:\windows\QTFon
    t.for
    2011-06-24 21:36 . 2011-06-24 21:36
    2106216 ----a-wc:\arquivos de p
    rogramas\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-24 21:36 . 2011-06-24 21:36
    1998168 ----a-wc:\arquivos de p
    rogramas\Mozilla Firefox\d3dx9_43.dll
    2011-06-23 09:20 . 2001-09-06 02:20
    12288 -c--a-wc:\windows\syste
    m32\dllcache\mouhid.sys
    2011-06-23 09:20 . 2001-09-06 02:20
    12288 ----a-wc:\windows\syste
    m32\drivers\mouhid.sys
    2011-06-23 09:20 . 2008-04-13 14:45
    10368 -c--a-wc:\windows\syste
    m32\dllcache\hidusb.sys
    2011-06-23 09:20 . 2008-04-13 14:45
    10368 ----a-wc:\windows\syste
    m32\drivers\hidusb.sys
    2011-06-10 21:01 . 2011-06-10 21:01
    -------d-----wc:\arqui

    vos de programas\Arquivos comuns\Predictive Networks


    2011-06-10 21:01 . 2011-06-10 21:01
    -------d-----wc:\windo
    ws\WNBackup
    2011-06-10 21:01 . 2011-06-10 21:01
    -------d-----wC:\Progr
    am Files
    2011-06-09 14:32 . 2011-06-09 14:32
    94208 ----a-wc:\windows\DIIUn
    in.exe
    2011-06-09 14:32 . 2011-06-09 14:32
    2829
    ----a-wc:\windows\DIIUn
    in.pif
    2011-06-08 15:54 . 2011-06-08 15:54
    -------d-----wc:\arqui
    vos de programas\Astroburn Toolbar
    2011-06-08 15:54 . 2011-06-08 15:54
    -------d-----wc:\docum
    ents and settings\All Users\Dados de aplicativos\Astroburn Lite
    2011-06-08 15:53 . 2011-06-08 15:54
    -------d-----wc:\arqui
    vos de programas\Astroburn Lite
    2011-06-08 14:32 . 2011-06-08 15:15
    218688 ----a-wc:\windows\syste
    m32\drivers\dtsoftbus01.sys
    2011-06-08 14:32 . 2011-06-08 15:15
    -------dc----wc:\windo
    ws\system32\DRVSTORE
    2011-06-08 14:32 . 2011-06-08 15:54
    -------d-----wc:\arqui
    vos de programas\DAEMON Tools Toolbar
    2011-06-08 14:31 . 2011-06-08 15:14
    -------d-----wc:\arqui
    vos de programas\DAEMON Tools Lite
    2011-06-08 14:31 . 2011-07-04 23:20
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\DAEMON Tools Lite
    2011-06-08 14:31 . 2011-06-08 14:31
    -------d-----wc:\docum
    ents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
    2011-06-08 13:17 . 2011-06-14 00:42
    21840 ----atwc:\windows\syste
    m32\SIntfNT.dll
    2011-06-08 13:17 . 2011-06-14 00:42
    17212 ----atwc:\windows\syste
    m32\SIntf32.dll
    2011-06-08 13:17 . 2011-06-14 00:42
    12067 ----atwc:\windows\syste
    m32\SIntf16.dll
    2011-06-08 00:07 . 2011-06-08 00:07
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\GrabPro
    2011-06-08 00:05 . 2011-06-08 16:35
    -------d-----wC:\Downl
    oads
    2011-06-08 00:05 . 2011-06-08 00:05
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\ProgSense
    2011-06-08 00:04 . 2011-06-08 16:35
    -------d-----wc:\arqui
    vos de programas\Orbitdownloader
    2011-06-08 00:04 . 2011-06-08 16:35
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\Orbit
    2011-06-08 00:01 . 2011-07-04 20:39
    -------d-----wc:\docum
    ents and settings\Bellaver\Dados de aplicativos\Mipony
    2011-06-08 00:01 . 2011-06-08 00:01
    -------d-----wc:\arqui
    vos de programas\MiPony
    2011-06-07 15:35 . 2011-06-07 15:35
    103864 ----a-wc:\arquivos de p
    rogramas\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2011-05-13 22:18 . 2011-05-13 00:19
    720896 ----a-wc:\windows\iun60
    02.exe
    2011-05-02 15:31 . 2010-12-01 12:59
    692736 ----a-wc:\windows\syste
    m32\inetcomm.dll
    2011-04-29 17:25 . 2008-04-13 21:20
    151552 ----a-wc:\windows\syste

    m32\schannel.dll
    2011-04-29 16:19 . 2008-04-13 14:17
    456320 ----a-wc:\windows\syste
    m32\drivers\mrxsmb.sys
    2011-04-25 16:06 . 2008-04-13 21:21
    1469440 ------wc:\windows\syste
    m32\inetcpl.cpl
    2011-04-25 16:06 . 2008-04-13 21:20
    916480 ----a-wc:\windows\syste
    m32\wininet.dll
    2011-04-25 16:06 . 2008-04-13 21:20
    43520 ------wc:\windows\syste
    m32\licmgr10.dll
    2011-04-25 12:01 . 2008-04-13 20:55
    385024 ----a-wc:\windows\syste
    m32\html.iec
    2011-04-21 13:37 . 2008-04-13 14:17
    105472 ----a-wc:\windows\syste
    m32\drivers\mup.sys
    2011-04-14 22:22 . 2008-04-13 21:21
    2683904 -c--a-wc:\windows\syste
    m32\logonuiX.exe
    2011-06-24 21:36 . 2011-05-07 12:14
    142296 ----a-wc:\arquivos de p
    rogramas\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legtimas por padro no so apresentadas.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartRAM"="c:\arquivos de programas\IObit\Advanced SystemCare 3\Sup_SmartRAM.ex
    e" [2010-07-21 198864]
    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [201
    1-01-20 1305408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\arquivos de programas\real\realplayer\update\realsched.exe" [201
    1-02-15 273544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTas
    kScheduler]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\arquivos de programas\Stardock\Obj
    ectDockFree\ODMenu.dll" [2010-10-04 511344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonuiX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \WBSrv]
    2010-12-01 15:56
    229376 ----a-wc:\arquivos de programas\Stardoc
    k\Object Desktop\WindowBlinds\WbSrv.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wbsys.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Ares\\Ares.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
    "c:\\Arquivos de programas\\Winamp\\winamp.exe"=
    "c:\\Documents and Settings\\Bellaver\\Meus documentos\\command and conquer red
    alert 2\\gamemd.exe"=
    "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Arquivos de programas\\Command And Conquer Red Alert 2 Yuri's Revenge\\game
    md.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "57372:TCP"= 57372:TCP:Pando Media Booster
    "57372:UDP"= 57372:UDP:Pando Media Booster
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsof
    tbus01.sys [8/6/2011 11:32 218688]
    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Av
    ira\AntiVir Desktop\sched.exe [1/12/2010 17:15 136360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
    :\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 13:16 13038
    4]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/12/2010 10:09 1691
    480]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [25/1/2011 00:30 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [25/1/2011 00:30 8456]
    S3 KMService;KMService;c:\windows\system32\srvany.exe [3/12/2010 01:20 8192]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace A
    udit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [25/3
    /2010 09:25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos
    comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/1/2010
    20:37 4640000]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [28/12/2010 13:38 270
    64]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\wind
    ows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 13:
    16 753504]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service -> c:\windows\system32\GameMon.des -service [?]
    .
    Contedo da pasta 'Tarefas Agendadas'
    .
    2011-07-04 c:\windows\Tasks\AWC AutoSweep.job
    - c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-12-01
    17:11]
    .
    2011-07-04 c:\windows\Tasks\AWC Update.job
    - c:\arquivos de programas\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-12-

    01 18:24]
    .
    2011-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-73586283-117
    7238915-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]
    .
    2011-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-73586283
    -1177238915-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]
    .
    2011-05-20 c:\windows\Tasks\switchShakeIcon.job
    - c:\arquivos de programas\NCH Swift Sound\Switch\switch.exe [2011-05-17 15:49]
    .
    .
    ------- Scan Suplementar ------.
    uStart Page = astroburn-search.com
    IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Baixar com Mipony - file://c:\arquivos de programas\MiPony\Browser\IEContext
    .htm
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office14\EXCEL.EXE/3
    000
    IE: Translate this web page with Babylon - c:\arquivos de programas\Babylon\Baby
    lon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\
    BabylonIEPI.dll/Action.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Bellaver\Dados de aplicativos\Mozil
    la\Firefox\Profiles\cete53ay.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{search
    Terms}?babsrc=browsersearch&AF=16502
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .

    - - - - ORFOS REMOVIDOS - - - .
    AddRemove-{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Bellaver_is1 - c:\documents and
    settings\Bellaver\Meus documentos\WinDS PRO\uninstall\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-07-04 20:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execuo -------------------.
    - - - - - - - > 'winlogon.exe'(740)
    c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
    .
    - - - - - - - > 'explorer.exe'(3644)
    c:\windows\system32\WININET.dll
    c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\arquiv~1\MICROS~4\Office14\1046\GrooveIntlResource.dll
    c:\arquiv~1\WINDOW~2\wmpband.dll
    c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\tray.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\arquivos de programas\Stardock\ObjectDockFree\ODMenu.dll
    .
    ------------------------ Outros Processos em Execuo -----------------------.
    c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe
    c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
    c:\arquivos de programas\Java\jre6\bin\jqs.exe
    c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Tempo para concluso: 2011-07-04 20:35:31 - Mquina reiniciou
    ComboFix-quarantined-files.txt 2011-07-04 23:35
    .
    Pr-execuo: 8 pasta(s) 32.105.963.520 bytes disponveis

    Ps execuo: 11 pasta(s) 31.982.014.464 bytes disponveis


    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (
    bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - ABEF388CB5AA90045D81DD5C0C87B68A

    You might also like