Scribd Logo
Carica

Benvenuto in Scribd!

  • Combo Fix

    Caricato da

    Jorge Luiz Cortivo
    21 visualizzazioni4 pagine

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    21 visualizzazioni4 pagine

    Combo Fix

    Caricato da

    Jorge Luiz Cortivo

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    ComboFix 11-11-26.01 - HighResolution 26/11/2011 15:22:19.1.

    4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2648 [GMT -8:
    00]
    Running from: D:\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    c:\windows\DNF11install.log
    c:\windows\DNF20install.log
    c:\windows\DNF30install.log
    c:\windows\DNF35install.log
    c:\windows\system32\Thumbs.db
    E:\Autorun.inf
    F:\Autorun.inf
    F:\install.exe
    H:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))
    ))))))))))))))))))))))))
    .
    .
    2011-11-26 23:21 . 2009-01-23 19:46
    451072 --sha-rC:\cssrs.exe
    2011-11-26 23:16 . 2011-11-26 23:16
    -------d-----wC:\dell
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-04-03 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] .
    . c:\windows\system32\drivers\tcpip.sys
    .
    [-] 2010-04-03 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995
    ] . . c:\windows\system32\mshtml.dll
    .
    [-] 2010-04-03 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995]
    . . c:\windows\system32\wininet.dll
    .
    [-] 2010-04-03 . 5A8E28037289FCCBF7AD3FC57DF7048F . 502272 . . [1.0626.6002.1800
    5] . . c:\windows\system32\usp10.dll
    .
    [-] 2010-04-03 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .

    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Verificador do sistema"="c:\cssrs.exe" [2009-01-23 451072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
    l.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-1211 948672]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
    " [2010-02-18 248040]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455
    168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-10-22 1657448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-26 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-26 13918208]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-04-03 128512]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
    ]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders
    schannel.dll, digest.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\dri
    vers\nvhda32.sys [26/11/2011 15:16 57248]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.google.com/
    FF - ProfilePath - c:\documents and settings\HighResolution\Application Data\Moz
    illa\Firefox\Profiles\qzs923ut.default\
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program file
    s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: foof: foof@foofme.com - %profile%\extensions\foof@foofme.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
    34b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Boost for Facebook: {47624dda-b77e-4feb-820a-e4f077d5d4ca} - %profile%
    \extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
    FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4
    BBDD651-70CF-4821-84F8-2B918CF89CA3}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions

    \{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\exten
    sions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
    FF - Ext: Fasterfox: {c36177c0-224a-11da-8cd6-0800200c9a91} - %profile%\extensio
    ns\{c36177c0-224a-11da-8cd6-0800200c9a91}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - %profile%\exten
    sions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\exten
    sions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
    34b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\D
    otNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deplo
    y\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-11-26 15:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'explorer.exe'(780)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\LClock\LC.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes -----------------------.
    c:\windows\system32\nvsvc32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-26 15:26:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-26 23:26
    .
    Pre-Run: 78,330,249,216 bytes free
    Post-Run: 78,318,907,392 bytes free

    .
    - - End Of File - - 82DB6CF666E3D023B901937C6BAD2BF1

    Potrebbero piacerti anche