Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how post log in forum?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Oliveira

Oliveira

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 October 2009 - 08:05 AM

ComboFix 09-09-30.06 - Sergio 01/10/2009 8:36.1.2 - NTFSx86<br />Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1279.695 [GMT -3:00]<br />Executando de: c:\documents and settings\Sergio\Meus documentos\Downloads\ComboFix.exe<br />.<br /><br />((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))<br />.<br /><br />C:\Autorun.inf<br />c:\docume~1\Sergio\CONFIG~1\Temp\cvasds0.dll<br />c:\docume~1\Sergio\CONFIG~1\Temp\cvasds1.dll<br />c:\documents and settings\Sergio\Configurações locais\Temp\cvasds0.dll<br />C:\rg9g9bgq.exe<br />c:\windows\Installer\11299ba.msp<br />c:\windows\Installer\11299c0.msp<br />c:\windows\Installer\11299c6.msp<br />c:\windows\Installer\19759ad.msp<br />c:\windows\Installer\19759b3.msp<br />c:\windows\Installer\19759b9.msp<br />c:\windows\Installer\2a8f205.msp<br />c:\windows\Installer\2a8f20b.msp<br />c:\windows\Installer\45108a.msp<br />c:\windows\Installer\451090.msp<br />c:\windows\Installer\451096.msp<br />c:\windows\Installer\578c1.msp<br />c:\windows\Installer\578c7.msp<br />c:\windows\Installer\578cd.msp<br />c:\windows\Installer\5e1ab0c.msp<br />c:\windows\Installer\5e1ab19.msp<br />c:\windows\Installer\5e1ab1f.msp<br />c:\windows\Installer\64839bf.msp<br />c:\windows\system32\Data<br />E:\autorun.inf<br />E:\rg9g9bgq.exe<br />F:\autorun.inf<br />F:\rg9g9bgq.exe<br /><br />.<br />((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))<br />.<br /><br />-------\Service_AVPsys<br /><br /><br />(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-01 to 2009-10-01 ))))))))))))))))))))))))))))<br />.<br /><br />2009-10-01 05:19 . 2009-10-01 05:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe<br />2009-09-30 02:06 . 2009-09-30 02:06 -------- d-----w- c:\arquivos de programas\NitroPC<br />2009-09-29 14:14 . 2009-09-29 14:14 -------- d-----w- c:\arquivos de programas\MSECache<br />2009-09-29 12:34 . 2009-10-01 05:19 -------- d-----w- C:\downloads<br />2009-09-29 12:34 . 2009-09-29 12:34 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\GrabPro<br />2009-09-29 12:34 . 2009-10-01 11:41 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\Orbit<br />2009-09-29 12:34 . 2009-10-01 06:06 -------- d-----w- c:\arquivos de programas\Orbitdownloader<br />2009-09-29 11:57 . 2009-09-29 11:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live<br />2009-09-29 04:04 . 2009-09-29 04:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer<br />2009-09-29 04:04 . 2003-06-23 05:44 1415680 ----a-w- c:\windows\system32\WMV9VCM.dll<br />2009-09-28 14:15 . 2001-08-18 00:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys<br />2009-09-28 14:15 . 2001-08-18 00:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys<br />2009-09-28 13:49 . 2009-09-28 13:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files<br />2009-09-28 01:12 . 2009-09-28 16:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\windows\system32\drivers\NSS<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\arquivos de programas\Norton Security Scan<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller<br />2009-09-28 00:24 . 2009-09-28 00:24 -------- d-----w- c:\arquivos de programas\NortonInstaller<br />2009-09-28 00:11 . 2009-09-28 16:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater<br />2009-09-21 14:53 . 2009-09-21 14:53 -------- d-----w- c:\windows\Sun<br />2009-09-21 02:00 . 2009-10-01 11:41 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP<br />2009-09-21 01:58 . 2009-09-21 01:58 -------- d-----w- c:\arquivos de programas\Gabest<br />2009-09-19 06:07 . 2009-09-19 06:07 -------- d-----w- c:\windows\system32\XPSViewer<br />2009-09-19 06:06 . 2009-09-19 06:06 -------- d-----w- c:\arquivos de programas\MSBuild<br />2009-09-19 06:06 . 2009-09-19 06:06 -------- d-----w- c:\arquivos de programas\Reference Assemblies<br />2009-09-19 06:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll<br />2009-09-19 06:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll<br />2009-09-19 06:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll<br />2009-09-19 06:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll<br />2009-09-19 06:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll<br />2009-09-19 06:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll<br />2009-09-19 06:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe<br />2009-09-19 00:47 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll<br />2009-09-19 00:47 . 2009-09-19 00:47 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2<br />2009-09-19 00:46 . 2009-09-19 00:46 -------- d-----w- c:\windows\system32\drivers\UMDF<br />2009-09-19 00:46 . 2009-09-19 00:46 -------- d-----w- c:\windows\system32\LogFiles<br />2009-09-18 23:23 . 2009-08-06 01:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys<br />2009-09-17 23:10 . 2009-09-17 23:19 -------- d-----w- C:\SERGIO TEMPORARIO<br />2009-09-17 15:15 . 2009-09-17 15:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared<br />2009-09-17 15:13 . 2009-09-17 15:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real<br />2009-09-17 15:13 . 2009-09-17 15:13 -------- d-----w- c:\arquivos de programas\Real<br />2009-09-17 15:08 . 2009-09-28 00:11 -------- d-----w- c:\arquivos de programas\Google<br />2009-09-17 13:15 . 2009-09-17 13:15 -------- d-sh--w- c:\documents and settings\Sergio\PrivacIE<br />2009-09-17 00:11 . 2009-09-29 13:33 -------- d-----w- c:\documents and settings\Sergio\Tracing<br />2009-09-17 00:07 . 2009-09-18 00:44 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight<br />2009-09-17 00:06 . 2009-09-29 14:14 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector<br />2009-09-17 00:02 . 2009-09-17 00:02 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework<br />2009-09-17 00:02 . 2009-09-17 00:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache<br />2009-09-17 00:01 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll<br />2009-09-17 00:01 . 2009-09-17 00:01 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition<br />2009-09-17 00:01 . 2009-09-17 13:10 -------- d-----w- c:\windows\SxsCaPendDel<br />2009-09-17 00:00 . 2009-09-17 00:07 -------- d-----w- c:\arquivos de programas\Microsoft<br />2009-09-16 22:29 . 2009-09-24 17:31 -------- d-----w- C:\QUARANTINE<br />2009-09-16 22:29 . 2009-09-16 22:29 -------- d-----w- c:\arquivos de programas\Circle Develoement<br />2009-09-16 22:29 . 2009-09-28 03:47 -------- d-----w- c:\arquivos de programas\Windows Live<br />2009-09-16 17:27 . 2009-09-16 17:27 -------- d-sh--w- c:\documents and settings\Sergio\IETldCache<br />2009-09-16 17:25 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll<br />2009-09-16 17:25 . 2009-09-17 23:50 -------- d-----w- c:\windows\ie8updates<br />2009-09-16 17:25 . 2009-07-19 21:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll<br />2009-09-16 17:25 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll<br />2009-09-16 17:25 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll<br />2009-09-16 17:25 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll<br />2009-09-16 17:25 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll<br />2009-09-16 17:25 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll<br />2009-09-16 17:23 . 2009-09-16 17:24 -------- dc-h--w- c:\windows\ie8<br />2009-09-16 17:02 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll<br />2009-09-15 09:06 . 2009-09-24 16:03 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\LimeWire<br />2009-09-15 09:05 . 2009-09-15 09:05 410984 ----a-w- c:\windows\system32\deploytk.dll<br />2009-09-15 09:05 . 2009-09-15 09:05 -------- d-----w- c:\arquivos de programas\Java<br />2009-09-15 06:00 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll<br />2009-09-15 01:00 . 2009-09-15 02:31 -------- d-----w- c:\arquivos de programas\PhotoFiltre<br />2009-09-14 19:48 . 2009-09-14 19:48 0 ----a-w- c:\windows\nsreg.dat<br />2009-09-14 18:53 . 2009-09-17 04:02 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter<br />2009-09-14 18:52 . 2009-09-14 18:52 3082 ----a-w- c:\windows\system32\affv9869p2now.sys<br />2009-09-14 18:50 . 2009-09-14 18:50 -------- d-sh--w- c:\documents and settings\Sergio\UserData<br />2009-09-14 18:46 . 2008-07-02 01:50 26752 ----a-r- c:\windows\system32\drivers\ipfnd51.sys<br />2009-09-13 21:05 . 2009-09-15 01:00 -------- d-----w- c:\documents and settings\Sergio\Contacts<br />2009-09-12 04:43 . 2005-03-11 21:37 1986560 ----a-w- c:\windows\system32\AudFile.dll<br />2009-09-12 04:43 . 2005-02-24 16:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll<br />2009-09-12 04:43 . 2005-02-24 15:51 348160 ----a-w- c:\windows\system32\WMAFile.dll<br />2009-09-12 04:43 . 2003-01-26 15:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll<br />2009-09-12 04:43 . 1999-03-25 21:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL<br />2009-09-12 04:43 . 1998-07-13 01:00 15360 ----a-w- c:\windows\system32\inetfr.DLL<br />2009-09-12 04:43 . 2000-10-01 21:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL<br />2009-09-12 04:43 . 1998-07-13 01:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL<br />2009-09-12 04:43 . 2003-04-18 18:29 82432 ----a-w- c:\windows\system32\msxml4r.dll<br />2009-09-12 04:43 . 2003-04-18 18:29 44544 ----a-w- c:\windows\system32\msxml4a.dll<br />2009-09-12 04:43 . 1998-07-12 21:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL<br />2009-09-12 02:42 . 2005-10-29 03:44 308224 ----a-w- c:\windows\system32\Avisynth.dll<br />2009-09-12 02:42 . 2004-02-22 19:11 719872 ----a-w- c:\windows\system32\devil.dll<br />2009-09-12 02:37 . 2009-09-12 02:37 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\Media Player Classic<br />2009-09-12 02:29 . 2009-09-12 05:34 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\CyberLink<br />2009-09-12 02:29 . 2009-09-12 05:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink<br />2009-09-12 02:19 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll<br />2009-09-12 02:19 . 2008-04-13 22:20 159232 ----a-w- c:\windows\system32\ptpusd.dll<br />2009-09-12 02:19 . 2008-04-13 14:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys<br />2009-09-12 02:19 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys<br />2009-09-11 21:40 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys<br />2009-09-11 21:40 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys<br />2009-09-11 21:40 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll<br />2009-09-11 21:40 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll<br />2009-09-11 21:40 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys<br />2009-09-11 21:40 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys<br />2009-09-11 21:40 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys<br />2009-09-11 21:40 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys<br />2009-09-11 21:40 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys<br />2009-09-11 21:40 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys<br />2009-09-11 17:10 . 2009-09-11 17:10 -------- d-----w- C:\GOOGLE EARTH<br />2009-09-11 17:03 . 2009-07-22 01:18 20461914 ----a-w- C:\klmcodec500.exe<br />2009-09-11 14:13 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys<br />2009-09-11 14:13 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys<br />2009-09-11 14:10 . 2009-02-09 11:25 2193280 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe<br />2009-09-11 14:10 . 2009-02-09 11:25 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe<br />2009-09-11 14:10 . 2009-02-09 11:25 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe<br />2009-09-11 13:43 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe<br />2009-09-11 13:43 . 2009-09-18 08:56 -------- d--h--w- c:\windows\$hf_mig$<br />2009-09-11 13:18 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys<br />2009-09-11 13:16 . 2009-09-11 13:22 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\Creative<br />2009-09-11 13:14 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe<br />2009-09-11 13:10 . 2008-04-13 14:39 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys<br />2009-09-11 13:06 . 2003-03-05 15:19 15840 ----a-w- c:\windows\system32\drivers\PfModNT.sys<br />2009-09-11 13:04 . 1998-11-13 16:18 308224 ----a-w- c:\windows\IsUn0416.exe<br />2009-09-11 13:02 . 2009-09-11 13:14 -------- d-----w- c:\arquivos de programas\Creative<br /><br />.<br />((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))<br />.<br />2009-09-30 01:09 . 2009-09-12 02:36 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack<br />2009-09-29 14:14 . 2008-04-14 12:00 80328 ----a-w- c:\windows\system32\perfc016.dat<br />2009-09-29 14:14 . 2008-04-14 12:00 471354 ----a-w- c:\windows\system32\perfh016.dat<br />2009-09-28 13:55 . 2009-09-11 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee<br />2009-09-15 06:00 . 2009-09-15 06:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf<br />2009-09-15 06:00 . 2009-09-15 06:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf<br />2009-09-11 13:14 . 2009-09-11 12:17 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information<br />2009-09-11 12:57 . 2009-09-11 12:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield<br />2009-09-11 12:21 . 2009-09-11 12:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Cisco Systems<br />2009-09-11 12:20 . 2009-09-11 12:19 -------- d-----w- c:\arquivos de programas\Ahead<br />2009-09-11 12:19 . 2009-09-11 12:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead<br />2009-09-11 12:19 . 2009-09-11 12:17 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution<br />2009-09-11 12:19 . 2009-09-11 12:19 -------- d-----w- c:\arquivos de programas\Microsoft.NET<br />2009-09-11 12:17 . 2009-09-11 12:17 -------- d-----w- c:\arquivos de programas\CyberLink<br />2009-09-11 12:16 . 2009-09-11 12:16 -------- d-----w- c:\arquivos de programas\Microsoft Works<br />2009-09-11 12:16 . 2009-09-11 12:16 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\InterTrust<br />2009-09-11 12:06 . 2009-09-11 12:06 -------- d-----w- c:\arquivos de programas\microsoft frontpage<br />2009-09-11 12:04 . 2009-09-11 12:04 -------- d-----w- c:\arquivos de programas\Serviços on-line<br />2009-09-11 12:03 . 2009-09-11 12:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços<br />2009-09-11 12:02 . 2009-09-11 12:02 21844 ----a-w- c:\windows\system32\emptyregdb.dat<br />2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll<br />2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll<br />2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll<br />2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe<br />2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll<br />2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll<br />2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll<br />2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll<br />2009-07-14 02:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll<br />2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- c:\windows\WLXPGSS.SCR<br />2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll<br />2004-10-01 18:00 . 2009-09-11 12:17 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe<br />.<br /><br />(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))<br />.<br />.<br />*Nota* entradas vazias e legítimas por defeito não são mostradas. <br />REGEDIT4<br /><br />[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br />"Google Update"="c:\documents and settings\Sergio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-11 133104]<br />"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2009-05-30 4699664]<br />"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 39408]<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<br />"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]<br />"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]<br />"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7569408]<br />"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]<br />"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]<br />"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016]<br />"CTSysVol"="c:\arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]<br />"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]<br />"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-15 136600]<br />"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-16 1519616]<br /><br />[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]<br />"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]<br /><br />c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\<br />Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-9-29 1719568]<br /><br />[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]<br />"%windir%\\Network Diagnostic\\xpnetdiag.exe"=<br />"%windir%\\system32\\sessmgr.exe"=<br />"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=<br />"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=<br />"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=<br />"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=<br />"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=<br />"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=<br />"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=<br /><br />R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/9/2009 20:23 54752]<br />R3 cpuz129;cpuz129;\??\c:\windows\TEMP\cpuz_x32.sys --> c:\windows\TEMP\cpuz_x32.sys [?]<br />R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [14/9/2009 15:46 26752]<br />R3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376]<br />S2 gupdate1ca37a8c724d556;Google Update Service (gupdate1ca37a8c724d556);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [17/9/2009 12:08 133104]<br />S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]<br /><br />[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]<br />"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP<br />.<br />Conteúdo da pasta 'Tarefas Agendadas'<br /><br />2009-10-01 c:\windows\Tasks\Google Software Updater.job<br />- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-28 00:11]<br /><br />2009-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job<br />- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-17 15:08]<br /><br />2009-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job<br />- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-17 15:08]<br /><br />2009-09-28 c:\windows\Tasks\Norton Security Scan for Sergio.job<br />- c:\arquivos de programas\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-28 19:45]<br /><br />2009-10-01 c:\windows\Tasks\OGALogon.job<br />- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]<br />.<br />.<br />------- Scan Suplementar -------<br />.<br />uStart Page = hxxp://search.orbitdownloader.com<br />IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201<br />IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204<br />IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203<br />IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202<br />IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br />TCP: {A10C5BEF-E763-453F-849B-19BA8CB443D0} = 201.10.128.3,201.10.120.3<br />FF - ProfilePath - c:\documents and settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\upl2sp9x.default\<br />FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=<br />FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com<br />FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=<br />FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll<br />FF - component: c:\documents and settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\upl2sp9x.default\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}\components\GrabXpcom.dll<br />FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll<br />FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll<br />FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll<br />FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll<br />FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll<br />FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll<br />FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\<br /><br />---- FIREFOX POLICIES ----<br />c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");<br />.<br />- - - - ORFÃOS REMOVIDOS - - - -<br /><br />HKLM-Run-TkBellExe - c:\arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe<br />AddRemove-Ask.com - c:\arquivos de programas\Ask Search Assistant\uninst.exe<br /><br /><br /><br />**************************************************************************<br /><br />catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net<br />Rootkit scan 2009-10-01 08:40<br />Windows 5.1.2600 Service Pack 3 NTFS<br /><br />Procurando processos ocultos ... <br /><br />Procurando entradas auto inicializáveis ocultas ... <br /><br />Procurando ficheiros/arquivos ocultos ... <br /><br />Varredura completada com sucesso<br />arquivos/ficheiros ocultos: 0<br /><br />**************************************************************************<br />.<br />--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]<br />@Denied: (A 2) (Everyone)<br />@="FlashBroker"<br />"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]<br />"Enabled"=dword:00000001<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]<br />@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]<br />@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]<br />@Denied: (A 2) (Everyone)<br />@="IFlashBroker3"<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]<br />@="{00020424-0000-0000-C000-000000000046}"<br /><br />[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]<br />@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"<br />"Version"="1.0"<br /><br />[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]<br />"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"<br />.<br />--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------<br /><br />- - - - - - - > 'explorer.exe'(3068)<br />c:\windows\system32\WININET.dll<br />c:\windows\system32\webcheck.dll<br />c:\windows\system32\WPDShServiceObj.dll<br />c:\windows\system32\PortableDeviceTypes.dll<br />c:\windows\system32\PortableDeviceApi.dll<br />.<br />------------------------ Outros Processos em Execução ------------------------<br />.<br />c:\windows\system32\CTSVCCDA.EXE<br />c:\arquivos de programas\Java\jre6\bin\jqs.exe<br />c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE<br />c:\windows\system32\rundll32.exe<br />c:\windows\system32\nvsvc32.exe<br />c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe<br />c:\windows\system32\MsPMSPSv.exe<br />c:\arquivos de programas\Orbitdownloader\orbitnet.exe<br />c:\windows\system32\wscntfy.exe<br />c:\windows\system32\wbem\wmiapsrv.exe<br />.<br />**************************************************************************<br />.<br />Tempo para conclusão: 2009-10-01 8:43 - Máquina reiniciou<br />ComboFix-quarantined-files.txt 2009-10-01 11:43<br /><br />Pré-execução: 9 pasta(s) 48.227.942.400 bytes disponíveis<br />Pós execução: 10 pasta(s) 48.405.032.960 bytes disponíveis<br /><br />WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe<br />[boot loader]<br />timeout=2<br />default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS<br />[operating systems]<br />c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons<br />multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect<br /><br />352 --- E O F --- 2009-09-28 23:25<br />

Attached Files

  • Attached File  log.txt   25.63KB   3 downloads


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:26 AM

Posted 01 October 2009 - 08:33 AM

Please see comments by Bleeping Computer personnel at http://www.bleepingcomputer.com/forums/ind...p;#entry1159014.

The only personnel at BC who authorize/handle ComboFix matters...attend one of our malware forums.

If you need assistance with a malware issue, I suggest that you post at the appropriate BC forum.

Thanks :thumbsup:.

Louis

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:12:26 PM

Posted 01 October 2009 - 09:25 AM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users