Combo Fix

ComboFix 10-10-26.04 - USUARIO 27/10/2010 16:07:57.1.
1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.261 [GMT -2:00
]
Executando de: c:\documents and settings\USUARIO\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC
6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0
}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-27 to 2010-10-27 )))))
)))))))))))))))))))))))
.
2010-10-26 22:59 . 2010-10-27 13:19 -------- d-----w- c:\docum
ents and settings\USUARIO\Dados de aplicativos\IGN_DLM
2010-10-26 22:51 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\syste
m32\dllcache\usbstor.sys
2010-10-25 20:30 . 2010-10-25 20:30 2829 ----a-w- c:\windows\W3Dem
oUnin.pif
2010-10-25 20:30 . 2010-10-25 20:30 126976 ----a-w- c:\windows\W3Dem
oUnin.exe
2010-10-25 20:30 . 2010-10-26 13:17 -------- d-----w- c:\arqui
vos de programas\Warcraft III Demo
2010-10-23 13:40 . 2010-10-26 18:13 -------- d-----w- c:\arqui
vos de programas\Valve
2010-10-23 13:40 . 2003-09-03 04:27 69715 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\ctor.d
ll
2010-10-23 13:40 . 2003-09-03 04:26 266240 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iscrip
t.dll
2010-10-23 13:40 . 2003-09-03 04:26 192512 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iuser.
dll
2010-10-23 13:40 . 2003-09-03 04:25 5632 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\DotNet
Installer.exe
2010-10-23 13:39 . 2003-09-03 04:28 724992 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iKerne
l.dll
2010-10-22 23:15 . 2010-10-22 23:15 184452 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.d
ll
2010-10-22 23:07 . 2010-10-22 23:07 311428 ----a-w- c:\arquivos de p
rogramas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\Setup.
dll
2010-10-21 20:52 . 2010-10-26 13:31 -------- d-----w- C:\Games
2010-10-21 18:52 . 2010-10-21 20:17 -------- d-----w- c:\arqui
vos de programas\GameTop.com
2010-10-19 11:28 . 2010-10-19 11:28 60416 ----a-w- c:\windows\ALCFD
RTM.EXE
2010-10-19 11:28 . 2010-10-26 18:34 60416 ----a-w- c:\windows\ALCFD
RTM.VER
2010-10-19 11:28 . 2010-10-19 11:28 -------- d-----w- c:\windo
ws\system32\Lang
2010-10-15 16:03 . 2010-10-15 16:03 97549 ----a-w- c:\windows\syste
m32\drivers\klick.dat
m32\drivers\klin.dat
2010-10-15 16:02 . 2010-10-15 16:02 -------- d-----w- c:\arqui
vos de programas\Kaspersky Lab
2010-10-15 16:02 . 2010-10-27 18:18 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2010-10-15 16:01 . 2010-10-15 16:01 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2010-10-15 14:35 . 2010-10-15 14:35 -------- d-----w- C:\found
.000
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
m32\mfc42u.dll
m32\mfc42.dll
m32\mfc40u.dll
m32\mfc40.dll
m32\wininet.dll
2010-09-10 05:51 . 2008-04-13 21:21 1469440 ------w- c:\windows\syste
m32\inetcpl.cpl
m32\licmgr10.dll
m32\atmfd.dll
m32\win32k.sys
m32\t2embed.dll
m32\srvsvc.dll
m32\xpsp4res.dll
m32\drivers\srv.sys
m32\comctl32.dll
m32\spoolsv.exe
m32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-07-21 . 34D489CB2F1EB617129D9DF60B823B0F . 1571840 . . [5.1.2600.5512]
. . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB
.exe" [2010-09-13 2969496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2011\a
vp.exe" [2010-10-15 352976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\USUARIO\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstar
t.exe [2010-5-20 1195008]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
irus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Level Up! Games\\RF Online\\RF.exe"=
"c:\\Level Up Games\\Grand Chase\\main.exe"=
"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\
CombatArms.exe:*Enabled:CombatArms.exe
"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engi
ne.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"57550:TCP"= 57550:TCP:Pando Media Booster
"57550:UDP"= 57550:UDP:Pando Media Booster
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/6/2010 18:43 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys
[7/5/2010 13:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/1
1/2009 21:27 19472]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service -
-> c:\windows\system32\GameMon.des -service [?]
S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\X
Dva356.sys [?]
Dva361.sys [?]
Dva370.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{F92107BA-70A9-404E-955B-B
DF6B02BED29}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.magnox.com.br/
IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky I
nternet Security 2011\ie_banner_deny.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-10-27 16:19
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX
.exe,-101"
}\Elevation]
"Enabled"=dword:00000001
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-10-27 16:23:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-10-27 18:23
Pré-execução: 10 pasta(s) 52.995.014.656 bytes disponíveis
Pós execução: 12 pasta(s) 53.141.327.872 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - CBE668548612F197A25BD7E109A33532

Combo Fix

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Combo Fix

Caricato da

Copyright:

Formati disponibili

ComboFix 10-10-26.04 - USUARIO 27/10/2010 16:07:57.1.

Potrebbero piacerti anche