You are on page 1of 3

ComboFix 10-01-29.02 - FATEC 30/01/2010 10:52:55.1.

2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.503.205 [GMT -2:00
]
Executando de: c:\documents and settings\FATEC\Meus documentos\Downloads\ComboFi
x.exe
.
PEV Error: ProgramsFolder
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-30 )))))
)))))))))))))))))))))))
.
2010-01-29 17:07 . 2010-01-29 18:30 -------- d-----w- c:\docum
ents and settings\FATEC\Dados de aplicativos\GetRightToGo
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-01-18 16:33 . 2008-04-14 11:00 84874 ----a-w- c:\windows\syste
m32\perfc016.dat
2010-01-18 16:33 . 2008-04-14 11:00 471780 ----a-w- c:\windows\syste
m32\perfh016.dat
.
------- Sigcheck -------
[-] 2008-06-03 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512]
. . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2008-
04-09 798720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\DfLogon]
2002-08-26 10:17 49152 ----a-w- c:\windows\system32\LogonDll.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas
^Inicializar^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Auto
CAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
ader Speed Launcher]
2009-02-27 20:10 35696 ----a-w- c:\arquivos de programas\Adobe\R
eader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 21:43 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonito
r_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-30 18:05 139264 ----a-w- c:\arquivos de programas\Arquivo
s comuns\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.e
xe]
2008-04-14 11:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMo
nitor]
2006-10-27 03:47 31016 ----a-w- c:\arquivos de programas\Microso
ft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysC
mds]
2005-06-08 10:59 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
]
2005-06-08 11:02 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
erCheck]
2006-01-12 19:40 155648 ----a-w- c:\arquivos de programas\Arquivo
s comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persiste
nce]
2005-06-08 11:03 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 17:54 16248320 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 21:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 DepFrzHi;DepFrzHi;c:\windows\system32\drivers\DepFrzHi.sys [26/8/2002 08:16 1
2288]
R0 DepFrzLo;DepFrzLo;c:\windows\system32\drivers\DepFrzLo.sys [26/8/2002 08:15 5
2709]
R2 DFServEx;DFServEx;c:\arquivos de programas\HyperTechnologies\Deep Freeze\DFSe
rvEx.exe [26/8/2002 08:15 288256]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3
000
TCP: {240E67D8-4B5F-4935-9EE9-8FF7D44C55B9} = 187.45.128.11
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-egui - c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.e
xe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-01-30 10:55
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\LogonDll.dll
- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\ieframe.dll
.
Tempo para conclusão: 2010-01-30 10:56:11
ComboFix-quarantined-files.txt 2010-01-30 12:56
Pré-execução: 9 pasta(s) 69.980.581.888 bytes disponíveis
Pós execução: 12 pasta(s) 69.952.040.960 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - 1288295B1A08E2C1048511E8E230EADB