You are on page 1of 6

ComboFix 10-05-05.0D - fassis 06/05/2010 12:41:25.4.

2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.479.226 [GMT -3:00
]
Executando de: c:\documents and settings\fassis\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
c:\windows\log32.txt
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-06 to 2010-05-06 )))))
)))))))))))))))))))))))
.
2010-04-27 01:22 . 2010-04-27 21:56 -------- d-----w- c:\arqui
vos de programas\SpeedFan
2010-04-24 14:47 . 2010-04-28 16:30 -------- d-----w- c:\docum
ents and settings\fassis\Dados de aplicativos\vlc
2010-04-24 14:43 . 2010-04-24 14:43 -------- d-----w- c:\arqui
vos de programas\VideoLAN
2010-04-16 22:37 . 2010-04-16 22:39 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Blizzard Entertainment
2010-04-16 12:48 . 2004-09-29 20:36 15360 ---ha-r- c:\windows\syste
m32\drivers\NetMotCM.sys
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-05-05 00:53 . 2009-05-31 02:14 -------- d-----w- c:\docum
ents and settings\fassis\Dados de aplicativos\uTorrent
2010-04-29 00:16 . 2010-04-29 00:14 11589904 ----a-w- c:\arqui
vos de programas\Dev-CppPortable.7z
2010-04-27 01:54 . 2010-04-27 01:54 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml25.tmp
2010-04-27 01:54 . 2010-04-27 01:54 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml24.tmp
2010-04-27 01:15 . 2010-04-27 01:15 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml14.tmp
2010-04-27 01:15 . 2010-04-27 01:15 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml13.tmp
2010-04-27 01:01 . 2010-04-27 01:01 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml12.tmp
2010-04-27 01:01 . 2010-04-27 01:01 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml11.tmp
2010-04-22 02:11 . 2010-04-22 02:10 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlE8.tmp
2010-04-22 02:10 . 2010-04-22 02:10 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlE7.tmp
2010-04-21 19:57 . 2010-04-21 19:57 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml10.tmp
2010-04-21 19:57 . 2010-04-21 19:57 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlF.tmp
2010-04-21 19:26 . 2010-04-21 19:26 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlE.tmp
2010-04-21 19:26 . 2010-04-21 19:26 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlB.tmp
2010-04-21 17:59 . 2010-04-21 17:59 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlD.tmp
2010-04-21 17:59 . 2010-04-21 17:59 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlC.tmp
2010-04-21 17:49 . 2009-09-17 02:09 2316 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml23.tmp
2010-04-21 17:49 . 2009-09-17 02:09 13605 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml22.tmp
2010-04-21 17:49 . 2010-04-21 17:49 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xmlA.tmp
2010-04-15 12:28 . 2001-10-28 12:07 98068 ----a-w- c:\windows\syste
m32\perfc016.dat
2010-04-15 12:28 . 2001-10-28 12:07 520488 ----a-w- c:\windows\syste
m32\perfh016.dat
2010-04-03 23:38 . 2010-04-03 23:37 -------- d-----w- c:\arqui
vos de programas\dotnetCHARTING_WinForms
2010-03-20 22:01 . 2010-03-19 01:55 -------- d-----w- c:\docum
ents and settings\fassis\Dados de aplicativos\REALbasic
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\docum
ents and settings\fassis\Dados de aplicativos\REALbasic 2007r5
2010-03-19 01:48 . 2010-03-19 01:48 -------- d-----w- c:\arqui
vos de programas\REAL Software
2010-03-18 23:38 . 2009-08-22 17:51 -------- d-----w- c:\docum
ents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-03-18 23:37 . 2009-08-22 17:58 416 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.d
ll
2010-03-13 18:38 . 2010-03-13 18:38 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml41.tmp
2010-03-13 18:33 . 2010-03-13 18:33 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml40.tmp
2010-03-12 22:29 . 2010-02-28 02:59 -------- d-----w- c:\docum
ents and settings\fassis\Dados de aplicativos\fassis_Corporation_&_Ente
2010-02-27 02:35 . 2009-11-18 21:37 2031040 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\Microsoft\VisualStudio\9.0\1033\Resourc
eCache.dll
2010-02-27 02:33 . 2010-02-27 02:33 25214 ----a-r- c:\documents and
settings\fassis\Dados de aplicativos\Microsoft\Installer\{5FD88490-011C-4DF1-B8
86-F298D955171B}\SunReg.exe
2010-02-19 21:49 . 2010-02-19 21:49 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml8.tmp
2010-02-19 21:49 . 2010-02-19 21:49 0 ----a-w- c:\documents and
settings\All Users\Dados de aplicativos\xml7.tmp
2004-10-01 18:00 . 2009-09-28 08:27 40960 ----a-w- c:\arquivos de p
rogramas\Uninstall_CDS.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\arquivos de programas\RamBooster 2.0\Rambooster.exe" [2005-11-1
7 561664]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07
-26 3883840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"PRONoMgr.exe"="c:\arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03
-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 577536]
"DSLSTATEXE"="c:\program files\DSLink180U\Adsl\dslstat.exe" [2005-02-28 376832]
"DSLAGENTEXE"="c:\program files\DSLink180U\Adsl\dslagent.exe" [2005-02-28 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFa
ultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON T
ools-1033]
2004-08-22 20:05 81920 ----a-w- c:\arquivos de programas\D-Tools
\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google U
pdate]
2009-07-17 01:33 133104 ----atw- c:\documents and settings\fassis
\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 03:56 1667584 ------w- c:\arquivos de programas\Messeng
er\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows
Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
erCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.ex
e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
]
1998-07-25 02:00 36864 ----a-w- c:\arquivos de programas\Microso
ft Money\System\REMINDER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2009-06-12 13:07 148888 -c--a-w- c:\arquivos de programas\Java\jr
e6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"idsvc"=3 (0x3)
"dmadmin"=3 (0x3)
"SandraAgentSrv"=2 (0x2)
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"postgresql-8.4"=2 (0x2)
"IDriverT"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgen
tSrv.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSett
ings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20/6/2009 18:31 1551
36]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20/6/2009 18:31 5248
]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [26/11/2009 17:45 4096]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\driver
s\RMSPPPOE.SYS [10/6/2002 00:09 31232]
S2 upehtsujb;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004
00:45 14336]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\arquivos de programas\Microsoft V
isual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [4/9/2007 15:53 55
664]
S4 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\Log
MeIn Hamachi\hamachi-2.exe [29/10/2009 11:27 1074568]
S4 postgresql-8.4;PostgreSQL Server 8.4;C:/Arquivos de programas/PostgreSQL/8.4/
bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Arquivos de programas/Postg
reSQL/8.4/data" -w --> C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe ru
nservice -N postgresql-8.4 [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
upehtsujb
.
.
------- Scan Suplementar -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.10
\AMVConverter\grab.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3
000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player
Utilities 4.10\MediaManager\grab.html
TCP: {0CF2228D-F45B-4CE1-A86E-4A54EC808974} = 8.8.8.8,8.8.4.4
TCP: {42CA072D-E6AE-419E-9916-864D3181C6B5} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\fassis\Dados de aplicativos\Mozilla
\Firefox\Profiles\e09r71ud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - component: c:\documents and settings\fassis\Dados de aplicativos\Mozilla\Fi
refox\Profiles\e09r71ud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360
}\components\bdqscan.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugi
n.dll
FF - plugin: c:\documents and settings\fassis\Dados de aplicativos\Mozilla\Firef
ox\Profiles\e09r71ud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\p
lugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("b
rowser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -
MSConfigStartUp-AVG8_TRAY - c:\arquiv~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Microsoft Driver Setup - c:\windows\windows7addon.exe
AddRemove-WampServer 2_is1 - h:\wamp\unins000.exe

**************************************************************************
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -
N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -
N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upehtsujb]
"ServiceDll"="c:\windows\system32\ntvvzqm.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData
\LocalSystem\Components\ð |ÿÿÿÿ. |þ»Òw*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Tempo para conclusão: 2010-05-06 12:48:47
ComboFix-quarantined-files.txt 2010-05-06 15:48
ComboFix2.txt 2009-11-07 14:34
Pré-execução: 2.703.990.784 bytes disponíveis
Pós execução: 2.806.743.040 bytes disponíveis
- - End Of File - - 9362C19EC7FAA080B5FFAB95C02C09CF

You might also like