ComboFix 08-10-10.09 - Play 2008-10-11 15:15:48.

2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.686 [GMT -3:00]
Executando de: C:\COMBOFIX\ComboFix.exe

[COLOR=RED][B]ATEN�AO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERA��O INSTALADA !!

[/B][/COLOR]
.

((((((((((((((((((((((( Ficheiros criados de 2008-09-11 to 2008-10-11

))))))))))))))))))))))))))))))))
.

2008-10-11 14:25 . 2008-10-11 14:25 268 --ah----- C:\sqmdata03.sqm

2008-10-11 14:25 . 2008-10-11 14:25 244 --ah----- C:\sqmnoopt03.sqm
2008-10-11 13:47 . 2005-05-26 15:34 2,297,552 --a------
C:\WINDOWS\system32\d3dx9_26.dll
2008-10-11 13:43 . 2008-10-11 13:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-11 13:43 . 2008-10-11 13:43 <DIR> d-------- C:\Arquivos de programas\D-
Tools
2008-10-11 13:43 . 2004-08-22 16:31 155,136 --a------
C:\WINDOWS\system32\drivers\d347bus.sys
2008-10-11 13:43 . 2004-08-22 16:31 5,248 --a------
C:\WINDOWS\system32\drivers\d347prt.sys
2008-10-11 13:41 . 2008-10-11 13:41 <DIR> d-------- C:\WINDOWS\Downloaded
Installations
2008-10-11 12:31 . 2008-10-11 12:32 <DIR> d-------- C:\Documents and
Settings\Play\Contacts
2008-10-11 12:31 . 2008-10-11 12:39 <DIR> d-------- C:\Arquivos de
programas\Trymedia
2008-10-11 12:31 . 2008-10-11 12:31 268 --ah----- C:\sqmdata02.sqm
2008-10-11 12:31 . 2008-10-11 12:31 244 --ah----- C:\sqmnoopt02.sqm
2008-10-11 12:30 . 2008-10-11 12:30 <DIR> d-------- C:\Arquivos de
programas\Valusoft
2008-10-11 11:22 . 2008-10-11 11:47 <DIR> d-------- C:\Documents and Settings\All
Users\Dados de aplicativos\Trymedia
2008-10-11 10:22 . 2008-10-11 10:23 <DIR> d-------- C:\18 WoS Pedal to the Metal
2008-10-11 10:06 . 2008-10-11 10:06 <DIR> d-------- C:\Arquivos de
programas\Rockstar Games
2008-10-11 09:57 . 2008-10-11 09:57 268 --ah----- C:\sqmdata01.sqm
2008-10-11 09:57 . 2008-10-11 09:57 244 --ah----- C:\sqmnoopt01.sqm
2008-10-11 09:47 . 2008-10-11 09:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-11 09:47 . 2005-02-25 00:34 22,752 --a------
C:\WINDOWS\system32\spupdsvc.exe
2008-10-10 21:25 . 2008-10-11 13:28 <DIR> d--h----- C:\Arquivos de
programas\InstallShield Installation Information
2008-10-10 21:24 . 2008-10-10 21:24 <DIR> d-------- C:\Arquivos de
programas\Messenger Plus! Live
2008-10-10 21:24 . 2008-10-10 21:24 <DIR> d-------- C:\Arquivos de
programas\Adverts
2008-10-10 21:24 . 2008-10-10 21:24 268 --ah----- C:\sqmdata00.sqm
2008-10-10 21:24 . 2008-10-10 21:24 244 --ah----- C:\sqmnoopt00.sqm
2008-10-10 21:23 . 2008-10-10 21:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-10 21:23 . 2008-10-10 21:24 <DIR> d-------- C:\Arquivos de programas\MSN
Messenger
2008-10-10 21:06 . 2008-10-10 21:06 <DIR> d-------- C:\Arquivos de
programas\Arquivos comuns\InstallShield
2008-10-10 21:05 . 2008-10-10 21:05 <DIR> d-------- C:\Arquivos de
programas\Google
2008-10-10 21:05 . 2008-10-10 21:05 <DIR> d-------- C:\Arquivos de
programas\Arquivos comuns\DirectX
2008-10-10 21:03 . 2008-10-10 21:03 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-10 21:00 . 2008-10-11 11:46 <DIR> d-------- C:\Documents and
Settings\Play\Dados de aplicativos\IDM
2008-10-10 21:00 . 2008-10-11 15:17 <DIR> d-------- C:\Documents and
Settings\Play\Dados de aplicativos\DMCache
2008-10-10 21:00 . 2008-10-10 21:00 <DIR> d-------- C:\Arquivos de
programas\Internet Download Manager
2008-10-10 20:50 . 2008-10-10 20:50 <DIR> d-------- C:\Adobe Rader
2008-10-10 20:47 . 2008-10-10 20:47 <DIR> d---s---- C:\Documents and
Settings\Play\UserData
2008-10-10 20:46 . 2003-05-28 18:53 45,056 --a------
C:\WINDOWS\system32\WNASPI32.DLL
2008-10-10 20:46 . 2003-05-28 18:53 17,005 --a------
C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-10-10 20:46 . 2003-05-28 18:53 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-10-10 20:46 . 2003-05-28 18:53 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-10-10 20:33 . 2008-10-10 20:33 <DIR> d-------- C:\Arquivos de
programas\SymNetDrv
2008-10-10 20:21 . 2003-06-19 01:31 17,920 --a------
C:\WINDOWS\system32\mdimon.dll
2008-10-10 20:21 . 2008-10-10 20:21 421 --a------ C:\WINDOWS\ODBC.INI
2008-10-10 20:20 . 2008-10-10 20:20 <DIR> d-------- C:\Arquivos de
programas\Microsoft.NET
2008-10-10 20:19 . 2008-10-10 20:19 <DIR> d-------- C:\Arquivos de
programas\Microsoft Works
2008-10-10 20:18 . 2008-10-10 20:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-10 20:08 . 2008-10-10 20:08 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-10 20:08 . 2008-10-10 20:08 <DIR> d-------- C:\WINDOWS\Profiles
2008-10-10 20:08 . 2008-10-10 20:08 <DIR> d-------- C:\Documents and
Settings\Play\Dados de aplicativos\InterTrust
2008-10-10 20:08 . 2008-10-10 20:08 <DIR> d-------- C:\Arquivos de
programas\Arquivos comuns\Adobe
2008-10-10 20:08 . 1998-11-13 12:18 308,224 --a------ C:\WINDOWS\IsUn0416.exe
2008-10-10 20:00 . 2008-10-10 20:00 <DIR> d-------- C:\Documents and
Settings\Play\Dados de aplicativos\Symantec
2008-10-10 20:00 . 2008-10-10 21:45 <DIR> d-------- C:\Arquivos de
programas\Norton SystemWorks
2008-10-10 20:00 . 2008-10-10 20:46 <DIR> d-------- C:\Arquivos de
programas\Arquivos comuns\Symantec Shared
2008-10-10 20:00 . 2003-09-12 07:08 83,208 --a------
C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-10 20:00 . 2003-09-12 07:08 82,136 --a------
C:\WINDOWS\system32\drivers\SYMEVENT.SYS

.
((((((((((((((((((((((((((((((((((((( Relat�rio Find3M
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 23:46 --------- d-----w C:\Documents and Settings\All Users\Dados
de aplicativos\Symantec
2008-10-10 23:45 --------- d-----w C:\Arquivos de programas\Symantec
2008-10-10 22:28 --------- d-----w C:\Arquivos de programas\microsoft
frontpage
2008-10-10 22:26 --------- d-----w C:\Arquivos de programas\Servi�os on-line
2008-10-10 22:25 --------- d-----w C:\Arquivos de programas\Arquivos
comuns\Servi�os
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro

)))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg�timas por defeito n�o s�o mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="C:\Arquivos de programas\Internet Download Manager\IDMan.exe" [2008-09-12
2606512]
"swg"="C:\Arquivos de
programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
[2008-10-10 171448]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19
5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 7323648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 86016]
"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
[2006-01-11 71312]
"Symantec NetDriver Monitor"="C:\ARQUIV~1\SYMNET~1\SNDMon.exe" [2008-10-10 95960]
"GhostStartTrayApp"="C:\Arquivos de programas\Norton SystemWorks\Norton
Ghost\GhostStartTrayApp.exe" [2003-06-10 94208]
"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22
81920]
"PCTVOICE"="pctspk.exe" [2004-01-29 C:\WINDOWS\system32\pctspk.exe]
"nwiz"="nwiz.exe" [2006-07-24 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized
Applications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"D:\\Need for Speed Underground 1\\Speed.exe"=

R1 GhPciScan;GhostPciScanner;C:\Arquivos de programas\Norton SystemWorks\Norton

Ghost\ghpciscan.sys [2003-05-28 5632]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90
.
Conte�do da pasta 'Tarefas Agendadas'

2008-10-10 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador.job

- C:\ARQUIV~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-16 12:05]

2008-10-10 C:\WINDOWS\Tasks\One Button Checkup do Norton SystemWorks.job

- C:\Arquivos de programas\Norton SystemWorks\OBC.exe [2003-09-25 15:26]

2008-10-10 C:\WINDOWS\Tasks\Symantec Drmc.job

- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymDrmc.exe [2003-09-10
04:48]

2008-10-11 C:\WINDOWS\Tasks\Symantec NetDetect.job

- C:\Arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE [2003-09-09 14:15]
.
.
------- Scan Suplementar -------
.
FireFox -: Profile - C:\Documents and Settings\Play\Dados de
aplicativos\Mozilla\Firefox\Profiles\xen86bzy.default\
FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat
5.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2008-10-11 15:17:11
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ�veis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclus�o: 2008-10-11 15:18:19
ComboFix-quarantined-files.txt 2008-10-11 18:18:15
ComboFix2.txt 2008-10-11 18:03:58

Pr�-execu��o: 684.847.104 bytes dispon�veis

P�s execu��o: 680,955,904 bytes dispon�veis

135 --- E O F --- 2008-10-11 12:47:30