[Resolvido!] Analise de LOG, trojan, será?

CrBonet · Outubro 16, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:16, on 15/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: PowerScrap Toolbar - {abf33bf2-7401-4624-8c1b-34cfbbc0e4f2} - C:\Arquivos de programas\PowerScrap\tbPowe.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: PowerScrap Toolbar - {abf33bf2-7401-4624-8c1b-34cfbbc0e4f2} - C:\Arquivos de programas\PowerScrap\tbPowe.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PowerScrap Toolbar - {abf33bf2-7401-4624-8c1b-34cfbbc0e4f2} - C:\Arquivos de programas\PowerScrap\tbPowe.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://www.sgnet-rs.com.br/activex/xplug.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217780933921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217781149312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Unknown owner - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 13665 bytes

Silas Martins · Outubro 16, 2008

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo o retorno

CrBonet · Outubro 18, 2008

Olá, fiz tudo como você pediu

Ai vai o Relatório do ComboFix

ComboFix 08-10-16.08 - Ricardo 2008-10-18 0:59:19.3 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1717 [GMT -2:00]

Executando de: C:\Documents and Settings\Ricardo\Desktop\komboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\ckvo0.dll

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GBPSV

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))

.

2008-10-16 15:14 . 2008-10-16 15:25 <DIR> d-------- C:\ComboFix

2008-10-16 09:11 . 2008-09-15 13:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-16 09:10 . 2008-08-14 11:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-16 09:10 . 2008-08-14 11:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-16 09:10 . 2008-08-14 11:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-16 09:10 . 2008-08-14 11:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 19:17 . 2008-10-16 14:09 593 --a------ C:\WINDOWS\imsins.BAK

2008-10-15 18:42 . 2008-09-08 08:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 12:21 . 2008-10-15 12:21 396,288 --a------ C:\HijackThis.exe

2008-10-14 22:43 . 2008-10-15 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NOS

2008-10-14 22:42 . 2008-10-15 08:11 <DIR> d-------- C:\Arquivos de programas\NOS

2008-10-12 08:55 . 2008-10-12 08:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LightScribe

2008-10-12 00:12 . 2008-10-12 00:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\LightScribe

2008-10-09 21:46 . 2008-10-09 21:46 <DIR> d-------- C:\WINDOWS\PixArt

2008-10-09 21:46 . 2005-01-14 10:32 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe

2008-10-09 19:46 . 2008-10-09 19:46 236 --a------ C:\sqmdata19.sqm

2008-10-09 19:41 . 2008-10-09 19:41 236 --a------ C:\sqmdata18.sqm

2008-10-09 19:41 . 2008-10-09 19:41 200 --a------ C:\sqmnoopt19.sqm

2008-10-09 15:44 . 2008-10-09 15:44 236 --a------ C:\sqmdata17.sqm

2008-10-09 15:44 . 2008-10-09 15:44 200 --a------ C:\sqmnoopt18.sqm

2008-10-09 15:07 . 2008-10-09 15:07 <DIR> d-------- C:\Arquivos de programas\MSECache

2008-10-08 17:07 . 2008-10-08 17:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nullsoft

2008-10-08 01:08 . 2008-10-08 01:08 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-10-08 01:02 . 2008-10-17 23:50 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\skypePM

2008-10-08 01:02 . 2008-10-08 01:02 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-10-08 01:01 . 2008-10-18 01:05 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Skype

2008-10-08 01:01 . 2008-10-08 01:01 <DIR> d-------- C:\Arquivos de programas\Google

2008-10-08 01:00 . 2008-10-08 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-10-08 01:00 . 2008-10-08 01:00 <DIR> d-------- C:\Arquivos de programas\Skype

2008-10-08 01:00 . 2008-10-08 01:00 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-10-07 21:55 . 2008-10-07 21:55 236 --a------ C:\sqmdata16.sqm

2008-10-07 21:55 . 2008-10-07 21:55 200 --a------ C:\sqmnoopt17.sqm

2008-10-07 21:47 . 2006-08-16 01:21 151,552 -ra------ C:\WINDOWS\system32\SUGE1CI.exe

2008-10-07 21:47 . 2006-08-16 01:21 57,344 -ra------ C:\WINDOWS\system32\SUGE1CI.dll

2008-10-07 21:47 . 2006-08-16 01:22 22,663 -ra------ C:\WINDOWS\system32\SUGE1LMK.DLL

2008-10-07 21:47 . 2006-08-16 01:22 556 -ra------ C:\WINDOWS\system32\SUGE1lmk.smt

2008-10-07 20:05 . 2008-10-07 20:05 236 --a------ C:\sqmdata15.sqm

2008-10-07 20:05 . 2008-10-07 20:05 200 --a------ C:\sqmnoopt16.sqm

2008-10-07 18:48 . 2008-10-07 18:48 236 --a------ C:\sqmdata14.sqm

2008-10-07 18:48 . 2008-10-07 18:48 200 --a------ C:\sqmnoopt15.sqm

2008-10-07 17:26 . 2008-10-07 17:26 236 --a------ C:\sqmdata13.sqm

2008-10-07 17:26 . 2008-10-07 17:26 200 --a------ C:\sqmnoopt14.sqm

2008-10-07 15:59 . 2008-10-07 15:59 236 --a------ C:\sqmdata12.sqm

2008-10-07 15:59 . 2008-10-07 15:59 200 --a------ C:\sqmnoopt13.sqm

2008-10-07 12:23 . 2008-10-07 12:23 236 --a------ C:\sqmdata11.sqm

2008-10-07 12:23 . 2008-10-07 12:23 200 --a------ C:\sqmnoopt12.sqm

2008-10-07 08:01 . 2008-10-07 08:01 236 --a------ C:\sqmdata10.sqm

2008-10-07 08:01 . 2008-10-07 08:01 200 --a------ C:\sqmnoopt11.sqm

2008-10-06 20:17 . 2008-10-06 20:17 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-10-06 11:38 . 2008-10-06 11:38 200 --a------ C:\sqmnoopt09.sqm

2008-10-06 11:38 . 2008-10-06 11:38 120 --a------ C:\sqmnoopt10.sqm

2008-10-06 11:38 . 2008-10-06 11:38 120 --a------ C:\sqmdata09.sqm

2008-10-05 23:19 . 2008-10-05 23:19 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\HP

2008-10-05 19:18 . 2008-10-05 19:18 236 --a------ C:\sqmdata08.sqm

2008-10-05 19:18 . 2008-10-05 19:18 200 --a------ C:\sqmnoopt08.sqm

2008-10-05 16:55 . 2008-10-05 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

2008-10-05 16:54 . 2007-03-08 02:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-10-05 16:54 . 2007-03-08 02:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-10-05 16:53 . 2007-03-17 04:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll

2008-10-05 16:53 . 2007-03-17 04:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll

2008-10-05 16:53 . 2007-03-08 02:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll

2008-10-05 16:53 . 2007-03-08 02:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll

2008-10-05 16:53 . 2007-03-17 04:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll

2008-10-05 16:53 . 2007-03-08 02:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-10-05 16:52 . 2008-10-05 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-10-05 16:51 . 2008-10-07 13:15 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\HPAppData

2008-10-05 16:49 . 2008-10-05 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

2008-10-05 16:49 . 2008-10-05 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-10-05 16:49 . 2008-10-05 16:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2008-10-05 16:48 . 2008-10-05 16:48 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-10-05 16:48 . 2008-10-05 16:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-10-05 16:46 . 2008-10-05 16:52 <DIR> d-------- C:\Arquivos de programas\HP

2008-10-05 16:44 . 2008-10-05 16:55 150,745 --a------ C:\WINDOWS\hpoins15.dat

2008-10-05 16:44 . 2007-09-20 18:05 1,039 --------- C:\WINDOWS\hpomdl15.dat

2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- C:\WINDOWS\system32\lib

2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- C:\WINDOWS\system32\ASOCX

2008-10-05 01:22 . 2008-10-05 01:22 <DIR> d-------- C:\Arquivos de programas\Microsoft Office Outlook Connector

2008-10-04 20:33 . 2008-10-04 20:33 236 --a------ C:\sqmdata07.sqm

2008-10-04 20:33 . 2008-10-04 20:33 200 --a------ C:\sqmnoopt07.sqm

2008-10-04 19:13 . 2008-10-04 19:13 236 --a------ C:\sqmdata06.sqm

2008-10-04 19:13 . 2008-10-04 19:13 200 --a------ C:\sqmnoopt06.sqm

2008-10-04 18:00 . 2008-10-04 18:00 236 --a------ C:\sqmdata05.sqm

2008-10-04 18:00 . 2008-10-04 18:00 200 --a------ C:\sqmnoopt05.sqm

2008-10-04 17:26 . 2008-10-04 17:26 236 --a------ C:\sqmdata04.sqm

2008-10-04 17:26 . 2008-10-04 17:26 200 --a------ C:\sqmnoopt04.sqm

2008-10-04 17:03 . 2008-10-04 17:03 236 --a------ C:\sqmdata03.sqm

2008-10-04 17:03 . 2008-10-04 17:03 200 --a------ C:\sqmnoopt03.sqm

2008-10-04 12:49 . 2007-02-28 07:29 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-10-04 12:49 . 2007-03-01 04:35 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-10-04 12:48 . 2008-10-05 01:22 <DIR> d-------- C:\Arquivos de programas\GetTube

2008-10-04 12:48 . 2008-02-15 19:33 299,008 --a------ C:\WINDOWS\system32\USFormControl.ocx

2008-10-03 22:44 . 2008-10-03 22:44 236 --a------ C:\sqmdata02.sqm

2008-10-03 22:44 . 2008-10-03 22:44 200 --a------ C:\sqmnoopt02.sqm

2008-10-03 20:15 . 2008-10-03 20:15 236 --a------ C:\sqmdata01.sqm

2008-10-03 20:15 . 2008-10-03 20:15 200 --a------ C:\sqmnoopt01.sqm

2008-10-03 16:55 . 2008-10-18 01:05 <DIR> d-------- C:\Documents and Settings\Ricardo\Tracing

2008-10-03 15:35 . 2008-09-04 23:03 56,344 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys

2008-10-03 15:31 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-10-03 15:30 . 2008-10-03 15:30 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-10-03 15:29 . 2008-10-03 15:29 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-10-03 13:40 . 2008-10-03 13:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-03 00:38 . 2008-10-03 00:38 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Publish Providers

2008-10-03 00:38 . 2008-10-03 00:38 <DIR> d-------- C:\Arquivos de programas\VSTplugins

2008-10-03 00:35 . 2008-10-03 00:35 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Sony

2008-10-03 00:33 . 2008-10-03 00:33 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-10-03 00:33 . 2008-10-03 00:33 <DIR> d-------- C:\Arquivos de programas\Sony

2008-09-29 17:36 . 2008-09-29 17:36 24 --a------ C:\url_history.xml

2008-09-27 09:31 . 2008-09-27 09:31 <DIR> d-------- C:\Arquivos de programas\GameTop.com

2008-09-26 15:42 . 2001-09-06 01:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-09-26 15:41 . 2008-04-13 20:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-09-26 15:41 . 2008-04-13 12:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-09-26 15:41 . 2008-04-13 12:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-09-26 13:45 . 2008-09-29 17:36 <DIR> d-------- C:\Arquivos de programas\SecondLife

2008-09-26 02:31 . 2008-09-26 13:30 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\SecondLife

2008-09-26 02:30 . 2008-09-26 02:30 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2008-09-25 23:07 . 2008-09-25 23:07 <DIR> d-------- C:\PROGRAM FILES

2008-09-25 23:07 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-09-25 21:40 . 2008-09-25 21:40 <DIR> d-------- C:\Documents and Settings\Ricardo\Dados de aplicativos\Myfreecomm

2008-09-25 21:39 . 2008-09-25 21:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Software FX Shared

2008-09-25 21:38 . 2008-09-25 21:38 <DIR> d-------- C:\Arquivos de programas\Myfreecomm

2008-09-25 12:38 . 2008-09-25 12:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-09-25 12:33 . 2008-09-25 12:33 <DIR> d-------- C:\Arquivos de programas\epson

2008-09-24 17:25 . 2008-09-25 12:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared(2)

2008-09-21 14:26 . 2008-09-21 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-09-20 13:33 . 2008-09-20 13:33 <DIR> d-------- C:\WINDOWS\system32\Tradução San Andreas - Grupo GTSA

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 03:05 --------- d-----w C:\Documents and Settings\Ricardo\Dados de aplicativos\BrOffice.org2

2008-10-18 01:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-15 01:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-10-12 10:07 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-10-08 12:11 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-10-05 03:22 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-10-03 17:35 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-19 23:01 --------- d-----w C:\Arquivos de programas\Java

2008-09-19 17:12 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-17 13:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-09-16 18:56 --------- d-----w C:\Arquivos de programas\Take2

2008-09-16 00:24 --------- d-----w C:\Arquivos de programas\DAP

2008-09-16 00:23 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-12 11:57 --------- d-----w C:\Arquivos de programas\ubi.com

2008-09-12 11:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\PocketSoft

2008-09-12 11:50 --------- d-----w C:\Arquivos de programas\Red Storm Entertainment

2008-09-12 00:50 --------- d-----w C:\Arquivos de programas\Conference

2008-09-11 18:55 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-09-09 03:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-05 22:02 --------- d-----w C:\Arquivos de programas\PowerScrap

2008-09-05 22:02 --------- d-----w C:\Arquivos de programas\Conduit

2008-09-05 19:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-09-05 03:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-05 03:31 --------- d-----w C:\Arquivos de programas\Avira

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-24 02:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2008-08-21 16:09 --------- d-----w C:\Documents and Settings\Ricardo\Dados de aplicativos\Malwarebytes

2008-08-21 16:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-08-21 16:09 --------- d-----w C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-08-19 01:20 --------- d-----w C:\Documents and Settings\Ricardo\Dados de aplicativos\Paltalk

2008-08-19 01:20 --------- d-----w C:\Arquivos de programas\Paltalk Messenger

2008-08-18 05:00 --------- d--h--w C:\Arquivos de programas\Scpad

2008-08-18 04:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-14 13:24 2,193,408 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,070,272 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-06 20:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

2008-08-21 16:15 94736 --a------ C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]

[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]

"Google Update"="C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-08-11 21741864]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-08 171448]

"LightScribe Control Panel"="C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7561216]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-04-05 565248]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"BisonHK"="C:\WINDOWS\BisonCam\BisonHK.exe" [2007-10-03 77824]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2008-09-19 144792]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"nwiz"="nwiz.exe" [2006-04-27 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]

C:\Documents and Settings\Ricardo\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

BrOffice.org 2.0.lnk - C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe [2006-07-04 393216]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll" [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 15:47 384840 C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-09-01 18:12 374856 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Arquivos de programas\\EA GAMES\\MOHAA\\MOHAA.exe"=

"C:\\Arquivos de programas\\Conference\\Conference.dll"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

R2 JavaQuickStarterService;Java Quick Starter;C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-09-19 147456]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-23 180608]

S3 fsssvc;Windows Live Proteção para a Família;C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2cac2b6-85a0-11dd-9154-0015af656ed4}]

\Shell\AutoRun\command - F:\f.exe

\Shell\explore\Command - F:\f.exe

\Shell\open\Command - F:\f.exe

*Newly Created Service* - GBPSV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Ricardo\Configura []

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{52180126-1775-4904-A033-AE0849CCCA77}: NameServer = 200.248.67.130,200.248.67.136

O16 -: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - hxxp://www.sgnet-rs.com.br/activex/xplug.ocx

C:\WINDOWS\Downloaded Program Files\xplug.ocx

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

C:\WINDOWS\Downloaded Program Files\gbpdist.inf

C:\WINDOWS\Downloaded Program Files\gbpdist.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-18 01:03:50

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="C:\ARQUIV~1\GbPlugin\GbpSv.exe"

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\ARQUIV~1\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.bin

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-18 1:09:03 - Máquina reiniciou [Ricardo]

ComboFix-quarantined-files.txt 2008-10-18 03:08:59

Pré-execução: 11 pasta(s) 18,674,028,544 bytes disponíveis

Pós execução: 11 pasta(s) 18,699,452,416 bytes disponíveis

351 --- E O F --- 2008-10-16 16:59:41

E o Log do HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:15:41, on 18/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe