Lipchits

Novato
  • Content count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Lipchits

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. O problema foi solucionado com êxito, muito obrigado JoseMelo, espero nunca mais precisar do seu auxílio (espero no bom sentido claro)! Muito obrigado e continue com seu ótimo trabalho=D
  2. Boa noite! Seguem logs: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Versão da Base de Dados: 7653 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 4/9/2011 22:35:40 mbam-log-2011-09-04 (22-35-40).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 292266 Tempo decorrido: 1 hora(s), 3 minuto(s), 13 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 4 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\arquivos de programas\Java\jre6\bin\Lm1vf3rj.phx (Backdoor.Agent.VB) -> Quarantined and deleted successfully. c:\documents and settings\Cliente\meus documentos\Coisas\Arquivos\validador_xp_sp2\keychanger\winxp_keychanger.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08252011_000536\c_arquivos de programas\arquivos comuns\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\WINDOWS\system32\config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. ---------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:41:56, on 4/9/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\iG\Discador.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Cliente\Meus documentos\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Discador iG.lnk = C:\Arquivos de programas\iG\Discador.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D52CD53A-3AE4-49B6-B306-F8ED5CA55AE0}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9585 bytes
  3. Boa noite JoseMelo! Seguem logs: ComboFix 11-08-31.04 - Cliente 31/08/2011 22:55:12.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1791.1242 [GMT -3:00] Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Cliente\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 110831-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Criado um novo ponto de restauração . FILE :: "c:\windows\system32\whv3.exe" . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\whv3.exe . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))) . . 2011-08-25 03:05 . 2011-08-25 03:05 -------- d-----w- C:\_OTL 2011-08-22 02:34 . 2011-08-22 02:35 -------- d-----w- C:\LinhaDefensiva 2011-08-21 00:17 . 2011-08-21 00:17 -------- d-----r- c:\documents and settings\LocalService\Favoritos 2011-08-21 00:17 . 2011-08-21 00:17 -------- d-----w- c:\arquivos de programas\Google 2011-08-20 16:46 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll 2011-08-20 16:45 . 2011-08-20 16:45 -------- d-----w- c:\windows\system32\pt-BR 2011-08-20 16:41 . 2011-08-20 16:45 -------- d-----w- c:\windows\system32\XPSViewer 2011-08-20 16:34 . 2011-08-20 16:34 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2011-08-20 16:13 . 2011-08-20 16:13 -------- d-----w- c:\arquivos de programas\WinPcap 2011-08-20 16:13 . 2010-01-26 14:11 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe 2011-08-20 16:13 . 2011-08-20 16:13 -------- d-----w- c:\arquivos de programas\VDownloader . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-20 00:46 . 2011-05-07 16:43 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-22_01.45.38 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-01 01:46 . 2011-09-01 01:46 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat + 2011-09-01 01:46 . 2011-09-01 01:46 16384 c:\windows\Temp\Perflib_Perfdata_23c.dat + 2001-10-28 18:07 . 2011-09-01 01:51 79022 c:\windows\system32\perfc016.dat - 2001-10-28 18:07 . 2011-08-21 21:13 79022 c:\windows\system32\perfc016.dat + 2001-10-28 18:07 . 2011-09-01 01:51 67312 c:\windows\system32\perfc009.dat - 2001-10-28 18:07 . 2011-08-21 21:13 67312 c:\windows\system32\perfc009.dat - 2001-10-28 18:07 . 2011-08-21 21:13 468108 c:\windows\system32\perfh016.dat + 2001-10-28 18:07 . 2011-09-01 01:51 468108 c:\windows\system32\perfh016.dat - 2001-10-28 18:07 . 2011-08-21 21:13 432356 c:\windows\system32\perfh009.dat + 2001-10-28 18:07 . 2011-09-01 01:51 432356 c:\windows\system32\perfh009.dat + 2009-05-28 21:12 . 2011-08-22 01:57 5065964 c:\windows\system32\Restore\rstrlog.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1E864EAC-892F-4A60-8C17-63123FD5731C}"= "c:\arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll" [2011-06-30 734048] . [HKEY_CLASSES_ROOT\clsid\{1e864eac-892f-4a60-8c17-63123fd5731c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E864EAC-892F-4A60-8C17-63123FD5731C}] 2011-06-30 18:27 734048 ----a-w- c:\arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1E864EAC-892F-4A60-8C17-63123FD5731C}"= "c:\arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll" [2011-06-30 734048] . [HKEY_CLASSES_ROOT\clsid\{1e864eac-892f-4a60-8c17-63123fd5731c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088] "nwiz"="nwiz.exe" [2008-08-01 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016] "RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-25 81000] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Discador iG.lnk - c:\arquivos de programas\iG\Discador.exe [2008-12-15 482304] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Jogos\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Jogos\\Valve\\hl.exe"= "c:\\Jogos\\Valve\\hlds.exe"= "c:\\Jogos\\Valve\\hltv.exe"= "c:\\Arquivos de programas\\Call of Duty\\CoDUOMP.exe"= "c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56365:TCP"= 56365:TCP:Pando Media Booster "56365:UDP"= 56365:UDP:Pando Media Booster . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/5/2010 13:07 691696] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/5/2009 16:10 114768] R2 Application Updater;Application Updater;c:\arquivos de programas\Application Updater\ApplicationUpdater.exe [30/6/2011 15:27 393112] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/5/2009 16:10 20560] R2 MotoHelper;MotoHelper Service;c:\arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe [7/9/2010 13:47 202048] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/1/2010 23:09 50704] R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [20/7/2011 00:40 6016] S3 gAGP440p;gAGP440p;\??\c:\docume~1\Cliente\CONFIG~1\Temp\gAGP440p.sys --> c:\docume~1\Cliente\CONFIG~1\Temp\gAGP440p.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [20/7/2011 00:40 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [20/7/2011 00:40 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [20/7/2011 00:40 23424] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [20/7/2011 00:40 23936] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [20/7/2011 00:41 9472] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] . Conteúdo da pasta 'Tarefas Agendadas' . 2011-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] . 2011-09-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20] . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 TCP: Interfaces\{D52CD53A-3AE4-49B6-B306-F8ED5CA55AE0}: NameServer = 200.204.0.10 200.204.0.138 FF - ProfilePath - c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\49ea4vay.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=244506&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-31 23:01 Windows 5.1.2600 Service Pack 2 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'lsass.exe'(840) c:\windows\system32\nvLsp.dll . Tempo para conclusão: 2011-08-31 23:03:08 ComboFix-quarantined-files.txt 2011-09-01 02:03 ComboFix2.txt 2011-08-28 22:41 ComboFix3.txt 2011-08-22 01:49 . Pré-execução: 13 pasta(s) 221.402.492.928 bytes disponíveis Pós execução: 14 pasta(s) 221.389.877.248 bytes disponíveis . - - End Of File - - 3C1A24BAE13F3197B87CD9DFBC7E52FA ------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:10:01, on 31/8/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\iG\Discador.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Cliente\Meus documentos\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Discador iG.lnk = C:\Arquivos de programas\iG\Discador.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D52CD53A-3AE4-49B6-B306-F8ED5CA55AE0}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9407 bytes
  4. JoseMelo segue o log em anexo. ComboFix.txt
  5. Oi TrisTa, mas você sabe se essa beta vai ser aberta a todos os usuarios ou vai ser teste fechado?
  6. Boa noite JoseMelo Hoje e talvez amanha não poderei fazer isso, estou enviando essa msg do celular, mas assim que possivel vou fazer o que me pede. Mais uma vez agradeço por essa grande ajuda!
  7. Boa noite JoseMelo! Seguem logs: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully! ========== FILES ========== C:\Arquivos de programas\Arquivos comuns\Spigot\wtxpcom\components folder moved successfully. C:\Arquivos de programas\Arquivos comuns\Spigot\wtxpcom folder moved successfully. C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\Res folder moved successfully. C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings folder moved successfully. C:\Arquivos de programas\Arquivos comuns\Spigot folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Cliente ->Temp folder emptied: 9496499 bytes ->Temporary Internet Files folder emptied: 16250363 bytes ->Java cache emptied: 44092286 bytes ->FireFox cache emptied: 250172241 bytes ->Flash cache emptied: 26114173 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 5120 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2198049 bytes %systemroot%\System32 .tmp files removed: 2969 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 104054 bytes RecycleBin emptied: 3465720 bytes Total Files Cleaned = 336,00 mb [EMPTYFLASH] User: All Users User: Cliente ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.26.5 log created on 08252011_000536 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_66c.dat not found! Registry entries deleted on Reboot... ------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:14:58, on 25/8/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\iG\Discador.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Cliente\Meus documentos\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [File] C:\WINDOWS\lod35.tmp O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Discador iG.lnk = C:\Arquivos de programas\iG\Discador.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D52CD53A-3AE4-49B6-B306-F8ED5CA55AE0}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9499 bytes
  8. Boa tarde JoseMelo, Segue o log do OTL: OTL logfile created on: 23/8/2011 17:57:11 - Run 2 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Cliente\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1,75 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 67,49% Memory free 3,60 Gb Paging File | 3,14 Gb Available in Paging File | 87,37% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 298,08 Gb Total Space | 206,39 Gb Free Space | 69,24% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: FRANCISCO-PC | User Name: Cliente | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/08/21 19:51:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe PRC - [2011/06/30 15:27:54 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe PRC - [2011/06/30 15:27:54 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe PRC - [2010/10/29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe PRC - [2010/09/07 13:47:18 | 000,202,048 | ---- | M] () -- C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010/09/07 13:47:08 | 000,664,896 | ---- | M] () -- C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2010/04/01 06:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe PRC - [2009/11/24 21:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 21:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 21:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 21:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 21:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/10/10 14:06:04 | 000,482,304 | ---- | M] () -- C:\Arquivos de programas\iG\discador.exe PRC - [2009/08/21 21:07:24 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2009/02/03 10:22:18 | 001,004,544 | ---- | M] (Ares Development Group) -- C:\Arquivos de programas\Ares\Ares.exe PRC - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe PRC - [2007/01/29 18:22:28 | 000,638,976 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe PRC - [2004/08/04 00:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2010/09/07 13:47:18 | 000,202,048 | ---- | M] () -- C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe MOD - [2010/09/07 13:47:08 | 000,664,896 | ---- | M] () -- C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2009/10/10 14:06:04 | 000,482,304 | ---- | M] () -- C:\Arquivos de programas\iG\discador.exe MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB MOD - [2009/02/27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2008/12/19 13:26:06 | 002,625,536 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll MOD - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe MOD - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe MOD - [2008/09/08 10:57:14 | 000,102,400 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll MOD - [2004/08/04 00:45:24 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/06/30 15:27:54 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/03/01 14:35:00 | 003,955,056 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010/09/07 13:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2009/11/24 21:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 21:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 21:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 21:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/05/20 17:22:22 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport) DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2010/05/12 13:07:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009/11/24 21:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 21:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 21:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 21:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 21:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 21:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008/10/02 08:01:46 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/08/01 08:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/08/01 08:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007/01/29 18:26:24 | 000,984,832 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006/01/25 05:24:30 | 001,149,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/09/07 00:29:16 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\LeveUp! Games\RagnarokOnline\npkcrypt.sys -- (npkcrypt) DRV - [2004/08/14 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/08/03 23:07:46 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2004/08/03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2001/10/28 15:07:14 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001/10/28 15:07:14 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll (Universo Online S/A) IE - HKCU\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll (Universo Online S/A) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.euro-tech.net.pl/nowa/temp/tool...o.globo.com.txt ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com.br" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=244506&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/08/19 21:46:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/05/15 19:42:23 | 000,000,000 | ---D | M] [2009/10/20 16:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Extensions [2009/10/20 16:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\49ea4vay.default\extensions [2010/05/12 13:07:10 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\49ea4vay.default\searchplugins\daemon-search.xml [2011/07/13 23:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions [2011/03/09 22:30:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2009/05/20 16:14:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/08/19 21:46:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml [2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml [2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml [2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2011/08/21 22:45:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [iSUSPM Startup] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [searchSettings] C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [File] C:\WINDOWS\lod35.tmp (Microsoft Corporation ©) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador iG.lnk = C:\Arquivos de programas\iG\discador.exe () O4 - Startup: C:\Documents and Settings\Cliente\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_24) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/20 10:56:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/08/21 23:34:29 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva [2011/08/21 22:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\WINDOWS [2011/08/21 22:56:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/08/21 22:13:24 | 000,000,000 | ---D | C] -- C:\cmdcons [2011/08/21 22:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/08/21 22:03:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/08/21 19:51:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe [2011/08/20 21:17:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Google [2011/08/20 13:46:18 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2011/08/20 13:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2011/08/20 13:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2011/08/20 13:41:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSBuild [2011/08/20 13:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2011/08/20 13:41:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Reference Assemblies [2011/08/20 13:40:23 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2011/08/20 13:40:23 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2011/08/20 13:40:23 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2011/08/20 13:40:23 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2011/08/20 13:40:22 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2011/08/20 13:40:22 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2011/08/20 13:40:21 | 000,000,000 | ---D | C] -- C:\42aab0c9dbc8dc07360982 [2011/08/20 13:37:26 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/08/20 13:34:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 6.0 [2011/08/20 13:13:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinPcap [2011/08/20 13:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\VDownloader [2011/08/20 13:13:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\VDownloader [2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/23 17:52:41 | 000,468,108 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2011/08/23 17:52:41 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/08/23 17:52:41 | 000,079,022 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2011/08/23 17:52:41 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/08/23 17:51:27 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/08/23 17:48:16 | 000,189,604 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/08/23 17:48:13 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/08/23 17:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/08/21 22:45:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/08/21 20:16:52 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\mod_cfg_1.gif [2011/08/21 20:15:29 | 000,291,633 | ---- | M] () -- C:\WINDOWS\System32\mod_stl1.gif [2011/08/21 20:15:24 | 000,318,464 | ---- | M] () -- C:\WINDOWS\System32\whv3.exe [2011/08/21 19:51:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe [2011/08/20 21:18:21 | 000,000,009 | ---- | M] () -- C:\WINDOWS\infosapi.dll [2011/08/20 21:17:53 | 000,274,907 | ---- | M] () -- C:\WINDOWS\System32\mod_down5.gif [2011/08/20 21:17:49 | 003,088,541 | ---- | M] () -- C:\WINDOWS\System32\winbkl_8008.gif [2011/08/20 21:15:38 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Cliente\htemp [2011/08/20 21:15:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cliente\ftmp [2011/08/20 13:49:16 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/08/20 13:35:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/08/20 13:13:25 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2011/08/14 21:52:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/08/07 11:06:58 | 003,875,553 | ---- | M] () -- C:\Documents and Settings\Cliente\Desktop\Mss86.dll [2011/08/07 11:06:58 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Cliente\Desktop\woe.dat [2011/08/07 11:06:17 | 004,157,440 | ---- | M] () -- C:\Documents and Settings\Cliente\Desktop\woe.exe [2011/07/28 18:33:30 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011/07/27 01:54:58 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011/07/27 01:52:52 | 000,100,939 | ---- | M] () -- C:\Documents and Settings\Cliente\Meus documentos\Logo TGG.JPEG [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/21 22:13:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/08/21 22:13:27 | 000,261,856 | RHS- | C] () -- C:\cmldr [2011/08/21 20:15:29 | 000,291,633 | ---- | C] () -- C:\WINDOWS\System32\mod_stl1.gif [2011/08/21 20:15:24 | 000,318,464 | ---- | C] () -- C:\WINDOWS\System32\whv3.exe [2011/08/20 21:17:59 | 000,000,009 | ---- | C] () -- C:\WINDOWS\infosapi.dll [2011/08/20 21:17:53 | 000,274,907 | ---- | C] () -- C:\WINDOWS\System32\mod_down5.gif [2011/08/20 21:17:48 | 003,088,541 | ---- | C] () -- C:\WINDOWS\System32\winbkl_8008.gif [2011/08/20 21:17:06 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\mod_cfg_1.gif [2011/08/20 21:15:38 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Cliente\htemp [2011/08/20 21:15:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cliente\ftmp [2011/08/20 13:42:47 | 000,159,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [2011/08/20 13:13:25 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2011/08/20 13:13:22 | 000,444,283 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe [2011/08/07 11:06:17 | 004,157,440 | ---- | C] () -- C:\Documents and Settings\Cliente\Desktop\woe.exe [2011/08/07 11:05:21 | 003,875,553 | ---- | C] () -- C:\Documents and Settings\Cliente\Desktop\Mss86.dll [2011/08/07 11:05:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Cliente\Desktop\woe.dat [2011/07/27 01:48:31 | 000,100,939 | ---- | C] () -- C:\Documents and Settings\Cliente\Meus documentos\Logo TGG.JPEG [2011/07/13 23:09:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2011/06/23 19:14:12 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Cliente\Dados de aplicativos\DofusAppId0_3 [2011/06/23 19:04:38 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Cliente\Dados de aplicativos\DofusAppId0_1 [2011/06/23 19:04:32 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Cliente\Dados de aplicativos\D2Info0 [2011/06/23 19:04:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Cliente\Dados de aplicativos\DofusAppId0_2 [2011/06/23 19:04:22 | 000,050,252 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/18 22:00:27 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2010/05/15 00:41:53 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010/05/15 00:41:53 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010/05/15 00:41:53 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010/02/25 14:36:04 | 000,000,363 | ---- | C] () -- C:\WINDOWS\CODUO.ini [2010/02/25 14:24:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2010/02/18 21:26:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009/12/24 14:37:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009/10/20 16:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/05 19:20:40 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009/08/19 19:39:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/08/11 18:12:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini [2009/08/11 18:09:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009/07/01 17:15:29 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/06/12 18:54:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0BB165537F.sys [2009/06/12 18:53:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009/05/29 17:39:38 | 000,028,861 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009/05/28 20:22:17 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/20 15:53:46 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2009/05/20 15:52:59 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009/05/20 15:52:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009/05/20 15:52:10 | 000,024,315 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/05/20 15:52:10 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/05/20 10:58:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/05/20 10:53:32 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/05/20 07:49:16 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/05/20 07:48:08 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/12/19 12:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 14:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 14:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 14:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 14:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 13:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/08/01 11:48:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/08/01 11:48:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/08/01 11:48:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/08/01 11:48:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/08/01 11:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/08/01 11:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/08/01 11:48:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/08/01 11:48:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/08/01 11:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/08/04 00:57:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/04 00:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/10/28 15:07:18 | 000,468,108 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat [2001/10/28 15:07:18 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat [2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/10/28 15:07:18 | 000,079,022 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat [2001/10/28 15:07:18 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat [2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1997/06/13 23:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2010/05/12 13:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite [2009/05/30 15:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm [2009/08/09 16:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS [2011/06/05 21:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files [2009/07/18 22:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft [2009/09/12 20:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\UOL [2011/05/15 22:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\AnvSoft [2011/06/23 19:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\app [2010/05/12 13:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\DAEMON Tools Lite [2009/08/11 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Disney Interactive Studios [2011/06/24 13:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Dofus 2 [2011/06/23 19:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/06/23 19:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/06/24 12:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/13 23:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\FreeAudioPack [2011/07/13 23:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\GetRightToGo [2011/07/14 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Koyote Soft [2011/06/19 01:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\NetMedia Providers [2009/09/26 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Opera [2009/06/12 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Pixmantec [2011/06/19 01:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Publish Providers [2011/06/23 19:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/13 23:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Search Settings [2011/06/19 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Sony [2011/05/14 14:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Sony Setup [2009/07/18 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Ubisoft [2011/08/23 17:51:27 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/05/20 10:56:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/05/20 10:51:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2009/05/20 10:51:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001/10/28 15:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/08/03 23:00:16 | 000,261,856 | RHS- | M] () -- C:\cmldr [2011/08/21 22:49:36 | 000,013,383 | ---- | M] () -- C:\ComboFix.txt [2009/05/20 10:56:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/09/18 22:00:30 | 000,001,091 | ---- | M] () -- C:\INSTALL.LOG [2009/05/20 10:56:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/05/20 10:56:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004/08/03 22:59:34 | 000,251,168 | RHS- | M] () -- C:\ntldr [2011/08/23 17:48:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/01/14 15:16:02 | 000,008,412 | ---- | M] () -- C:\Pokemon_rubi.clt [2011/01/15 12:25:56 | 000,008,412 | ---- | M] () -- C:\pokemon_sapphire.clt [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < %userprofile%\*.* > [2011/07/09 23:17:43 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Cliente\default.pls [2011/08/20 21:15:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cliente\ftmp [2011/08/20 21:15:38 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Cliente\htemp [2009/09/01 23:17:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cliente\jagex_runescape_preferences.dat [2011/08/21 23:54:15 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Cliente\ntuser.dat [2011/08/23 17:57:11 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Cliente\ntuser.dat.LOG [2011/08/21 23:53:50 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Cliente\ntuser.ini < %systemroot%\system32\drivers\*.* /90 > [2011/07/20 00:41:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2011/07/20 00:41:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2011/07/20 00:41:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01007.Wdf [2011/07/20 00:42:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motfilt_01007.Wdf [2011/07/20 00:42:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf [2011/07/20 00:42:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_Motousbnet_01007.Wdf [2011/07/20 00:41:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01007.Wdf [2011/07/20 00:41:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_motusbdevice_01007.Wdf < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 3C 00 00 00 03 02 00 00 00 00 00 00 00 00 00 00 05 00 00 00 6C 6F 63 61 6C 00 00 00 00 05 00 00 00 00 00 00 00 40 70 56 BA 93 5F CC 01 02 00 00 00 C0 A8 01 03 BB 38 7D EF 00 00 00 00 00 00 00 00 [binary data] "SavedLegacySettings" = [binary data over 100 bytes] "Dialer iG" = 3C 00 00 00 60 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] "Discador iG" = [binary data over 100 bytes] "Speedy" = [binary data over 100 bytes] "VIVO INTERNET" = [binary data over 100 bytes] "Oi" = [binary data over 100 bytes] "Uol" = [binary data over 100 bytes] "PPPoe" = [binary data over 100 bytes] "Discada 1" = [binary data over 100 bytes] "Conexão 1" = [binary data over 100 bytes] "Conexao 2" = [binary data over 100 bytes] "Conexão 2" = [binary data over 100 bytes] "Terra" = [binary data over 100 bytes] "Discada Terra" = [binary data over 100 bytes] "iG" = [binary data over 100 bytes] "SuperiG" = [binary data over 100 bytes] "itelefonica" = [binary data over 100 bytes] "NET" = [binary data over 100 bytes] "Ajato" = [binary data over 100 bytes] "RJNET" = [binary data over 100 bytes] "Dial Up" = [binary data over 100 bytes] "DialUp" = [binary data over 100 bytes] "Conexão Speedy" = [binary data over 100 bytes] "Conexao Speedy" = [binary data over 100 bytes] "Discador Terra" = [binary data over 100 bytes] "Discador Uol" = [binary data over 100 bytes] "Discador Velox" = [binary data over 100 bytes] "Vivo Brasil" = [binary data over 100 bytes] "Claro" = [binary data over 100 bytes] "Discador Claro" = [binary data over 100 bytes] "Conexão Discada" = [binary data over 100 bytes] "Conexão Discada 2" = [binary data over 100 bytes] < %PROGRAMFILES%\Internet Explorer\*.* > [2004/08/04 00:45:24 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\HMMAPI.DLL [2004/08/04 00:45:36 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iedw.exe [2004/08/04 00:45:36 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE < End of report >
  9. Bom dia JoseMelo! No momento estou no trabalho (o pc com problema é o da minha casa) Assim que eu chegar, possivelmente durante a noite, vou fazer isso. Muito obrigado pela sua ajuda!
  10. Aí galera eu não sou muito de jogar no pc ultimamente, jogo mais Ragnarok só, mas estou louco pra jogar esse e com certeza vou comprá-lo mas quero saber quando sai, alguém tem ideia?!? Eu sei que tá previsto pra esse ano! E outra coisa, alguém aí sabe quais são os requisitos mínimos? porque meu pc roda o Diablo II numa boa, mas esse parece que vai exigir muito mais e o meu pc não é fodástico:\
  11. alguém pode me ajudar com este problema? Eu peguei esse banker no Blog do Véio(era um ótimo blog), já usei BankerFix, tentei manualmente lá no AutoConfigURL, já usei até o ComboFix e nada! Segue o log do Hijack This: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:44:06, on 21/8/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperAgent.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\iG\Discador.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Cliente\Meus documentos\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.euro-tech.net.pl/nowa/temp/tool...o.globo.com.txt R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Koyote Soft Toolbar - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Arquivos de programas\Koyote Soft Toolbar\IE\4.5\koyotesoftToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [searchSettings] "C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [File] C:\WINDOWS\lod35.tmp O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Discador iG.lnk = C:\Arquivos de programas\iG\Discador.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D52CD53A-3AE4-49B6-B306-F8ED5CA55AE0}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A0C1735-3C2A-4E92-83FF-1C735B8AE86E}: NameServer = 200.204.0.10,200.204.0.138 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Arquivos de programas\Motorola\MotoHelper\MotoHelperService.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9904 bytes Quem puder me ajudar agradeço!