matheus.camp

Membro
  • Content count

    293
  • Joined

  • Last visited

Community Reputation

0 Neutral

About matheus.camp

  • Rank
    Membro Avançado
  • Birthday 01/05/1995

Contact Methods

  • ICQ
    0

Profile Information

  • Sexo
    Masculino
  • Local
    São Paulo
  • Interesses
    Hardware, Software, Segurança, Eletrônica e Computação em Geral
  1. Agradeço a atenção, segue o log pedido. C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan D:\Backup Pendrive\Setups\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application D:\Backup Pendrive\Setups\MsgPlusLive-485.exe a variant of Win32/Adware.CiDHelp application
  2. Creio que o problema não ocorre mais, até onde consegui deixar o computador ligado e observar, não ocorreu mais. Grato pela atenção, seguem anexo os logs. OTL.Txt Extras.Txt
  3. Olá JoseMelo, obrigado pela atenção até o momento. Só para constar, consegui pegar o link que abria no navegador, não sei se pode ser útil para algo. http://wrapper.z5x.net/prepop.html?ad_type=pop&ad_size=0x0&section=5137008&banned_pop_types=23&prepopped_width=800&prepopped_height=600&pop_times=20&pop_frequency=0&pub_url= Seguem anexos os logs como pedido. AdwCleanerS0.txt mbam.txt hijackthis.log JRT.txt
  4. Boa Tarde. Andei percebendo na última semana que quando eu saio do PC por algum motivo e deixo ele ocioso (não em espera, apenas sem fazer nada), percebo que quando volto o navegador Chrome aparece aberto com algumas paginas com propaganda, que eu desconheço e não as abri. Segue anexo os logs. Grato desde já, FSS.txt hijackthis.log MbrScan.log
  5. Tem razão, me desculpe pelo equívoco.
  6. Caro amigo(a) SERPA, Boa Tarde. Qual o modelo de sua fonte exatamente? Isso ocorreu após a troca da fonte ou antes ocorria também, e qual o modelo de sua fonte anterior? Segundo o site da Intel seu processador opera na faixa de 0.85V até 1.36V. Intel® Pentium® Processor E5400 Baixe CPU-Z e instale-o. Após instalado, tire uma print screen da tela principal e poste aqui. Verifique também em Core Voltage se o mesmo indica de 0.85V até 1.36V como fornece o site da Intel. Abraço.
  7. Caro amigo tiagoshow, Boa Tarde. Vamos com calma, estes problemas relacionados a driver de áudio, é bem chatinho na maioria das vezes, peço apenas que tenha paciência e siga o que lhe for proposto. Esclarecendo algumas coisas. Primeiramente, o driver Realtek High Definition Audio, ele sim é responsável pelos sons do teu PC e por reprodruzir/gravar sons em teu sistema, já o AMD/ATI High Definition Audio Device ele é o responsável pelo áudio do cabo HDMI, que pode ser ligado a uma TV por exemplo, permitindo passar áudio e vídeo pelo mesmo cabo, sem este driver instalado você teria apenas o vídeo. Calma, ainda é muito cedo pra dizer isso, precisamos testar bastante coisa antes de culpar as entradas do PC. Vamos lá, você possui entradas frontais e traseiras correto? Já testou todas elas? Na Placa Mãe, você verificou se está com o painel da frontal corretamente conectado? (se não entendeu o que eu disse, diga que não entendeu que tento explicar de uma forma mais simples e objetiva pois não sei até qual ponto você entende). O ícone de volume aparece na barra de tarefas, ao lado do relógio, ou não? Vou pedir que tire uma Print Screen/Screenshot de seu Gerenciador de Dispositivos. Clique com o botão direito em Meu Computador e vá em Propriedades, Selecione a Aba Hardware e clique em Gerenciador de Dispositivos. (Pode-se utilizar o atalho Windows + Pause Break para chegar até ele também) para que eu possa ver se existe algo em mal funcionamento aí, constatado problema, faremos uma limpeza de drivers de áudio em teu PC e tentaremos instalar um "limpo". Abraço.
  8. Normal, notei que sumiu aquela Babylon Toolbar do IE, que aliás nem sabia como havia sido instalada, no mais tudo ok.
  9. Feito o Scan, pelo visto encontrou apenas alguns arquivos de Crack de Jogos que tenho aqui, mas pelo menos o P-Patchs tenho certeza que não era virus pois é feito através de uma grande equipe da Internet e pode ser instalado em jogo original também. Fiz pelo programa da ESET que instalei no PC, pois no IE não estava rodando, entao baixei pelo Chrome e executei o programa no Desktop. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a751b453ca49a44cb0034b434ea75b2f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-15 02:50:29 # local_time=2012-07-14 11:50:29 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777191 100 0 8440309 8440309 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=244909 # found=10 # cleaned=10 # scan_time=10635 C:\!KillBox\Unlocker1.9 Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2012\P-Patchs HQ 3.0\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Arquivos de programas\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\34\210a0fe2-2b0ec6ce multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Matheus\Desktop\Softwares\UltraSurf\u1104.exe Win32/UltraReach application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Matheus\Meus documentos\Downloads\Programs\unlocker1.8.8.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Matheus\Meus documentos\PES 2012\Crack_1.03PES2012.rar a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Matheus\Meus documentos\Splinter Cell Conviction\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW.Crack.Only.rar a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C
  10. Desculpe a demora, tive alguns problemas pessoais, não consegui anexar o Extras.txt pois era maior do que o permitido (50KB) pelo fórum, segue link do pastebin do mesmo Extras.txt. http://pastebin.com/cY1VXKyC OTL logfile created on: 14/7/2012 11:14:54 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Matheus\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,31% Memory free 3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,98% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 315,75 Gb Total Space | 66,27 Gb Free Space | 20,99% Space Free | Partition Type: NTFS Drive D: | 150,01 Gb Total Space | 6,80 Gb Free Space | 4,53% Space Free | Partition Type: NTFS Computer Name: MATHEUS-3A59450 | User Name: Matheus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/14 11:13:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matheus\Desktop\OTL.exe PRC - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe PRC - [2012/06/07 21:10:13 | 000,161,736 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe PRC - [2012/06/07 05:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe PRC - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/07/17 11:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) -- C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012/07/12 19:36:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/06/20 17:31:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/06/07 21:10:13 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/04/25 14:32:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/28 14:39:57 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/17 11:10:18 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV - [2009/07/17 11:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV - [2007/05/16 09:27:28 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR) SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Auto | Stopped] -- -- (NmSer) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz130) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ALSysIO) DRV - [2012/03/28 13:21:15 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/03/05 14:19:41 | 000,138,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2012/02/07 22:13:32 | 000,104,456 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI) DRV - [2012/01/17 09:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011/12/20 04:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2011/12/13 18:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2011/12/08 14:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011/11/16 10:35:54 | 000,041,728 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter) DRV - [2011/09/22 17:20:26 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/09/22 17:05:10 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2011/03/18 13:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010/01/19 17:16:28 | 000,081,920 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar) DRV - [2010/01/19 17:16:28 | 000,070,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial) DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/08/22 15:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009/06/15 14:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2008/04/13 10:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2007/10/12 09:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide) DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006/09/26 22:21:10 | 000,021,920 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2004/08/14 21:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [1996/04/03 16:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={sea...Box&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Matheus\Dados de aplicativos\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/06/22 21:10:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2012/03/28 13:21:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Matheus\Dados de aplicativos\IDM\idmmzcc5 [2012/03/26 18:03:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Matheus\Dados de aplicativos\IDM\idmmzcc5 [2012/03/26 18:03:45 | 000,000,000 | ---D | M] [2011/09/21 20:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matheus\Dados de aplicativos\Mozilla\Extensions [2012/07/11 18:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\nzfl58c7.default\extensions [2012/04/14 12:02:14 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\nzfl58c7.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012/03/27 20:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions [2012/03/27 20:49:20 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Arquivos de programas\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2012/03/24 09:05:54 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Arquivos de programas\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012/03/27 20:49:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012/03/24 09:05:52 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012/07/11 18:20:13 | 000,271,056 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MATHEUS\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\NZFL58C7.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI [2012/03/02 14:10:48 | 000,126,158 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MATHEUS\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\NZFL58C7.DEFAULT\EXTENSIONS\DESPROTETORDELINKS@CLAUDIO-SILVA.COM.XPI [2012/06/22 21:10:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll [2012/06/22 21:10:46 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml [2012/06/22 21:10:46 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml [2012/06/22 21:10:46 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml [2012/06/22 21:10:46 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml [2012/06/22 21:10:46 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml ========== Chrome ========== CHR - homepage: http://www.google.com.br/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com.br/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Matheus\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Matheus\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Matheus\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Matheus\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Matheus\Dados de aplicativos\Mozilla\plugins\npoctoshape.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Matheus\Dados de aplicativos\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.22 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Facebook for Chrome = C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\3.1.6_0\ CHR - Extension: Gmail = C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/12 16:05:03 | 000,001,249 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O4 - HKLM..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All using 4shared Desktop - Reg Error: Value error. File not found O8 - Extra context menu item: &Download using 4shared Desktop - Reg Error: Value error. File not found O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Baixar com Mipony - C:\Arquivos de programas\MiPony\Browser\IEContext.htm () O8 - Extra context menu item: Baixar com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dllink.htm () O8 - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlall.htm () O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm () O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCE0E8E9-ACD1-4C38-9C78-1FA25DFF8D2D}: NameServer = 208.48.246.4,208.48.246.5 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (㶨) - File not found O20 - AppInit_DLLs: (C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Minha página inicial atual) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/09/21 18:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/14 11:13:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matheus\Desktop\OTL.exe [2012/07/13 15:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Meus documentos\Plants vs. Zombies [2012/07/09 13:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Desktop\Layout [2012/07/07 22:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Meus documentos\18 WoS Haulin [2012/07/07 22:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Menu Iniciar\Programas\18 Wheels of Steel Haulin [2012/07/07 22:45:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\18 Wheels of Steel Haulin [2012/07/06 23:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Desktop\HijackThis [2012/07/06 21:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ktruco6 [2012/07/06 21:08:25 | 000,000,000 | ---D | C] -- C:\Ktruco [2012/06/30 14:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\LogMeIn Hamachi [2012/06/30 13:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\LogMeIn Hamachi [2012/06/30 13:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\LogMeIn Hamachi [2012/06/30 13:59:43 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\LogMeIn Hamachi [2012/06/30 13:57:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matheus\Recent [2012/06/27 11:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Desktop\Festa Junina [2012/06/26 20:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Meus documentos\SHIFT 2 UNLEASHED [2012/06/26 20:01:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard [2012/06/24 14:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCap Games [2012/06/24 14:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Desktop\Plants vs. Zombies [2012/06/19 14:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Meus documentos\Game of thrones - 1ª temporada [2012/06/19 14:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matheus\Meus documentos\Game of Thrones - 2 temporada [2012/06/14 20:32:54 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/14 11:13:39 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat [2012/07/14 11:13:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matheus\Desktop\OTL.exe [2012/07/14 10:49:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/14 10:48:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/13 22:35:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/07/13 15:44:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/07/13 15:18:18 | 057,260,182 | ---- | M] () -- C:\Documents and Settings\Matheus\Meus documentos\Plants vs. Zombies.rar [2012/07/12 18:59:52 | 021,452,633 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\Bitter Creek Western Live Steam Narrow Gauge Meet 2007.mp4 [2012/07/12 13:04:54 | 019,871,579 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\MinecraftJG - Especial 3000 Inscritos !!!.mp4 [2012/07/11 10:35:03 | 000,038,667 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\181492_3113218401439_1258748651_n.jpg [2012/07/11 10:07:51 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/11 10:06:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/07/10 22:40:11 | 047,920,181 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\Minecraft Tutorial - Detector de Luz (DiaNoite).flv [2012/07/10 11:47:02 | 000,294,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/07/10 11:47:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/07/10 10:53:26 | 000,294,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/07/10 10:53:25 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012/06/30 22:27:39 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/29 13:09:47 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\PlantsVsZombies.lnk [2012/06/26 21:08:53 | 000,000,025 | ---- | M] () -- C:\Documents and Settings\Matheus\Desktop\popcinfot.dat [2012/06/16 10:02:10 | 000,001,960 | ---- | M] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/06/15 18:19:14 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-583907252-1801674531-1003UA.job [2012/06/15 18:19:13 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-583907252-1801674531-1003Core.job [2012/06/15 18:19:13 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/15 18:19:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/14 21:21:42 | 000,553,568 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2012/06/14 21:21:42 | 000,513,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/14 21:21:42 | 000,103,872 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2012/06/14 21:21:42 | 000,092,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/13 15:17:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2012/07/13 15:14:57 | 057,260,182 | ---- | C] () -- C:\Documents and Settings\Matheus\Meus documentos\Plants vs. Zombies.rar [2012/07/12 18:57:21 | 021,452,633 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\Bitter Creek Western Live Steam Narrow Gauge Meet 2007.mp4 [2012/07/12 13:00:37 | 019,871,579 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\MinecraftJG - Especial 3000 Inscritos !!!.mp4 [2012/07/11 10:35:04 | 000,038,667 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\181492_3113218401439_1258748651_n.jpg [2012/07/11 09:56:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/07/10 22:19:09 | 047,920,181 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\Minecraft Tutorial - Detector de Luz (DiaNoite).flv [2012/06/29 13:09:47 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\PlantsVsZombies.lnk [2012/06/25 12:29:53 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Matheus\Desktop\popcinfot.dat [2012/06/23 22:04:31 | 000,160,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [2012/05/26 21:49:46 | 000,294,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/05/26 21:49:46 | 000,294,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/05/26 21:49:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/05/13 09:32:14 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/05/13 09:32:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/05/13 09:32:07 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/05/07 19:06:28 | 000,000,435 | ---- | C] () -- C:\WINDOWS\cat_vw.ini [2012/04/23 12:08:05 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/04/05 11:45:31 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012/04/04 14:42:39 | 000,001,960 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/03/28 18:24:49 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Matheus\Dados de aplicativos\Adobe PNG Format CS5 Prefs [2012/03/28 13:24:09 | 000,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat [2012/03/28 13:22:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012/03/28 13:22:21 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012/03/24 09:07:16 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\WebpageIcons.db [2012/03/22 20:00:10 | 045,713,408 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\dt0f.img [2012/03/22 20:00:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\defdat [2012/03/22 17:06:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Matheus\PUTTY.RND [2012/03/17 09:50:00 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012/03/13 11:20:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/03/08 20:00:38 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI [2012/01/28 16:39:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2012/01/01 10:32:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012/01/01 10:32:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Matheus\Dados de aplicativos\PnkBstrK.sys [2012/01/01 10:31:58 | 000,183,112 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2012/01/01 10:31:39 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2012/01/01 10:31:39 | 000,063,040 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011/10/30 18:00:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Matheus\Dados de aplicativos\$_hpcst$.hpc [2011/10/25 16:47:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/10/18 19:37:21 | 000,000,434 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/09/29 20:48:38 | 000,050,994 | ---- | C] () -- C:\Documents and Settings\Matheus\Dados de aplicativos\room_v3.dat [2011/09/22 17:26:07 | 000,086,158 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2011/09/22 13:15:21 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/21 19:48:04 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2011/09/21 19:04:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011/09/21 19:04:39 | 000,036,120 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011/09/21 19:04:39 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011/09/21 18:40:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/09/21 18:35:38 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/09/21 12:48:43 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/09/21 12:47:43 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/09/19 10:03:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\rtvcvfw32.dll [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat ========== LOP Check ========== [2011/09/22 17:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite [2011/10/14 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DFX [2012/05/18 20:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts [2012/03/16 12:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit [2012/06/12 14:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI [2012/04/09 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! [2012/06/24 14:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCap Games [2012/03/28 13:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe [2012/01/28 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Screaming Bee [2012/03/27 18:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony [2012/01/09 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith [2012/06/07 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2012/03/09 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft [2012/07/10 12:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\.minecraft [2012/06/10 21:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\4shared Desktop [2012/04/02 14:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Audacity [2012/03/09 13:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\BitTorrent [2011/09/22 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\DAEMON Tools [2012/07/07 22:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\DAEMON Tools Lite [2012/04/04 09:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\DMCache [2012/06/09 19:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Free Download Manager [2012/04/05 15:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\IDM [2012/01/29 16:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\IObit [2012/03/04 21:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Leadertech [2011/12/31 20:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Mikrotik [2012/06/24 12:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Mipony [2012/03/18 21:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\mkvtoolnix [2012/01/27 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\NASA [2011/01/13 22:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\NFS Underground 2 [2012/05/04 17:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\nView_Wallpaper [2011/10/18 20:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Octoshape [2012/03/24 08:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Oracle [2012/01/26 13:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Publish Providers [2012/01/28 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Screaming Bee [2012/04/13 16:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Sony [2011/11/26 13:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\TeamViewer [2012/01/25 21:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Thinstall [2012/06/30 14:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\TS3Client [2012/03/04 17:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\Ubisoft [2012/07/13 21:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matheus\Dados de aplicativos\uTorrent ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3500418AS Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 316,00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 150,00GB Starting Offset: 339037816320 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2012/06/11 13:13:01 | 000,008,412 | ---- | M] () -- C:\2302 - Yu Gi Oh GX Duel Acadamy (U) www[1].romsparagba.com.clt [2012/07/09 19:51:37 | 000,005,921 | ---- | M] () -- C:\AdwCleaner[s1].txt [2011/09/21 18:38:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/06/07 20:41:15 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2001/10/28 15:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2011/09/21 18:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/01/28 16:41:27 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt [2011/09/21 18:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/09/21 18:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/13 09:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/13 11:31:44 | 000,251,696 | RHS- | M] () -- C:\ntldr [2012/07/14 10:48:55 | 2146,471,936 | -HS- | M] () -- C:\pagefile.sys [2012/04/01 11:17:17 | 000,000,237 | ---- | M] () -- C:\user.js < %systemdrive%\drivers\*.exe > < %systemroot%\system32\drivers\*.* /90 > [2012/05/02 10:46:35 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys < %PROGRAMFILES%\*.* > < %userprofile%\configurações locais\dados de aplicativos\*.exe > < %userprofile%\configurações locais\dados de aplicativos\*.txt > < %userprofile%\configurações locais\dados de aplicativos\*.ini > [2012/06/30 22:27:39 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Matheus\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < %userprofile%\configurações locais\dados de aplicativos\*.dat /30 > [2012/07/05 16:36:58 | 000,070,040 | ---- | M] () -- C:\Documents and Settings\Matheus\configurações locais\dados de aplicativos\GDIPFONTCACHEV1.DAT < %userprofile%\configurações locais\dados de aplicativos\*.dll > < %userprofile%\*.exe > < %userprofile%\.txt > < %userprofile%\.ini > < %userprofile%\.dat /30 > < %userprofile%\.dll > < %windir%\tasks\*.* > [2012/07/13 22:35:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2001/10/28 15:07:04 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini [2012/06/15 18:19:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/15 18:19:13 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/15 18:19:13 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-583907252-1801674531-1003Core.job [2012/06/15 18:19:14 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-583907252-1801674531-1003UA.job [2012/07/14 10:48:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 DC 00 00 00 01 00 00 00 00 00 00 00 05 00 00 00 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 30 EB B4 E2 AB 78 CC 01 01 00 00 00 0A 02 15 15 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] "SavedLegacySettings" = 46 00 00 00 B7 1C 00 00 01 00 00 00 00 00 00 00 05 00 00 00 6C 6F 63 61 6C 00 00 00 00 00 00 00 00 00 00 00 00 30 EB B4 E2 AB 78 CC 01 01 00 00 00 0A 02 15 15 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:05EE1EEF < End of report >
  11. # AdwCleaner v1.701 - Logfile created 07/09/2012 at 19:51:25 # Updated 02/07/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Matheus - MATHEUS-3A59450 # Running from : C:\Documents and Settings\Matheus\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Matheus\Dados de aplicativos\Babylon Folder Deleted : C:\Documents and Settings\Matheus\Dados de aplicativos\BabylonToolbar Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon Folder Deleted : C:\Arquivos de programas\BabylonToolbar ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [5792 octets] - [09/07/2012 19:51:25] ########## EOF - C:\AdwCleaner[s1].txt - [5920 octets] ##########
  12. Sim, apareceu exatamente essa mensagem, que meu computador não está infectado com o DNS Changer.
  13. Logfile of HijackThis v1.99.1 Scan saved at 11:05:53, on 8/7/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Matheus\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Matheus\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\steam.exe" -silent O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE0E8E9-ACD1-4C38-9C78-1FA25DFF8D2D}: NameServer = 208.48.246.4,208.48.246.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: ?,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe" -s (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
  14. Vi uma parada na TV hoje, na Record, falando de um vírus DNS Changer que vai parar com as internets de quem estiver infectado segunda-feira, e estou postando o log apenas para ter certeza de que não há nada aqui mesmo. O sistema tem um bom tempo instalado já, ainda não tive problemas com ele. Logfile of HijackThis v1.99.1 Scan saved at 23:11:27, on 6/7/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe C:\ARQUIV~1\MI3AA1~1\rapimgr.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Matheus\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Matheus\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Matheus\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\steam.exe" -silent O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE0E8E9-ACD1-4C38-9C78-1FA25DFF8D2D}: NameServer = 208.48.246.4,208.48.246.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: ?,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe" -s (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
  15. Ok. Removi o arquivo com o Killbox, pesquisei por este mesmo arquivo e ele não foi encontrado no sistema. Mas como havia dito antes, o ComboFix deletou minha executavel da Steam, devo instalar novamente ou há algum modo de restaurá-la sem instalar ela novamente? Grato.