[Resolvido!] Problemas com som wave e IEXPLORE.EXE

[wings 22]

Leia atentamente o procedimento amigo.....

[luan4884 0]

aqui está o relatório:

 

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Processador Intel Pentium III Xeon )

BIOS : BIOS Date: 10/22/08 19:07:50 Ver: 08.00.10

USER : user1 ( Administrator )

BOOT : Normal boot

Antivirus : avast! Antivirus 5.0.83886625 (Not Activated)

C:\ (Local Disk) - NTFS - Total:97 Go (Free:25 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:200 Go (Free:176 Go)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( --- 16/07/2010|17:01 )

 

--------------------\\ Lista de pastas em DADOSD~1

 

[11/01/2010|13:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[01/03/2010|17:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Alwil Software

[15/07/2010|23:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg9

[10/02/2010|13:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Codemasters

[12/02/2010|06:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[15/07/2010|04:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[03/07/2010|11:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\KONAMI

[29/01/2010|14:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[30/01/2010|17:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[08/02/2010|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[01/07/2010|06:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nexon

[01/07/2010|06:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NexonUS

[24/02/2010|18:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Norton

[24/02/2010|18:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller

[08/02/2010|20:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA Corporation

[30/06/2010|23:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PMB Files

[26/12/2009|19:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[02/12/2009|02:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

[11/12/2009|04:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[16/07/2010|15:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TrackMania

[14/02/2010|18:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ubisoft

[08/02/2010|20:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

 

[08/02/2010|20:04] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[12/02/2010|23:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[11/07/2010|22:30] C:\DOCUME~1\LOCALS~1\DADOSD~1\Macromedia

[15/07/2010|23:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[15/07/2010|23:36] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[03/03/2010|13:32] C:\DOCUME~1\user1\DADOSD~1\.clamwin

[13/02/2010|00:17] C:\DOCUME~1\user1\DADOSD~1\Adobe

[13/12/2009|16:33] C:\DOCUME~1\user1\DADOSD~1\Ahead

[12/02/2010|06:22] C:\DOCUME~1\user1\DADOSD~1\CyberLink

[12/02/2010|23:36] C:\DOCUME~1\user1\DADOSD~1\Disney Interactive Studios

[09/12/2009|20:32] C:\DOCUME~1\user1\DADOSD~1\fltk.org

[10/02/2010|05:16] C:\DOCUME~1\user1\DADOSD~1\fretsonfire

[12/03/2010|21:58] C:\DOCUME~1\user1\DADOSD~1\ICAClient

[08/02/2010|20:08] C:\DOCUME~1\user1\DADOSD~1\Identities

[11/07/2010|13:10] C:\DOCUME~1\user1\DADOSD~1\Leadertech

[10/02/2010|06:16] C:\DOCUME~1\user1\DADOSD~1\Macromedia

[15/12/2009|02:43] C:\DOCUME~1\user1\DADOSD~1\Media Player Classic

[15/07/2010|23:36] C:\DOCUME~1\user1\DADOSD~1\Microsoft

[17/02/2010|03:22] C:\DOCUME~1\user1\DADOSD~1\Mozilla

[01/07/2010|04:19] C:\DOCUME~1\user1\DADOSD~1\MozillaControl

[15/02/2010|23:41] C:\DOCUME~1\user1\DADOSD~1\New Technology Studio

[11/12/2009|04:28] C:\DOCUME~1\user1\DADOSD~1\Nexon

[15/02/2010|23:35] C:\DOCUME~1\user1\DADOSD~1\Real

[04/12/2009|04:53] C:\DOCUME~1\user1\DADOSD~1\SecondLife

[16/07/2010|16:52] C:\DOCUME~1\user1\DADOSD~1\Skype

[16/07/2010|16:41] C:\DOCUME~1\user1\DADOSD~1\skypePM

[08/02/2010|20:12] C:\DOCUME~1\user1\DADOSD~1\Sun

[15/07/2010|07:49] C:\DOCUME~1\user1\DADOSD~1\ViGlance

[13/02/2010|18:47] C:\DOCUME~1\user1\DADOSD~1\VitySoft

[15/02/2010|20:53] C:\DOCUME~1\user1\DADOSD~1\WinRAR

[03/03/2010|13:32] C:\DOCUME~1\user1\DADOSD~1\Yahoo!

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[16/07/2010 16:41][--ah-----] C:\WINDOWS\tasks\SA.DAT

[29/10/2001 00:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[15/07/2010 17:56][--ah-----] C:\WINDOWS\tasks\Norton Security Scan for user1.job

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[15/02/2010|23:11] C:\Arquivos de programas\7-Zip

[15/07/2010|06:39] C:\Arquivos de programas\Activision

[16/12/2009|08:30] C:\Arquivos de programas\addons

[08/02/2010|20:31] C:\Arquivos de programas\Adobe

[11/12/2009|04:05] C:\Arquivos de programas\AhnLab

[01/03/2010|17:07] C:\Arquivos de programas\Alwil Software

[21/06/2010|16:25] C:\Arquivos de programas\Arquivos comuns

[08/02/2010|20:17] C:\Arquivos de programas\AVG

[07/06/2010|19:54] C:\Arquivos de programas\BYOND

[12/03/2010|21:57] C:\Arquivos de programas\Citrix

[03/03/2010|13:30] C:\Arquivos de programas\ClamWin

[10/02/2010|18:26] C:\Arquivos de programas\Common Files

[08/02/2010|20:01] C:\Arquivos de programas\ComPlus Applications

[08/02/2010|20:16] C:\Arquivos de programas\CyberLink

[11/02/2010|04:51] C:\Arquivos de programas\D-Tools

[10/02/2010|23:51] C:\Arquivos de programas\Frets on Fire

[06/12/2009|08:14] C:\Arquivos de programas\GameHi_USA

[15/07/2010|21:53] C:\Arquivos de programas\Garena

[15/07/2010|04:23] C:\Arquivos de programas\Google

[15/07/2010|03:50] C:\Arquivos de programas\Grand Chase Season 2

[20/06/2010|16:14] C:\Arquivos de programas\Gravity

[10/02/2010|16:50] C:\Arquivos de programas\INCAInternet

[15/07/2010|03:35] C:\Arquivos de programas\InstallShield Installation Information

[08/02/2010|20:39] C:\Arquivos de programas\Intel

[03/12/2009|02:15] C:\Arquivos de programas\Internet Explorer

[08/02/2010|20:13] C:\Arquivos de programas\Java

[08/02/2010|20:12] C:\Arquivos de programas\K-Lite Codec Pack

[01/07/2010|04:32] C:\Arquivos de programas\KONAMI

[15/07/2010|08:05] C:\Arquivos de programas\Left 4 Dead 2

[02/07/2010|21:51] C:\Arquivos de programas\LibUSB-Win32-0.1.10.1

[08/02/2010|20:01] C:\Arquivos de programas\Messenger

[26/02/2010|01:05] C:\Arquivos de programas\Messenger Plus! Live

[08/02/2010|20:33] C:\Arquivos de programas\Microsoft

[08/02/2010|20:04] C:\Arquivos de programas\microsoft frontpage

[10/02/2010|00:33] C:\Arquivos de programas\Microsoft Games for Windows - LIVE

[08/02/2010|20:18] C:\Arquivos de programas\Microsoft Office

[10/02/2010|06:32] C:\Arquivos de programas\Microsoft WSE

[08/02/2010|20:02] C:\Arquivos de programas\Movie Maker

[12/07/2010|04:08] C:\Arquivos de programas\Mozilla Firefox

[10/02/2010|00:55] C:\Arquivos de programas\MSBuild

[08/02/2010|20:01] C:\Arquivos de programas\MSN Gaming Zone

[08/02/2010|20:39] C:\Arquivos de programas\MSXML 4.0

[08/02/2010|20:47] C:\Arquivos de programas\Nero

[08/02/2010|20:02] C:\Arquivos de programas\NetMeeting

[24/02/2010|18:02] C:\Arquivos de programas\Norton Security Scan

[02/12/2009|02:51] C:\Arquivos de programas\NortonInstaller

[07/02/2010|19:11] C:\Arquivos de programas\NVIDIA Corporation

[24/01/2010|21:12] C:\Arquivos de programas\OpenAL

[27/12/2009|15:58] C:\Arquivos de programas\Orban

[08/02/2010|20:02] C:\Arquivos de programas\Outlook Express

[12/12/2009|05:39] C:\Arquivos de programas\Pando Networks

[01/07/2010|04:12] C:\Arquivos de programas\proXPN

[01/07/2010|04:19] C:\Arquivos de programas\QuickStart

[08/02/2010|20:41] C:\Arquivos de programas\Realtek

[10/02/2010|00:53] C:\Arquivos de programas\Reference Assemblies

[08/02/2010|20:03] C:\Arquivos de programas\Servi‡os on-line

[20/06/2010|10:19] C:\Arquivos de programas\Skype

[08/12/2009|06:07] C:\Arquivos de programas\SystemRequirementsLab

[21/06/2010|12:16] C:\Arquivos de programas\Tales of Pirates Online

[13/07/2010|12:18] C:\Arquivos de programas\TmNationsForever

[08/02/2010|20:08] C:\Arquivos de programas\Uninstall Information

[15/07/2010|03:40] C:\Arquivos de programas\Valve

[15/07/2010|07:46] C:\Arquivos de programas\ViGlance

[31/01/2010|10:21] C:\Arquivos de programas\Vimicro

[27/12/2009|12:45] C:\Arquivos de programas\VisualTaskTips

[08/02/2010|20:33] C:\Arquivos de programas\Windows Live

[08/02/2010|20:33] C:\Arquivos de programas\Windows Live SkyDrive

[10/02/2010|00:34] C:\Arquivos de programas\Windows Media Player

[08/02/2010|20:01] C:\Arquivos de programas\Windows NT

[08/02/2010|20:03] C:\Arquivos de programas\WindowsUpdate

[15/02/2010|22:34] C:\Arquivos de programas\WinRAR

[08/02/2010|20:04] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[08/02/2010|20:31] C:\Arquivos de programas\Arquivos comuns\Adobe

[08/02/2010|20:48] C:\Arquivos de programas\Arquivos comuns\Ahead

[02/07/2010|00:18] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[21/06/2010|16:25] C:\Arquivos de programas\Arquivos comuns\DirectX

[10/02/2010|16:50] C:\Arquivos de programas\Arquivos comuns\INCAInternet

[31/01/2010|10:21] C:\Arquivos de programas\Arquivos comuns\InstallShield

[08/02/2010|20:33] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[08/02/2010|20:02] C:\Arquivos de programas\Arquivos comuns\MSSoap

[08/02/2010|17:57] C:\Arquivos de programas\Arquivos comuns\ODBC

[08/02/2010|20:02] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[26/12/2009|19:24] C:\Arquivos de programas\Arquivos comuns\Skype

[08/02/2010|17:57] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[15/07/2010|16:21] C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[08/02/2010|20:02] C:\Arquivos de programas\Arquivos comuns\System

[12/02/2010|22:43] C:\Arquivos de programas\Arquivos comuns\Thraex Software

[08/02/2010|20:31] C:\Arquivos de programas\Arquivos comuns\Windows Live

 

--------------------\\ Process

 

( 45 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-16 17:02:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\user1\Configura‡äes locais\Temporary Internet Files\Content.IE5\01AO2TY8\76418-need-speed-most-wanted-completo-crack-serial[1].htm

C:\DOCUME~1\user1\Desktop\Crack.By Leoseven.rar

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\GoblinCrack.OZJ

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_a.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_b.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_grand.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack01.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack02.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack03.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Object40\han_mcrack.OZJ

C:\DOCUME~1\user1\Recent\Crack.By Leoseven.lnk

 

 

[F:893][D:74]-> C:\DOCUME~1\user1\CONFIG~1\Temp

[F:74][D:0]-> C:\DOCUME~1\user1\Cookies

[F:8325][D:18]-> C:\DOCUME~1\user1\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - --- 16/07/2010|17:03 - Option : [1]

[wings 22]

O PC está limpo.

 

Desinstale o programa e delete o arquivo C:\LopR.txt.

 

 

Um abraço.

[luan4884 0]

Está resolvido ? o som wave acabou de abaixar novamente .

[wings 22]

Já pensou na possibilidade destes cracks serem os responsáveis?

 

C:\DOCUME~1\user1\Desktop\Crack.By Leoseven.rar

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\GoblinCrack.OZJ

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_a.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_b.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\knight_plancrack_grand.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack01.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack02.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Effect\NpcGagoil_Crack03.bmd

C:\DOCUME~1\user1\Desktop\Luan\Mu\Mu Lost Sem Som\Data\Object40\han_mcrack.OZJ

C:\DOCUME~1\user1\Recent\Crack.By Leoseven.lnk

[luan4884 0]

vou excluir todos eles

 

mas o problema continua ...

 

vou fazer o processo do combofix e postar o log aqui ok ?

[wings 22]

Vamos a última alternativa. Caso não tenhamos sucesso, formate.

 

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[luan4884 0]

achou 3 malwares , acho que agora tivemos sucesso :

 

Log:

 

ComboFix 10-07-15.01 - user1 16/07/2010 21:24:16.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.3325.2986 [GMT 8:00]

Executando de: c:\documents and settings\user1\Meus documentos\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Gravity\Ragnarok Online\skin\default\basic_interface\_desktop.ini

c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\_desktop.ini

c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini

c:\windows\daemon.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-16 to 2010-07-16 ))))))))))))))))))))))))))))

.

 

2010-07-16 12:24 . 2010-07-16 12:24 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Ubisoft

2010-07-16 11:45 . 2010-07-16 12:01 -------- d-----w- c:\arquivos de programas\Ubisoft

2010-07-16 11:41 . 2010-07-16 11:41 -------- d-----w- c:\arquivos de programas\CCleaner

2010-07-16 11:08 . 2010-07-16 11:56 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Apple Computer

2010-07-16 11:07 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-07-16 11:07 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-07-16 11:06 . 2010-07-16 11:06 -------- d-----w- c:\arquivos de programas\iPod

2010-07-16 11:06 . 2010-07-16 11:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-16 11:06 . 2010-07-16 11:07 -------- d-----w- c:\arquivos de programas\iTunes

2010-07-16 11:05 . 2010-07-16 11:06 -------- d-----w- c:\arquivos de programas\QuickTime

2010-07-16 11:05 . 2010-07-16 11:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-07-16 11:05 . 2010-07-16 11:05 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-07-16 11:04 . 2010-07-16 11:04 -------- d-----w- c:\arquivos de programas\Bonjour

2010-07-16 11:03 . 2010-07-16 11:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-07-16 11:03 . 2010-07-16 11:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-07-16 10:43 . 2010-07-16 12:37 -------- d-----w- c:\arquivos de programas\Steam

2010-07-16 10:07 . 2010-07-16 10:07 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Malwarebytes

2010-07-16 10:07 . 2008-07-30 12:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-16 10:07 . 2008-07-30 12:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-16 10:07 . 2010-07-16 10:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-16 10:07 . 2010-07-16 10:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-16 10:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-07-14 23:46 . 2010-07-14 23:49 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\ViGlance

2010-07-14 23:46 . 2010-07-14 23:46 -------- d-----w- c:\arquivos de programas\ViGlance

2010-07-14 22:39 . 2010-07-14 22:39 -------- d-----w- c:\arquivos de programas\Activision

2010-07-13 14:13 . 2010-07-16 07:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TrackMania

2010-07-13 04:17 . 2010-07-13 04:18 -------- d-----w- c:\arquivos de programas\TmNationsForever

2010-07-11 13:51 . 2010-07-11 13:51 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2010-07-11 05:10 . 2010-07-11 05:10 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Leadertech

2010-07-10 20:03 . 2010-06-14 06:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-07-04 18:42 . 2010-05-12 01:42 1467200 ----a-w- c:\windows\system32\msvcr100d.dll

2010-07-04 18:41 . 2009-08-24 02:15 761152 ----a-w- c:\windows\system32\msvcr100.dll

2010-07-03 23:56 . 2010-07-03 23:56 -------- d-----w- C:\Nexon

2010-07-03 03:24 . 2010-07-03 03:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI

2010-07-02 13:51 . 2010-07-02 13:51 -------- d-----w- c:\arquivos de programas\LibUSB-Win32-0.1.10.1

2010-07-02 13:51 . 2005-03-09 12:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe

2010-07-02 13:51 . 2005-03-09 12:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe

2010-07-02 13:51 . 2005-03-09 12:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys

2010-07-02 13:51 . 2005-03-09 12:50 46592 ----a-w- c:\windows\system32\libusb0.dll

2010-06-30 22:36 . 2010-06-30 22:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon

2010-06-30 20:32 . 2010-06-30 20:32 -------- d-----w- c:\arquivos de programas\KONAMI

2010-06-30 20:19 . 2010-06-30 20:19 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\MozillaControl

2010-06-30 20:19 . 2010-03-01 15:09 2359296 ----a-w- c:\windows\system32\LibMySQL.dll

2010-06-30 20:19 . 2009-11-18 11:05 289280 ----a-w- c:\windows\system32\dbxmys.dll

2010-06-30 20:19 . 2008-08-29 08:00 407552 ----a-w- c:\windows\system32\midas.dll

2010-06-30 20:19 . 2007-09-05 14:19 200774 ----a-w- c:\windows\system32\ssleay32.dll

2010-06-30 20:19 . 2007-09-05 14:18 1069126 ----a-w- c:\windows\system32\libeay32.dll

2010-06-30 20:19 . 2002-08-09 03:00 123392 ----a-w- c:\windows\system32\dbexpint.dll

2010-06-30 20:19 . 2010-05-05 13:00 20480 ----a-w- c:\windows\system32\QSAlpha.dll

2010-06-30 20:19 . 2010-06-30 20:19 -------- d-----w- c:\arquivos de programas\QuickStart

2010-06-30 20:12 . 2010-06-30 20:12 -------- d-----w- c:\arquivos de programas\proXPN

2010-06-30 19:54 . 2010-07-03 23:56 98304 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

2010-06-30 19:54 . 2010-07-03 23:56 401408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll

2010-06-30 19:54 . 2010-07-03 23:56 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll

2010-06-30 19:54 . 2010-07-03 23:56 126976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll

2010-06-30 19:54 . 2010-07-03 23:56 765952 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll

2010-06-30 19:54 . 2010-07-03 23:56 172032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe

2010-06-30 19:54 . 2010-06-30 22:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2010-06-28 15:37 . 2010-07-15 12:44 -------- d--h--w- c:\windows\PIF

2010-06-21 08:25 . 2010-06-21 08:25 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2010-06-21 04:40 . 2010-07-13 20:20 -------- d-----w- C:\wamp

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-16 13:02 . 2009-12-26 11:26 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Skype

2010-07-16 12:24 . 2010-02-14 10:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2010-07-16 12:14 . 2009-12-14 18:43 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\Media Player Classic

2010-07-16 12:01 . 2010-02-08 12:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-07-16 08:41 . 2009-12-27 05:37 -------- d-----w- c:\documents and settings\user1\Dados de aplicativos\skypePM

2010-07-15 15:35 . 2010-02-08 12:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-07-15 13:53 . 2009-11-29 19:05 -------- d-----w- c:\arquivos de programas\Garena

2010-07-15 12:44 . 2010-07-15 12:44 2855 ----a-w- c:\windows\PIF\setup.PIF

2010-07-15 08:21 . 2009-12-09 10:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-07-15 01:23 . 2010-07-15 01:23 4 ----a-w- c:\documents and settings\user1\Dados de aplicativos\steam_md2.dat

2010-07-15 00:05 . 2010-02-17 02:15 -------- d-----w- c:\arquivos de programas\Left 4 Dead 2

2010-07-14 20:23 . 2010-03-01 09:07 -------- d-----w- c:\arquivos de programas\Google

2010-07-14 19:50 . 2010-02-10 01:46 -------- d-----w- c:\arquivos de programas\Grand Chase Season 2

2010-07-14 19:40 . 2010-02-09 21:48 -------- d-----w- c:\arquivos de programas\Valve

2010-07-13 04:16 . 2004-08-04 01:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-06-30 15:13 . 2009-12-11 21:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files

2010-06-28 20:57 . 2010-03-01 09:07 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-03-01 09:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-03-01 09:07 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-03-01 09:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-03-01 09:07 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-03-01 09:07 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-03-01 09:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-03-01 09:07 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-21 04:16 . 2009-12-10 20:09 -------- d-----w- c:\arquivos de programas\Tales of Pirates Online

2010-06-20 08:14 . 2010-02-09 12:37 -------- d-----w- c:\arquivos de programas\Gravity

2010-06-20 02:19 . 2009-12-26 11:24 -------- d-----r- c:\arquivos de programas\Skype

2010-06-15 12:01 . 2010-06-15 12:01 72504 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-13 10:28 . 2010-06-13 10:28 73728 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll

2010-06-13 10:28 . 2010-06-13 10:28 212992 ----a-w- c:\windows\system32\IscDbc.dll

2010-06-13 10:28 . 2010-06-13 10:28 188416 ----a-w- c:\windows\system32\OdbcJdbc.dll

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\9.3\ARM\14994\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\9.3\ARM\14994\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\9.3\ARM\14994\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\9.3\ARM\14994\AcrobatUpdater.exe

2010-06-07 11:54 . 2010-06-07 11:54 -------- d-----w- c:\arquivos de programas\BYOND

2010-05-18 08:35 . 2010-05-18 08:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 08:35 . 2010-05-18 08:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-05-18 08:35 . 2010-05-18 08:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 08:35 . 2010-05-18 08:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-23 00:57 . 2010-04-23 00:57 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-04-21 04:06 . 2010-02-25 17:06 52224 ----a-w- c:\documents and settings\user1\Dados de aplicativos\Mozilla\Firefox\Profiles\5i34i4zm.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

2010-04-21 04:06 . 2010-02-25 17:06 101376 ----a-w- c:\documents and settings\user1\Dados de aplicativos\Mozilla\Firefox\Profiles\5i34i4zm.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

2008-08-16 09:42 . 2008-08-16 09:42 13112 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 09:42 . 2008-08-16 09:42 70456 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\CgpCore.dll

2008-08-16 09:42 . 2008-08-16 09:42 91448 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\confmgr.dll

2008-08-16 09:42 . 2008-08-16 09:42 20800 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 09:43 . 2008-08-16 09:43 206136 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ctxmui.dll

2008-08-16 09:42 . 2008-08-16 09:42 31032 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\icafile.dll

2008-08-16 09:42 . 2008-08-16 09:42 40248 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\icalogon.dll

2008-05-21 00:41 . 2008-05-21 00:41 479232 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\msvcm80.dll

2008-05-21 00:41 . 2008-05-21 00:41 548864 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\msvcp80.dll

2008-05-21 00:41 . 2008-05-21 00:41 626688 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\msvcr80.dll

2008-06-05 05:58 . 2008-06-05 05:58 648504 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 09:42 . 2008-08-16 09:42 23864 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\TcpPServ.dll

.

 

------- Sigcheck -------

 

[-] 2009-05-28 . BF426063723221B70ACCBDA3593C4EBC . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2010-07-16 1238352]

"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2009-12-11 2937528]

"Skype"="c:\arquivos de programas\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

"proXPN"="c:\arquivos de programas\proXPN\bin\proxpn.exe" [2010-06-29 596008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-02-08 149280]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"ClamWin"="c:\arquivos de programas\ClamWin\bin\ClamTray.exe" [2010-04-13 86016]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-06-15 141624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\PES2010\\Crack\\pes2010.exe"=

"c:\\Arquivos de programas\\Grand Chase Season 2\\main.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\Left 4 Dead 2\\left4dead2.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\BYOND\\bin\\byond.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\PES2010\\pes2010.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\TmNationsForever\\TmForever.exe"=

"c:\\Arquivos de programas\\Activision\\Modern Warfare 2\\iw4mp.exe"=

"c:\\Arquivos de programas\\Activision\\Modern Warfare 2\\iw4mp.dat"=

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58732:TCP"= 58732:TCP:Pando Media Booster

"58732:UDP"= 58732:UDP:Pando Media Booster

"5121:TCP"= 5121:TCP:map-server_sql.exe

"6900:TCP"= 6900:TCP:login-server_sql.exe

"6121:TCP"= 6121:TCP:char-server_sql.exe

 

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/2/2010 04:51 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/2/2010 04:51 5248]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/3/2010 17:07 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/3/2010 17:07 17744]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2/7/2010 21:51 33792]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user1\CONFIG~1\Temp\ZPB26.tmp --> c:\docume~1\user1\CONFIG~1\Temp\ZPB26.tmp [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [11/12/2009 04:28 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [11/12/2009 04:28 79104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [10/2/2010 16:50 127584]

S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [10/2/2010 16:50 55776]

S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [10/2/2010 16:50 81888]

S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [10/2/2010 16:50 68192]

S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [10/2/2010 16:50 30432]

S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

 

2010-07-15 c:\windows\Tasks\Norton Security Scan for user1.job

- c:\arquivos de programas\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-02-24 21:58]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\user1\Dados de aplicativos\Mozilla\Firefox\Profiles\5i34i4zm.default\

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\documents and settings\user1\Dados de aplicativos\Mozilla\Firefox\Profiles\5i34i4zm.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\user1\Dados de aplicativos\Mozilla\Firefox\Profiles\5i34i4zm.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\arquivos de programas\BYOND\bin\npbyond.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

BHO-{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

Toolbar-{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

WebBrowser-{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - c:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

HKCU-Run-RGSC - c:\arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

HKLM-Run-nwiz - nwiz.exe

AddRemove-ESET Online Scanner - c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

AddRemove-Messenger_Plus_Live_Brazil Toolbar - c:\arquiv~1\MESSEN~3\UNWISE.EXE

AddRemove-NVIDIA Display Control Panel - c:\arquivos de programas\NVIDIA Corporation\Uninstall\nvuninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-16 21:30

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: error reading MBR

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2892A0]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3

\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8

\Driver\atapi -> 0x8a2892a0

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: INTELBRAS WPG200 Wireless PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb7dcdba0

PacketIndicateHandler -> NDIS.sys @ 0xb7ddab21

SendHandler -> NDIS.sys @ 0xb7db887b

Warning: possible MBR rootkit infection !

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\user1\CONFIG~1\Temp\ZPB26.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2010-07-16 21:31:56

ComboFix-quarantined-files.txt 2010-07-16 13:31

 

Pré-execução: 15 pasta(s) 26.368.016.384 bytes disponíveis

Pós execução: 17 pasta(s) 27.530.874.880 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - A3615A20F1FE02778763A024F589EEDE

[luan4884 0]

Resolvido ;D

Obrigado , pode fechar.

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Clique em [iniciar] > [Executar] > digite: msconfig

*Clique OK

*Clique na aba "BOOT.INI"

*Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

 

*Clique em [Verificar caminhos de inicialização]

*Clique em [sIM] > [OK]

 

 

*Reinicie o PC

*Ao iniciar o Windows, o utilitário de configuração informará que foi alterado.

*Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

 

3.

*Baixe o MBR e salve-o em C:\

*Clique em Iniciar > Executar > copie e cole: c:\mbr.exe -f

*Clique OK. Caso seja perguntado, permita que o programa seja executado. Ele abrirá e fechará rapidamente.

*Duplo clique em C:\mbr.exe

*Cole o relatório criado em C:\mbr.txt

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.