TheseSoundsFallIntoMyMind

Nenhum problema a mais com o PC. O procedimento com o Java Runtime Environment (JRE) 6 Update 7, deu certo e esta tudo em ordem agora, so não consegui desistalar o ComboFix, pois o mesmo não foi achado. Fora isso nenhum problema, obrigado, pode fechar o tópico. Grato.

Ok, Executei o Combo.fix. Aqui esta o log dele: Log do ComboFix: Bom, upei no http://w14.easy-share.com/, porque o arquivo .txt, esta muito pesado, ou algo assim. Espero que o Senhor possa fazer o down. Caso contrario me comunique pelo proprio tópico, que postarei periodicamente o log. O Log do HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:59:26, on 11/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\mobsync.exe C:\Program Files\WC3Banlist\WC3Banlist.exe C:\Users\user\Documents\Downloads\Warcraft III\HP_Viewer.exe C:\Windows\Explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7541 bytes Mais uma coisa deu um erro ao iniciar o windows, parece que esta faltando arquivos .dll. Tirei screens, e aqui estao Grato.

Introdução Baxei um arquivo suspeito, ele deu uns erros no .cmd, e agora parou de dar erros, porém antes eu não conseguia deletar o arquivo, e agora ele desapareceu. Log do HiJackThis: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:22, on 07/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\user\Documents\Downloads\Warcraft III\HP_Viewer.exe C:\Windows\system32\conime.exe C:\Windows\system32\cmd.exe C:\Users\user\AppData\Local\Temp\atmadm2.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcBQjHa.dll,#1 O4 - HKLM\..\Run: [DelayLoad] C:\Users\user\AppData\Local\Temp\atmadm2.exe O4 - HKLM\..\Run: [438c8d5e] rundll32.exe "C:\Windows\system32\atbrswlw.dll",b O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7355 bytes " Grato.

Este comando não executou, porém eu acho que este programa foi desistalado por meu irmao. Contudo, não voltou nenhum problema até dado o momento. Obrigado pela Atenção e pode dar "CLOSED", acho que o problema foi resolvido.

Primeiramente gostaria de agradecer a ajuda. E aqui estão os logs LOG DO COMBOFIX: "ComboFix 08-06-11.3 - user 2008-06-13 1:51:18.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1046.18.448 [GMT -3:00] Executando de: C:\Users\user\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\Fonts\CALIBRIB.TTF C:\Windows\system32\bbdrfejj.dll C:\Windows\System32\CfiQrAHk.ini C:\Windows\System32\CfiQrAHk.ini2 C:\Windows\system32\dkvrdhkl.dll C:\Windows\system32\fnfehxds.ini C:\Windows\system32\fygyeqqp.dll C:\Windows\system32\hicdkcmh.dll C:\Windows\system32\hisxtfcr.ini C:\Windows\system32\hmckdcih.ini C:\Windows\system32\jjefrdbb.ini C:\Windows\system32\kkisnldh.dll C:\Windows\system32\ljJYQIYp.dll C:\Windows\system32\mcrh.tmp C:\Windows\system32\nrfqjaox.dll C:\Windows\system32\qesjqyri.ini C:\Windows\system32\qoMcdExV.dll C:\Windows\system32\tjesgaui.ini C:\Windows\system32\tkmggilb.ini C:\Windows\system32\VxEdcMoq.ini C:\Windows\System32\VxEdcMoq.ini2 C:\Windows\system32\wtpfpkcg.dll C:\Windows\system32\x64 C:\Windows\system32\xosribah.ini ----- BITS: Possible infected sites ----- hxxp://au.download.windowsupdate.õj . ((((((((((((((((((((((( Ficheiros criados de 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))) . Nenhum ficheiro/arquivo criado durante este per¡odo . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 04:41 --------- d-----w C:\Program Files\Warcraft III 2008-06-11 18:37 --------- d-----w C:\Program Files\Trend Micro 2008-06-11 06:30 --------- d-----w C:\Users\user\AppData\Roaming\Uniblue 2008-06-11 06:30 --------- d-----w C:\Program Files\Uniblue 2008-06-11 05:57 --------- d-----w C:\Program Files\Valve 2008-06-11 05:32 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-09 17:13 --------- d-----w C:\Users\user\AppData\Roaming\LimeWire 2008-06-08 08:25 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-07 00:14 --------- d-----w C:\Program Files\WC3Banlist 2008-06-06 12:33 --------- d-----w C:\Program Files\MSBuild 2008-06-06 12:33 --------- d-----w C:\Program Files\Microsoft Works 2008-06-06 12:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-06 12:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-06-05 04:54 --------- d-----w C:\ProgramData\TechSmith 2008-06-05 04:54 --------- d-----w C:\Program Files\TechSmith 2008-06-05 04:52 2,829 ----a-w C:\Windows\War3Unin.pif 2008-06-05 04:52 139,264 ----a-w C:\Windows\War3Unin.exe 2008-06-05 04:49 --------- d-----w C:\ProgramData\Roxio 2008-06-05 04:30 --------- d-----w C:\Users\user\AppData\Roaming\Roxio 2008-06-05 04:21 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-06-05 04:21 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys 2008-06-05 04:21 --------- d-----w C:\ProgramData\Avg8 2008-06-03 22:20 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-06-03 22:19 --------- d-----w C:\Program Files\CONEXANT 2008-06-03 06:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-02 09:03 --------- d-----w C:\Program Files\World of Warcraft 2008-06-02 08:48 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-06-01 08:40 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-01 08:39 --------- d-----w C:\Program Files\Windows Live 2008-06-01 08:22 --------- d-----w C:\ProgramData\WLInstaller 2008-06-01 06:22 --------- d-----w C:\ProgramData\Messenger Plus! 2008-06-01 06:10 --------- d-----w C:\Users\user\AppData\Roaming\uTorrent 2008-06-01 06:08 --------- d-----w C:\Program Files\WinPcap 2008-06-01 05:40 --------- d-----w C:\Program Files\Sun 2008-06-01 05:40 --------- d-----w C:\Program Files\Java 2008-06-01 05:05 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-06-01 05:05 --------- d-----w C:\Users\user\AppData\Roaming\DAEMON Tools 2008-06-01 03:45 --------- d-----w C:\Program Files\Okoker ISO Maker 2008-06-01 03:35 --------- d-----w C:\Program Files\Smart Projects 2008-06-01 03:06 --------- d-----w C:\ProgramData\Sonic 2008-05-31 20:38 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-31 20:07 --------- d-----w C:\Program Files\uTorrent 2008-05-31 19:22 174 --sha-w C:\Program Files\desktop.ini 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Mail 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Defender 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Calendar 2008-05-31 19:09 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2008-05-31 19:09 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2008-05-31 19:09 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2008-05-31 19:09 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys 2008-05-31 19:08 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-05-31 19:07 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-31 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 09:15 --------- d-----w C:\Program Files\Gravity 2008-05-31 08:49 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-31 08:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-31 08:09 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-05-31 07:57 --------- d-----w C:\Program Files\OnGame 2008-05-31 07:41 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2008-05-31 07:41 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-05-31 07:41 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2008-05-31 07:41 2,923,520 ----a-w C:\Windows\explorer.exe 2008-05-31 07:41 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2008-05-31 07:41 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys 2008-05-31 07:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-05-31 07:35 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-05-31 07:35 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-05-31 07:32 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys 2008-05-31 07:32 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys 2008-05-31 07:32 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS 2008-05-31 07:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-05-31 07:30 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-05-31 07:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-05-31 07:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-05-31 07:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-05-31 07:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-05-31 07:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-05-31 07:28 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2008-05-31 07:28 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2008-05-31 07:28 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys 2008-05-31 07:28 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys 2008-05-31 07:28 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys 2008-05-31 07:28 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys 2008-05-31 07:26 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-05-31 07:26 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-05-31 07:24 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-05-31 07:24 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-05-31 07:24 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-05-31 07:24 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-05-31 07:24 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-05-31 07:24 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-05-31 07:24 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-05-31 07:24 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-05-31 07:22 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys 2008-05-31 07:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-31 07:16 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys 2008-05-31 07:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-05-31 07:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-05-31 07:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "Uniblue SpeedUpMyPC"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 15:49 36352] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 13:46 202032] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-05 01:21 1177368] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 03:58:12 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F9028EE0-5257-4EE3-92C9-F1788EC3119F}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{B501DC50-4BC8-4454-A2B2-5F4EA8D231B8}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{A0165A95-94B3-4928-A7AE-F1F1D8E4F2F4}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{0F30D941-CF27-42F4-925A-30ADAF20F294}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{9FE4120F-AB65-41ED-B97A-A21E067B29A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D8428712-7DB3-4854-A123-07C989069E9F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{70661357-C76A-483B-88C4-62CE12CE6DD8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{983DFB8B-93BA-441D-A279-3A8986121E09}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{15E8A624-599F-4A0F-BD75-5AC3C737E638}"= UDP:6112:Battle.net "{1B6DD831-7621-4250-9F56-9B7B0107E24F}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{76721033-1682-4625-B92B-0A3CAF39AD82}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{2A4B6F25-B8FA-430B-89E8-05E244813BDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8BF77FEC-CC79-46BF-B91C-4C1B057E5A71}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F1880343-1166-471D-BEA1-B5701FEBCB28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D4C8D451-19DE-4D09-B0D7-9D3C4A23819A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{180016C9-356E-4324-97EF-C8B5ADB77661}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DF890EFA-D243-41BE-9B76-E78B792C0C45}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:war3 "UDP Query User{322CA001-03A1-498D-BC7A-2A4DAE220C6B}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:war3 "TCP Query User{C1546CA5-6E34-4CEF-BB9F-9AE1D59750A1}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= UDP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe "UDP Query User{97829B62-13A9-4F33-80E3-CCB7572734CE}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= TCP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-05 01:21] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-05 01:21] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 01:21] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-05 01:21] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 18:10] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 21:02] . Conte£do da pasta 'Tarefas Agendadas' "2008-06-13 04:59:33 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-06-11 06:30:32 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 02:00:27 Windows 6.0.6000 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Tempo para conclusÆo: 2008-06-13 2:04:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 05:03:35 O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application. O sistema nÆo pode encontrar o texto correspondente … mensagem de n£mero 0x2379 no arquivo de mensagens para Application. 251 --- E O F --- 2008-06-08 08:25:31 " LOG DO HIJACK: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:11:50, on 13/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\Explorer.exe C:\Windows\system32\conime.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7263 bytes " Algo mais para ser feito?!

INTRODUÇÃO: Meu Computador esta toda hora reiniciando o explorer.exe, de longe está bem mais lento que antes e meu anti-virus "AVG Anti-Virus Free", detectou "alguns" arquivos infectados, o problemas é que muitos deles eu acho que são importantes e por isso não vou remover e vim pedir ajuda. DE ACORDO COM O AVG: Eu tenho esses arquivos infectados: C:\Windows\system32\qoMcdExV.dll (este arquivo se repete mais 1 vez) C:\Windows\system32\ljJyQIYp.dll (este arquivo se repete mais 2 vezes) C:\Windows\explorer.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer Também fiz um scan no virus total dos arquivos: SCAN VIRUS TOTAL: C:\WIndows\system32\qoMcdExV.dll-----> http://www.virustotal.com/pt/analisis/ccc5...2a534248fe77b88 C:\WIndows\system32\ljJyQIYp.dll-----> http://www.virustotal.com/pt/analisis/4678...6cadab3e3289753 C:\WIndows\explorer.exe-----> http://www.virustotal.com/pt/analisis/1964...8bfb78941bad999 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer (Arquivo não encontrado, talvez eu tenha a procurar no Regedit, mas no momento estou um pouco cauteloso em mexer em qualquer arquivo importante) Se os links estiverem expirados, me avise que eu posto o texto diretamente do proprio site. LOG DO HIJACK: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:44:54, on 11/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\rundll32.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {2C9DC8AF-A983-45FC-8BBC-39D9F047D49C} - C:\Windows\system32\qoMcdExV.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - C:\Windows\system32\ljJYQIYp.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [438c8d5e] rundll32.exe "C:\Windows\system32\iryqjseq.dll",b O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYQIYp.dll,#1 O4 - HKLM\..\Run: [BM40bfbec2] Rundll32.exe "C:\Windows\system32\nrfqjaox.dll",s O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8103 bytes" De ante mão, Obrigado. E desculpe a organização, o PC realmente está debilitado.