TheseSoundsFallIntoMyMind
-
Total de itens
0 -
Registro em
-
Última visita
Tudo que TheseSoundsFallIntoMyMind postou
-
[Resolvido]Meu log do HiJackThis.
pergunta respondeu ao TheseSoundsFallIntoMyMind de TheseSoundsFallIntoMyMind em Casos Resolvidos
Nenhum problema a mais com o PC. O procedimento com o Java Runtime Environment (JRE) 6 Update 7, deu certo e esta tudo em ordem agora, so não consegui desistalar o ComboFix, pois o mesmo não foi achado. Fora isso nenhum problema, obrigado, pode fechar o tópico. Grato. -
[Resolvido]Meu log do HiJackThis.
pergunta respondeu ao TheseSoundsFallIntoMyMind de TheseSoundsFallIntoMyMind em Casos Resolvidos
Ok, Executei o Combo.fix. Aqui esta o log dele: Log do ComboFix: Bom, upei no http://w14.easy-share.com/, porque o arquivo .txt, esta muito pesado, ou algo assim. Espero que o Senhor possa fazer o down. Caso contrario me comunique pelo proprio tópico, que postarei periodicamente o log. O Log do HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:59:26, on 11/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\mobsync.exe C:\Program Files\WC3Banlist\WC3Banlist.exe C:\Users\user\Documents\Downloads\Warcraft III\HP_Viewer.exe C:\Windows\Explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7541 bytes Mais uma coisa deu um erro ao iniciar o windows, parece que esta faltando arquivos .dll. Tirei screens, e aqui estao Grato. -
Introdução Baxei um arquivo suspeito, ele deu uns erros no .cmd, e agora parou de dar erros, porém antes eu não conseguia deletar o arquivo, e agora ele desapareceu. Log do HiJackThis: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:22, on 07/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\user\Documents\Downloads\Warcraft III\HP_Viewer.exe C:\Windows\system32\conime.exe C:\Windows\system32\cmd.exe C:\Users\user\AppData\Local\Temp\atmadm2.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcBQjHa.dll,#1 O4 - HKLM\..\Run: [DelayLoad] C:\Users\user\AppData\Local\Temp\atmadm2.exe O4 - HKLM\..\Run: [438c8d5e] rundll32.exe "C:\Windows\system32\atbrswlw.dll",b O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7355 bytes " Grato.
-
[Resolvido]Arquivos importantes infectados
pergunta respondeu ao TheseSoundsFallIntoMyMind de TheseSoundsFallIntoMyMind em Casos Resolvidos
Este comando não executou, porém eu acho que este programa foi desistalado por meu irmao. Contudo, não voltou nenhum problema até dado o momento. Obrigado pela Atenção e pode dar "CLOSED", acho que o problema foi resolvido. -
[Resolvido]Arquivos importantes infectados
pergunta respondeu ao TheseSoundsFallIntoMyMind de TheseSoundsFallIntoMyMind em Casos Resolvidos
Primeiramente gostaria de agradecer a ajuda. E aqui estão os logs LOG DO COMBOFIX: "ComboFix 08-06-11.3 - user 2008-06-13 1:51:18.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1046.18.448 [GMT -3:00] Executando de: C:\Users\user\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\Fonts\CALIBRIB.TTF C:\Windows\system32\bbdrfejj.dll C:\Windows\System32\CfiQrAHk.ini C:\Windows\System32\CfiQrAHk.ini2 C:\Windows\system32\dkvrdhkl.dll C:\Windows\system32\fnfehxds.ini C:\Windows\system32\fygyeqqp.dll C:\Windows\system32\hicdkcmh.dll C:\Windows\system32\hisxtfcr.ini C:\Windows\system32\hmckdcih.ini C:\Windows\system32\jjefrdbb.ini C:\Windows\system32\kkisnldh.dll C:\Windows\system32\ljJYQIYp.dll C:\Windows\system32\mcrh.tmp C:\Windows\system32\nrfqjaox.dll C:\Windows\system32\qesjqyri.ini C:\Windows\system32\qoMcdExV.dll C:\Windows\system32\tjesgaui.ini C:\Windows\system32\tkmggilb.ini C:\Windows\system32\VxEdcMoq.ini C:\Windows\System32\VxEdcMoq.ini2 C:\Windows\system32\wtpfpkcg.dll C:\Windows\system32\x64 C:\Windows\system32\xosribah.ini ----- BITS: Possible infected sites ----- hxxp://au.download.windowsupdate.õj . ((((((((((((((((((((((( Ficheiros criados de 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))) . Nenhum ficheiro/arquivo criado durante este per¡odo . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 04:41 --------- d-----w C:\Program Files\Warcraft III 2008-06-11 18:37 --------- d-----w C:\Program Files\Trend Micro 2008-06-11 06:30 --------- d-----w C:\Users\user\AppData\Roaming\Uniblue 2008-06-11 06:30 --------- d-----w C:\Program Files\Uniblue 2008-06-11 05:57 --------- d-----w C:\Program Files\Valve 2008-06-11 05:32 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-09 17:13 --------- d-----w C:\Users\user\AppData\Roaming\LimeWire 2008-06-08 08:25 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-07 00:14 --------- d-----w C:\Program Files\WC3Banlist 2008-06-06 12:33 --------- d-----w C:\Program Files\MSBuild 2008-06-06 12:33 --------- d-----w C:\Program Files\Microsoft Works 2008-06-06 12:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-06 12:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-06-05 04:54 --------- d-----w C:\ProgramData\TechSmith 2008-06-05 04:54 --------- d-----w C:\Program Files\TechSmith 2008-06-05 04:52 2,829 ----a-w C:\Windows\War3Unin.pif 2008-06-05 04:52 139,264 ----a-w C:\Windows\War3Unin.exe 2008-06-05 04:49 --------- d-----w C:\ProgramData\Roxio 2008-06-05 04:30 --------- d-----w C:\Users\user\AppData\Roaming\Roxio 2008-06-05 04:21 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-06-05 04:21 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys 2008-06-05 04:21 --------- d-----w C:\ProgramData\Avg8 2008-06-03 22:20 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-06-03 22:19 --------- d-----w C:\Program Files\CONEXANT 2008-06-03 06:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-02 09:03 --------- d-----w C:\Program Files\World of Warcraft 2008-06-02 08:48 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-06-01 08:40 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-01 08:39 --------- d-----w C:\Program Files\Windows Live 2008-06-01 08:22 --------- d-----w C:\ProgramData\WLInstaller 2008-06-01 06:22 --------- d-----w C:\ProgramData\Messenger Plus! 2008-06-01 06:10 --------- d-----w C:\Users\user\AppData\Roaming\uTorrent 2008-06-01 06:08 --------- d-----w C:\Program Files\WinPcap 2008-06-01 05:40 --------- d-----w C:\Program Files\Sun 2008-06-01 05:40 --------- d-----w C:\Program Files\Java 2008-06-01 05:05 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-06-01 05:05 --------- d-----w C:\Users\user\AppData\Roaming\DAEMON Tools 2008-06-01 03:45 --------- d-----w C:\Program Files\Okoker ISO Maker 2008-06-01 03:35 --------- d-----w C:\Program Files\Smart Projects 2008-06-01 03:06 --------- d-----w C:\ProgramData\Sonic 2008-05-31 20:38 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-31 20:07 --------- d-----w C:\Program Files\uTorrent 2008-05-31 19:22 174 --sha-w C:\Program Files\desktop.ini 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Mail 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Defender 2008-05-31 19:17 --------- d-----w C:\Program Files\Windows Calendar 2008-05-31 19:09 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2008-05-31 19:09 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2008-05-31 19:09 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2008-05-31 19:09 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys 2008-05-31 19:08 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-05-31 19:07 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-31 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 09:15 --------- d-----w C:\Program Files\Gravity 2008-05-31 08:49 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-31 08:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-31 08:09 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-05-31 07:57 --------- d-----w C:\Program Files\OnGame 2008-05-31 07:41 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2008-05-31 07:41 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-05-31 07:41 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2008-05-31 07:41 2,923,520 ----a-w C:\Windows\explorer.exe 2008-05-31 07:41 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2008-05-31 07:41 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys 2008-05-31 07:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-05-31 07:35 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-05-31 07:35 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-05-31 07:32 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys 2008-05-31 07:32 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys 2008-05-31 07:32 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS 2008-05-31 07:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-05-31 07:30 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-05-31 07:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-05-31 07:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-05-31 07:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-05-31 07:29 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-05-31 07:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-05-31 07:28 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2008-05-31 07:28 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2008-05-31 07:28 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys 2008-05-31 07:28 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys 2008-05-31 07:28 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys 2008-05-31 07:28 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys 2008-05-31 07:26 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-05-31 07:26 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-05-31 07:24 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-05-31 07:24 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-05-31 07:24 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-05-31 07:24 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-05-31 07:24 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-05-31 07:24 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-05-31 07:24 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-05-31 07:24 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-05-31 07:22 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys 2008-05-31 07:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-31 07:16 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys 2008-05-31 07:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-05-31 07:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-05-31 07:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856] "Uniblue SpeedUpMyPC"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 15:49 36352] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 13:46 202032] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-05 01:21 1177368] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 03:58:12 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F9028EE0-5257-4EE3-92C9-F1788EC3119F}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{B501DC50-4BC8-4454-A2B2-5F4EA8D231B8}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{A0165A95-94B3-4928-A7AE-F1F1D8E4F2F4}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{0F30D941-CF27-42F4-925A-30ADAF20F294}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{9FE4120F-AB65-41ED-B97A-A21E067B29A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D8428712-7DB3-4854-A123-07C989069E9F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{70661357-C76A-483B-88C4-62CE12CE6DD8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{983DFB8B-93BA-441D-A279-3A8986121E09}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{15E8A624-599F-4A0F-BD75-5AC3C737E638}"= UDP:6112:Battle.net "{1B6DD831-7621-4250-9F56-9B7B0107E24F}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{76721033-1682-4625-B92B-0A3CAF39AD82}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{2A4B6F25-B8FA-430B-89E8-05E244813BDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8BF77FEC-CC79-46BF-B91C-4C1B057E5A71}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F1880343-1166-471D-BEA1-B5701FEBCB28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D4C8D451-19DE-4D09-B0D7-9D3C4A23819A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{180016C9-356E-4324-97EF-C8B5ADB77661}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DF890EFA-D243-41BE-9B76-E78B792C0C45}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:war3 "UDP Query User{322CA001-03A1-498D-BC7A-2A4DAE220C6B}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:war3 "TCP Query User{C1546CA5-6E34-4CEF-BB9F-9AE1D59750A1}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= UDP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe "UDP Query User{97829B62-13A9-4F33-80E3-CCB7572734CE}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= TCP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-05 01:21] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-05 01:21] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 01:21] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-05 01:21] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 18:10] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 21:02] . Conte£do da pasta 'Tarefas Agendadas' "2008-06-13 04:59:33 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-06-11 06:30:32 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 02:00:27 Windows 6.0.6000 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Tempo para conclusÆo: 2008-06-13 2:04:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 05:03:35 O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application. O sistema nÆo pode encontrar o texto correspondente … mensagem de n£mero 0x2379 no arquivo de mensagens para Application. 251 --- E O F --- 2008-06-08 08:25:31 " LOG DO HIJACK: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:11:50, on 13/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\Explorer.exe C:\Windows\system32\conime.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7263 bytes " Algo mais para ser feito?! -
[Resolvido]Arquivos importantes infectados
uma questão postou TheseSoundsFallIntoMyMind Casos Resolvidos
INTRODUÇÃO: Meu Computador esta toda hora reiniciando o explorer.exe, de longe está bem mais lento que antes e meu anti-virus "AVG Anti-Virus Free", detectou "alguns" arquivos infectados, o problemas é que muitos deles eu acho que são importantes e por isso não vou remover e vim pedir ajuda. DE ACORDO COM O AVG: Eu tenho esses arquivos infectados: C:\Windows\system32\qoMcdExV.dll (este arquivo se repete mais 1 vez) C:\Windows\system32\ljJyQIYp.dll (este arquivo se repete mais 2 vezes) C:\Windows\explorer.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer Também fiz um scan no virus total dos arquivos: SCAN VIRUS TOTAL: C:\WIndows\system32\qoMcdExV.dll-----> http://www.virustotal.com/pt/analisis/ccc5...2a534248fe77b88 C:\WIndows\system32\ljJyQIYp.dll-----> http://www.virustotal.com/pt/analisis/4678...6cadab3e3289753 C:\WIndows\explorer.exe-----> http://www.virustotal.com/pt/analisis/1964...8bfb78941bad999 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer (Arquivo não encontrado, talvez eu tenha a procurar no Regedit, mas no momento estou um pouco cauteloso em mexer em qualquer arquivo importante) Se os links estiverem expirados, me avise que eu posto o texto diretamente do proprio site. LOG DO HIJACK: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:44:54, on 11/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\rundll32.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {2C9DC8AF-A983-45FC-8BBC-39D9F047D49C} - C:\Windows\system32\qoMcdExV.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - C:\Windows\system32\ljJYQIYp.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [438c8d5e] rundll32.exe "C:\Windows\system32\iryqjseq.dll",b O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYQIYp.dll,#1 O4 - HKLM\..\Run: [BM40bfbec2] Rundll32.exe "C:\Windows\system32\nrfqjaox.dll",s O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8103 bytes" De ante mão, Obrigado. E desculpe a organização, o PC realmente está debilitado.