[Resolvido]Arquivos importantes infectados

[TheseSoundsFallIntoMyMind]

INTRODUÇÃO:

Meu Computador esta toda hora reiniciando o explorer.exe, de longe está bem mais lento que antes e meu anti-virus "AVG Anti-Virus Free", detectou "alguns" arquivos infectados, o problemas é que muitos deles eu acho que são importantes e por isso não vou remover e vim pedir ajuda.

DE ACORDO COM O AVG:

Eu tenho esses arquivos infectados:

C:\Windows\system32\qoMcdExV.dll (este arquivo se repete mais 1 vez)

C:\Windows\system32\ljJyQIYp.dll (este arquivo se repete mais 2 vezes)

C:\Windows\explorer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer

Também fiz um scan no virus total dos arquivos:

SCAN VIRUS TOTAL:

C:\WIndows\system32\qoMcdExV.dll-----> http://www.virustotal.com/pt/analisis/ccc5...2a534248fe77b88

C:\WIndows\system32\ljJyQIYp.dll-----> http://www.virustotal.com/pt/analisis/4678...6cadab3e3289753

C:\WIndows\explorer.exe-----> http://www.virustotal.com/pt/analisis/1964...8bfb78941bad999

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer (Arquivo não encontrado, talvez eu tenha a procurar no Regedit, mas no momento estou um pouco cauteloso em mexer em qualquer arquivo importante)

Se os links estiverem expirados, me avise que eu posto o texto diretamente do proprio site.

LOG DO HIJACK:

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:54, on 11/06/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2C9DC8AF-A983-45FC-8BBC-39D9F047D49C} - C:\Windows\system32\qoMcdExV.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - C:\Windows\system32\ljJYQIYp.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [438c8d5e] rundll32.exe "C:\Windows\system32\iryqjseq.dll",b
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYQIYp.dll,#1
O4 - HKLM\..\Run: [BM40bfbec2] Rundll32.exe "C:\Windows\system32\nrfqjaox.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8103 bytes"

De ante mão, Obrigado.

E desculpe a organização, o PC realmente está debilitado.

Editado Junho 11, 2008 por TheseSoundsFallIntoMyMind

[JackSSA]

Baixe o ComboFix e salve no desktop.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[TheseSoundsFallIntoMyMind]

Primeiramente gostaria de agradecer a ajuda.

E aqui estão os logs

LOG DO COMBOFIX:

"ComboFix 08-06-11.3 - user 2008-06-13  1:51:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1046.18.448 [GMT -3:00]
Executando de: C:\Users\user\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusäes   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\bbdrfejj.dll
C:\Windows\System32\CfiQrAHk.ini
C:\Windows\System32\CfiQrAHk.ini2
C:\Windows\system32\dkvrdhkl.dll
C:\Windows\system32\fnfehxds.ini
C:\Windows\system32\fygyeqqp.dll
C:\Windows\system32\hicdkcmh.dll
C:\Windows\system32\hisxtfcr.ini
C:\Windows\system32\hmckdcih.ini
C:\Windows\system32\jjefrdbb.ini
C:\Windows\system32\kkisnldh.dll
C:\Windows\system32\ljJYQIYp.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nrfqjaox.dll
C:\Windows\system32\qesjqyri.ini
C:\Windows\system32\qoMcdExV.dll
C:\Windows\system32\tjesgaui.ini
C:\Windows\system32\tkmggilb.ini
C:\Windows\system32\VxEdcMoq.ini
C:\Windows\System32\VxEdcMoq.ini2
C:\Windows\system32\wtpfpkcg.dll
C:\Windows\system32\x64
C:\Windows\system32\xosribah.ini

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.õj
.
(((((((((((((((((((((((   Ficheiros criados de 2008-05-13 to 2008-06-13  ))))))))))))))))))))))))))))))))
.

Nenhum ficheiro/arquivo criado durante este per¡odo

.
(((((((((((((((((((((((((((((((((((((   Relat¢rio Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:41    ---------    d-----w    C:\Program Files\Warcraft III
2008-06-11 18:37    ---------    d-----w    C:\Program Files\Trend Micro
2008-06-11 06:30    ---------    d-----w    C:\Users\user\AppData\Roaming\Uniblue
2008-06-11 06:30    ---------    d-----w    C:\Program Files\Uniblue
2008-06-11 05:57    ---------    d-----w    C:\Program Files\Valve
2008-06-11 05:32    ---------    d-----w    C:\Program Files\Common Files\Steam
2008-06-09 17:13    ---------    d-----w    C:\Users\user\AppData\Roaming\LimeWire
2008-06-08 08:25    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-06-07 00:14    ---------    d-----w    C:\Program Files\WC3Banlist
2008-06-06 12:33    ---------    d-----w    C:\Program Files\MSBuild
2008-06-06 12:33    ---------    d-----w    C:\Program Files\Microsoft Works
2008-06-06 12:30    ---------    d-----w    C:\Program Files\Microsoft.NET
2008-06-06 12:27    ---------    d-----w    C:\Program Files\Microsoft Visual Studio 8
2008-06-05 04:54    ---------    d-----w    C:\ProgramData\TechSmith
2008-06-05 04:54    ---------    d-----w    C:\Program Files\TechSmith
2008-06-05 04:52    2,829    ----a-w    C:\Windows\War3Unin.pif
2008-06-05 04:52    139,264    ----a-w    C:\Windows\War3Unin.exe
2008-06-05 04:49    ---------    d-----w    C:\ProgramData\Roxio
2008-06-05 04:30    ---------    d-----w    C:\Users\user\AppData\Roaming\Roxio
2008-06-05 04:21    96,520    ----a-w    C:\Windows\system32\drivers\avgldx86.sys
2008-06-05 04:21    67,080    ----a-w    C:\Windows\system32\drivers\avgwfpx.sys
2008-06-05 04:21    ---------    d-----w    C:\ProgramData\Avg8
2008-06-03 22:20    ---------    d-----w    C:\Program Files\Microsoft Silverlight
2008-06-03 22:19    ---------    d-----w    C:\Program Files\CONEXANT
2008-06-03 06:57    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-06-02 09:03    ---------    d-----w    C:\Program Files\World of Warcraft
2008-06-02 08:48    ---------    d-----w    C:\Program Files\Common Files\Blizzard Entertainment
2008-06-01 08:40    ---------    d-----w    C:\Program Files\DAEMON Tools Lite
2008-06-01 08:39    ---------    d-----w    C:\Program Files\Windows Live
2008-06-01 08:22    ---------    d-----w    C:\ProgramData\WLInstaller
2008-06-01 06:22    ---------    d-----w    C:\ProgramData\Messenger Plus!
2008-06-01 06:10    ---------    d-----w    C:\Users\user\AppData\Roaming\uTorrent
2008-06-01 06:08    ---------    d-----w    C:\Program Files\WinPcap
2008-06-01 05:40    ---------    d-----w    C:\Program Files\Sun
2008-06-01 05:40    ---------    d-----w    C:\Program Files\Java
2008-06-01 05:05    717,296    ----a-w    C:\Windows\system32\drivers\sptd.sys
2008-06-01 05:05    ---------    d-----w    C:\Users\user\AppData\Roaming\DAEMON Tools
2008-06-01 03:45    ---------    d-----w    C:\Program Files\Okoker ISO Maker
2008-06-01 03:35    ---------    d-----w    C:\Program Files\Smart Projects
2008-06-01 03:06    ---------    d-----w    C:\ProgramData\Sonic
2008-05-31 20:38    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-05-31 20:07    ---------    d-----w    C:\Program Files\uTorrent
2008-05-31 19:22    174    --sha-w    C:\Program Files\desktop.ini
2008-05-31 19:17    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-05-31 19:17    ---------    d-----w    C:\Program Files\Windows Mail
2008-05-31 19:17    ---------    d-----w    C:\Program Files\Windows Defender
2008-05-31 19:17    ---------    d-----w    C:\Program Files\Windows Calendar
2008-05-31 19:09    70,144    ----a-w    C:\Windows\system32\drivers\pacer.sys
2008-05-31 19:09    61,952    ----a-w    C:\Windows\system32\drivers\wanarp.sys
2008-05-31 19:09    48,640    ----a-w    C:\Windows\system32\drivers\ndproxy.sys
2008-05-31 19:09    20,480    ----a-w    C:\Windows\system32\drivers\ndistapi.sys
2008-05-31 19:08    619,008    ----a-w    C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-31 19:07    ---------    d-----w    C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-31 09:15    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-05-31 09:15    ---------    d-----w    C:\Program Files\Gravity
2008-05-31 08:49    ---------    d-----w    C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-31 08:16    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-31 08:09    ---------    d-----w    C:\Program Files\Common Files\INCA Shared
2008-05-31 07:57    ---------    d-----w    C:\Program Files\OnGame
2008-05-31 07:41    28,344    ----a-w    C:\Windows\system32\drivers\battc.sys
2008-05-31 07:41    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2008-05-31 07:41    20,920    ----a-w    C:\Windows\system32\drivers\compbatt.sys
2008-05-31 07:41    2,923,520    ----a-w    C:\Windows\explorer.exe
2008-05-31 07:41    14,208    ----a-w    C:\Windows\system32\drivers\CmBatt.sys
2008-05-31 07:41    11,264    ----a-w    C:\Windows\system32\drivers\wmiacpi.sys
2008-05-31 07:40    110,080    ----a-w    C:\Windows\system32\drivers\mrxdav.sys
2008-05-31 07:35    41,984    ----a-w    C:\Windows\system32\drivers\monitor.sys
2008-05-31 07:35    1,060,920    ----a-w    C:\Windows\system32\drivers\ntfs.sys
2008-05-31 07:32    63,488    ----a-w    C:\Windows\system32\drivers\mpsdrv.sys
2008-05-31 07:32    23,040    ----a-w    C:\Windows\system32\drivers\tunnel.sys
2008-05-31 07:32    15,360    ----a-w    C:\Windows\system32\drivers\TUNMP.SYS
2008-05-31 07:30    45,112    ----a-w    C:\Windows\system32\drivers\pciidex.sys
2008-05-31 07:30    25,656    ----a-w    C:\Windows\system32\drivers\msahci.sys
2008-05-31 07:30    21,560    ----a-w    C:\Windows\system32\drivers\atapi.sys
2008-05-31 07:30    17,464    ----a-w    C:\Windows\system32\drivers\intelide.sys
2008-05-31 07:30    109,624    ----a-w    C:\Windows\system32\drivers\ataport.sys
2008-05-31 07:29    211,000    ----a-w    C:\Windows\system32\drivers\volsnap.sys
2008-05-31 07:29    154,624    ----a-w    C:\Windows\system32\drivers\nwifi.sys
2008-05-31 07:28    73,216    ----a-w    C:\Windows\system32\drivers\usbccgp.sys
2008-05-31 07:28    5,888    ----a-w    C:\Windows\system32\drivers\usbd.sys
2008-05-31 07:28    38,400    ----a-w    C:\Windows\system32\drivers\usbehci.sys
2008-05-31 07:28    23,040    ----a-w    C:\Windows\system32\drivers\usbuhci.sys
2008-05-31 07:28    224,768    ----a-w    C:\Windows\system32\drivers\usbport.sys
2008-05-31 07:28    192,000    ----a-w    C:\Windows\system32\drivers\usbhub.sys
2008-05-31 07:26    803,328    ----a-w    C:\Windows\system32\drivers\tcpip.sys
2008-05-31 07:26    216,632    ----a-w    C:\Windows\system32\drivers\netio.sys
2008-05-31 07:24    54,784    ----a-w    C:\Windows\system32\drivers\i8042prt.sys
2008-05-31 07:24    495,160    ----a-w    C:\Windows\system32\drivers\Wdf01000.sys
2008-05-31 07:24    35,384    ----a-w    C:\Windows\system32\drivers\WdfLdr.sys
2008-05-31 07:24    35,384    ----a-w    C:\Windows\system32\drivers\kbdclass.sys
2008-05-31 07:24    34,360    ----a-w    C:\Windows\system32\drivers\mouclass.sys
2008-05-31 07:24    19,968    ----a-w    C:\Windows\system32\drivers\sermouse.sys
2008-05-31 07:24    15,872    ----a-w    C:\Windows\system32\drivers\mouhid.sys
2008-05-31 07:24    15,872    ----a-w    C:\Windows\system32\drivers\kbdhid.sys
2008-05-31 07:22    82,432    ----a-w    C:\Windows\system32\drivers\sdbus.sys
2008-05-31 07:16    537,600    ----a-w    C:\Windows\AppPatch\AcLayers.dll
2008-05-31 07:16    53,760    ----a-w    C:\Windows\system32\drivers\hdaudbus.sys
2008-05-31 07:16    449,536    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-05-31 07:16    2,560    ----a-w    C:\Windows\AppPatch\AcRes.dll
2008-05-31 07:16    2,144,256    ----a-w    C:\Windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]
"Uniblue SpeedUpMyPC"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 15:49 36352]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 13:46 202032]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-05 01:21 1177368]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 03:58:12 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F9028EE0-5257-4EE3-92C9-F1788EC3119F}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{B501DC50-4BC8-4454-A2B2-5F4EA8D231B8}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{A0165A95-94B3-4928-A7AE-F1F1D8E4F2F4}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0F30D941-CF27-42F4-925A-30ADAF20F294}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9FE4120F-AB65-41ED-B97A-A21E067B29A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D8428712-7DB3-4854-A123-07C989069E9F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{70661357-C76A-483B-88C4-62CE12CE6DD8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{983DFB8B-93BA-441D-A279-3A8986121E09}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15E8A624-599F-4A0F-BD75-5AC3C737E638}"= UDP:6112:Battle.net
"{1B6DD831-7621-4250-9F56-9B7B0107E24F}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{76721033-1682-4625-B92B-0A3CAF39AD82}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{2A4B6F25-B8FA-430B-89E8-05E244813BDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8BF77FEC-CC79-46BF-B91C-4C1B057E5A71}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1880343-1166-471D-BEA1-B5701FEBCB28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D4C8D451-19DE-4D09-B0D7-9D3C4A23819A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{180016C9-356E-4324-97EF-C8B5ADB77661}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DF890EFA-D243-41BE-9B76-E78B792C0C45}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:war3
"UDP Query User{322CA001-03A1-498D-BC7A-2A4DAE220C6B}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:war3
"TCP Query User{C1546CA5-6E34-4CEF-BB9F-9AE1D59750A1}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= UDP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe
"UDP Query User{97829B62-13A9-4F33-80E3-CCB7572734CE}C:\\users\\user\\desktop\\warcraft\\lainethlite\\lainethlite.exe"= TCP:C:\users\user\desktop\warcraft\lainethlite\lainethlite.exe:lainethlite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-05 01:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-05 01:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 01:21]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-05 01:21]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 18:10]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 21:02]

.
Conte£do da pasta 'Tarefas Agendadas'
"2008-06-13 04:59:33 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-11 06:30:32 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 02:00:27
Windows 6.0.6000  NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-13  2:04:08 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-13 05:03:35

      O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.
      O sistema nÆo pode encontrar o texto correspondente … mensagem de n£mero 0x2379 no arquivo de mensagens para Application.

251    --- E O F ---    2008-06-08 08:25:31
"

LOG DO HIJACK:

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:50, on 13/06/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7263 bytes
"

Algo mais para ser feito?!

[JackSSA]

Clique em Iniciar -> Executar -> digite ComboFix.exe /u -> Ok.

Aguarde a deinstalação.

Seu Log está limpo. Ainda há algum problema com o PC?

[TheseSoundsFallIntoMyMind]

Clique em Iniciar -> Executar -> digite ComboFix.exe /u -> Ok.

Aguarde a deinstalação.

Seu Log está limpo. Ainda há algum problema com o PC?

Este comando não executou, porém eu acho que este programa foi desistalado por meu irmao.

Contudo, não voltou nenhum problema até dado o momento.

Obrigado pela Atenção e pode dar "CLOSED", acho que o problema foi resolvido.

Editado Junho 14, 2008 por TheseSoundsFallIntoMyMind

[JackSSA]

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.