[Resolvido] Problemas com Malwares

[eduardo_elv 0]

Olá Galera!

 

Estou tendo uma série de problemas com o meu pc, sei que tem muitas operações inúteis no gerenciador de tarefas, desejaria eliminar todos os processos inúteis, todos mesmo, mas não tenho o conhecimento necessário para isso. Eu fiz um log pelo Hijackthis e estou postando aqui.

 

Tenho também umas perguntas de novatos que vocês devem estar cansados de ver:

1- Vi que muitas operações precisam ser feitas com o pc no modo seguro. O que é o modo seguro?

2- Como reverter o modo seguro para o normal?

3- Como mexer no pc no modo seguro?

4- O pc precisa obrigatoriamente estar no modo seguro para realizar essas mudanças? Por quê?

 

Aqui vai o log:

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\qwerty12.exe

C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: (no name) - {be6f3dc3-0112-4459-98b0-f89c9853658a} - C:\WINDOWS\system32\locdev.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl221bf2.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

O17 - HKLM\System\CS1\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: c:\windows\system32\ssqrqqp.dll

O20 - Winlogon Notify: locdev - C:\WINDOWS\SYSTEM32\locdev.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

Obrigado desde já!

Abraços!

[Shine 0]

Olá, bom dia!

 

Tenho também umas perguntas de novatos que vocês devem estar cansados de ver:

1- Vi que muitas operações precisam ser feitas com o pc no modo seguro. O que é o modo seguro?

Em modo seguro alguns processos ficam inativos, e é maior a possibilidade de remover um arquivo malicioso que não está em execução.

2- Como reverter o modo seguro para o normal?

Reiniciar normalmente (sem pressionar a tecla F8)

3- Como mexer no pc no modo seguro?

O seu computador em modo seguro funciona normalmente, exceto para acesso a internet ou à rede.

4- O pc precisa obrigatoriamente estar no modo seguro para realizar essas mudanças? Por quê?

Sim, como respondi na primeira pergunta é necessário estar em modo seguro para remover arquivos maliciosos, porque assim estão inativos possibilitando a remoção.

Se caso tentar remover algum arquivo malicioso em modo normal, irá aparecer uma messagem dizendo que não foi possível pois o arquivo está em execução.

 

-----

 

Vamos aos procedimentos:

 

>>> Vai em Executar e digite: services.msc

 

- Localize o serviço: DomainService

 

- Dê um duplo clique e escolha Desativado. Clique também em Parar.

 

1. Faça o download do Killbox, descompacte-o e execute-o.

 

- Marque a opção Delete on Reboot.

 

- Agora copie o arquivo abaixo e coloque em Full Path of File to Delete:

(selecione e clique em Editar > Copiar).

 

C:\WINDOWS\system32\qwerty12.exe

 

- Clique no botão . Responda Não à pergunta.

 

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso, pois você não terá acesso ao seu tópico

 

2. Reinicie o PC em entre em modo seguro (pressione F8 durante a inicialização e escolha modo seguro na tela de seleção)

 

3. Abra o HijackThis e clique em Do a system scan only.

 

- Marque SOMENTE as entradas abaixo e clique

 

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: (no name) - {be6f3dc3-0112-4459-98b0-f89c9853658a} - C:\WINDOWS\system32\locdev.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl221bf2.cab

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

 

4. Reinicie em modo normal

 

5. Depois faça um novo log do HijackThis e cole-o na sua resposta para prosseguirmos.

 

Abraços!

[eduardo_elv 0]

Desculpe-me, mas executei: services.msc e os únicos aplicativos com "d" são: Dsdm de dde de rede, detecção do hardware e dde de rede.

[Shine 0]

Ola! Tente fazer todo o procedimento, mesmo que não consiga desativar o serviço. ;)Depois cole o novo log do HijackThis na sua resposta para ser analisado. Abraços!

[eduardo_elv 0]

Aqui está o log do HIjack:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:24:39, on 28/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

 

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

O17 - HKLM\System\CS1\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

Até mais!

[Shine 0]

Olá!

 

Vamos fazer uma verificação.

 

Faça o download do FindLop

 

- Extraia os arquivos do ZIP para qualquer pasta que você criar.

 

- Execute o Findlop.bat

 

- Aguarde e depois vá em C:\ localize o findlop.txt e cole-o na sua resposta.

 

Estarei no aguardo para prosseguimos

 

Abraços!

[eduardo_elv 0]

Oi Lídia!Tudo bem?Infelizmente o log é muito extenso e não pude colocá-lo na íntegra, mas aqui vai a maior parte, o arquivo winmds se repete várias vezes.Até mais![TRACE] Enumerating jobs and queues[TRACE] Activating job 'At1.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\GdNMFNlM.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/27/2007 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At10.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\GdNMFNlM.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 9:00:00 NextRun: 08/31/2007 9:00:00 StartError: S_OK ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/27/2007 EndDate: 00/00/0000 StartTime: 09:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At100.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 3:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 03:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At101.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 4:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 04:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At102.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 5:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 05:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At103.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 6:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 06:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At104.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 7:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 07:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At105.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 8:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 08:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At106.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 9:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 09:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At107.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 10:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 10:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At108.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 11:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 11:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At109.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 12:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 12:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At11.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\GdNMFNlM.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 10:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/27/2007 EndDate: 00/00/0000 StartTime: 10:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At110.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/31/2007 13:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 13:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At111.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 14:00:00 NextRun: 08/31/2007 14:00:00 StartError: 0x80070002 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 14:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At112.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 15:00:00 NextRun: 08/31/2007 15:00:00 StartError: 0x80070002 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 15:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At113.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 16:00:00 NextRun: 08/31/2007 16:00:00 StartError: 0x80070002 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 16:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At114.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 17:00:00 NextRun: 08/31/2007 17:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 17:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At115.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 18:00:00 NextRun: 08/30/2007 18:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 18:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0[TRACE] Activating job 'At116.job'[TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\winmds.exe' Parameters: '' WorkingDirectory: '' Comment: 'Criado por NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/29/2007 19:00:00 NextRun: 08/30/2007 19:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0[WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/28/2007 EndDate: 00/00/0000 StartTime: 19:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0

[Shine 0]

Olá!

 

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso, pois você não terá acesso ao seu tópico

 

Faç o seguinte:

 

1. Execute o Killbox

 

- Marque a opção Delete on Reboot.

 

- Agora copie a lista abaixo

(selecione e clique em Editar > Copiar).

 

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At5.job

C:\Windows\Tasks\At6.job

C:\Windows\Tasks\At7.job

C:\Windows\Tasks\At8.job

C:\Windows\Tasks\At9.job

C:\Windows\Tasks\At10.job

C:\Windows\Tasks\At11.job

C:\Windows\Tasks\At12.job

C:\Windows\Tasks\At13.job

C:\Windows\Tasks\At14.job

C:\Windows\Tasks\At15.job

C:\Windows\Tasks\At16.job

C:\Windows\Tasks\At17.job

C:\Windows\Tasks\At18.job

C:\Windows\Tasks\At19.job

C:\Windows\Tasks\At20.job

C:\Windows\Tasks\At21.job

C:\Windows\Tasks\At22.job

C:\Windows\Tasks\At23.job

C:\Windows\Tasks\At24.job

C:\Windows\Tasks\At25.job

C:\Windows\Tasks\At26.job

C:\Windows\Tasks\At27.job

C:\Windows\Tasks\At28.job

C:\Windows\Tasks\At29.job

C:\Windows\Tasks\At30.job

C:\Windows\Tasks\At31.job

C:\Windows\Tasks\At32.job

C:\Windows\Tasks\At33.job

C:\Windows\Tasks\At34.job

C:\Windows\Tasks\At35.job

C:\Windows\Tasks\At36.job

C:\Windows\Tasks\At37.job

C:\Windows\Tasks\At38.job

C:\Windows\Tasks\At39.job

C:\Windows\Tasks\At40.job

C:\Windows\Tasks\At41.job

C:\Windows\Tasks\At42.job

C:\Windows\Tasks\At43.job

C:\Windows\Tasks\At44.job

C:\Windows\Tasks\At45.job

C:\Windows\Tasks\At46.job

C:\Windows\Tasks\At47.job

C:\Windows\Tasks\At48.job

C:\Windows\Tasks\At49.job

C:\Windows\Tasks\At50.job

C:\Windows\Tasks\At51.job

C:\Windows\Tasks\At52.job

C:\Windows\Tasks\At53.job

C:\Windows\Tasks\At54.job

C:\Windows\Tasks\At55.job

C:\Windows\Tasks\At56.job

C:\Windows\Tasks\At57.job

C:\Windows\Tasks\At58.job

C:\Windows\Tasks\At59.job

C:\Windows\Tasks\At60.job

C:\Windows\Tasks\At61.job

C:\Windows\Tasks\At62.job

C:\Windows\Tasks\At63.job

C:\Windows\Tasks\At64.job

C:\Windows\Tasks\At65.job

C:\Windows\Tasks\At66.job

C:\Windows\Tasks\At67.job

C:\Windows\Tasks\At68.job

C:\Windows\Tasks\At69.job

C:\Windows\Tasks\At70.job

C:\Windows\Tasks\At71.job

C:\Windows\Tasks\At72.job

C:\Windows\Tasks\At73.job

C:\Windows\Tasks\At74.job

C:\Windows\Tasks\At75.job

C:\Windows\Tasks\At76.job

C:\Windows\Tasks\At77.job

C:\Windows\Tasks\At78.job

C:\Windows\Tasks\At79.job

C:\Windows\Tasks\At80.job

C:\Windows\Tasks\At81.job

C:\Windows\Tasks\At82.job

C:\Windows\Tasks\At83.job

C:\Windows\Tasks\At84.job

C:\Windows\Tasks\At85.job

C:\Windows\Tasks\At86.job

C:\Windows\Tasks\At87.job

C:\Windows\Tasks\At88.job

C:\Windows\Tasks\At89.job

C:\Windows\Tasks\At90.job

C:\Windows\Tasks\At91.job

C:\Windows\Tasks\At92.job

C:\Windows\Tasks\At93.job

C:\Windows\Tasks\At94.job

C:\Windows\Tasks\At95.job

C:\Windows\Tasks\At96.job

C:\Windows\Tasks\At97.job

C:\Windows\Tasks\At98.job

C:\Windows\Tasks\At99.job

C:\Windows\Tasks\At100.job

C:\Windows\Tasks\At101.job

C:\Windows\Tasks\At102.job

C:\Windows\Tasks\At103.job

C:\Windows\Tasks\At104.job

C:\Windows\Tasks\At105.job

C:\Windows\Tasks\At106.job

C:\Windows\Tasks\At107.job

C:\Windows\Tasks\At108.job

C:\Windows\Tasks\At109.job

C:\Windows\Tasks\At110.job

C:\Windows\Tasks\At111.job

C:\Windows\Tasks\At112.job

C:\Windows\Tasks\At113.job

C:\Windows\Tasks\At114.job

C:\Windows\Tasks\At115.job

C:\Windows\Tasks\At116.job

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\GdNMFNlM.exe

 

- Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

 

- Clique no botão . Responda Sim à pergunta.

 

Seu computador irá reiniciar normalmente.

 

2. Depois faça um novo log do HijackThis e cole-o na sua resposta.

 

3. Execute novamente o FindLop e cole o resultado "inteiro" na sua resposta.

 

Abraços! ;)

[eduardo_elv 0]

Oi Lídia!

 

Eu fiz o log do findloop novamente e mais tarefas winmsd foram encontradas, então repeti o mesmo processo com todas e agora o log está vazio, desculpe se fiz algo errado!

 

Eu também quero saber o que é essa tarefa e porque ela estava lotando meus processos, o uso do arquivo de paginação chegou a passar de 900.

 

Tenho outra dúvida também, não estu conseguindo achar a pasta system32 na pasta do windows, o único endereço disponívl é esse: C:\QooBox\Quarantine\C\WINDOWS

 

Tenha um bom fim de semana!

 

Aqui segue o log do HIjack:

Logfile of HijackThis v1.99.1

Scan saved at 13:43:16, on 2/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

 

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[Shine 0]

Oi...

 

Tenho outra dúvida também, não estu conseguindo achar a pasta system32 na pasta do windows, o único endereço disponívl é esse: C:\QooBox\Quarantine\C\WINDOWS

Por acaso você executou uma ferramenta chamada "Combofix"?

[eduardo_elv 0]

Sim, numa infecção anterior tive que usá-la.

[Shine 0]

Ola, eduardo_elv!

 

A ferramenta Combofix teve um problema temporário e por isso causou dand a pasta System32 do Windows.

Felizmente seu Sistema Operacional está rodando. Por acaso você executou a Restauração do Sistema?

 

- Localize o arquivo em negrito abaixo e cole aqui o conteúdo do log:

 

C:\combofix-quarantined.txt

 

Referente aos nossos procedimentos anteriores, é preciso executar o "FindLop" e verificar se ainda ele detecta algo mais. Execute o FindLop e cole o resultado na sua resposta também para prosseguirmos.

 

PS: Se o resultado do Findlop não der num post, faça outros posts até colar o resultado inteiro.

 

Qualquer dúvida fique a vontade para perguntar, ok?

 

Abraços!

[eduardo_elv 0]

Aqui está o log de C:\combofix-quarantined.txt:

 

2006-05-11 15:10	  292864	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\win32.exe.vir2007-07-04 20:11	  126976	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xhelper.dll.vir2007-07-30 21:14	  84992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\WebAssist.dll.vir2007-08-04 18:23	  13380	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqrqqp.dll.vir2007-08-04 18:24	  92730	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\locdev.dll.vir2007-08-04 18:33	  55235	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\qwerty12.exe.vir2007-08-04 18:33	  63581	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp8.tmp.dll.vir2007-08-05 16:53	  63587	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp4.tmp.dll.vir2007-08-10 18:12	  58798	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp10.tmp.exe.vir2007-08-11 21:47	  124739	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmpE.tmp.exe.vir2007-08-11 21:47	  131455	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wvtutt.dll.vir2007-08-11 21:47	  1484469	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ttutvw.ini.vir2007-08-12 22:56	  64725	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp7.tmp.dll.vir2007-08-13 14:49	  124674	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp2.tmp.exe.vir2007-08-13 14:49	  131469	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ssrpnk.dll.vir2007-08-13 14:52	  55330	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp4.tmp.exe.vir2007-08-13 14:52	  64495	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp3.tmp.dll.vir2007-08-13 14:52	  79527	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp3.tmp.exe.vir2007-08-13 14:56	  58798	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp13A.tmp.exe.vir2007-08-13 20:42	  1216198	--a------	C:\Qoobox\Quarantine\C\WINDOWS\knprss.ini.vir2007-08-13 20:44	  1098	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf2007-08-13 20:44	  2956	--a------	C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf2007-08-13 20:45	  154	--a------	C:\Qoobox\Quarantine\catchme.log2007-08-13 20:45	  90637	--a------	C:\Qoobox\Quarantine\catchme2007-08-13_205406.53.zipListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ A483-DDDFC:\QOOBOX\---Quarantine	|   catchme.log	|   catchme2007-08-13_205406.53.zip	|   	+---C	|   +---DOCUME~1	|   |   \---EDUARD~2	|   |	   \---DADOSD~1	|   |			   tmp10.tmp.exe.vir	|   |			   tmp13A.tmp.exe.vir	|   |			   tmp2.tmp.exe.vir	|   |			   tmp3.tmp.exe.vir	|   |			   tmp4.tmp.exe.vir	|   |			   tmpE.tmp.exe.vir	|   |			   	|   \---WINDOWS	|	   |   knprss.ini.vir	|	   |   ssrpnk.dll.vir	|	   |   ttutvw.ini.vir	|	   |   WebAssist.dll.vir	|	   |   wvtutt.dll.vir	|	   |   xhelper.dll.vir	|	   |   	|	   \---system32	|			   locdev.dll.vir	|			   qwerty12.exe.vir	|			   ssqrqqp.dll.vir	|			   tmp3.tmp.dll.vir	|			   tmp4.tmp.dll.vir	|			   tmp7.tmp.dll.vir	|			   tmp8.tmp.dll.vir	|			   win32.exe.vir	|			   	\---Registry_backups			LEGACY_DOMAINSERVICE.reg.cf			services_DomainService.reg.cf

 

_________________________________________________________________

 

O Log do find loop permanece vazio e, respondendo a sua pergunta, não fiz a restauração de sistema.

 

Até +!

 

 

 

 

 

Aqui está o log de C:\combofix-quarantined.txt:

 

2006-05-11 15:10	  292864	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\win32.exe.vir2007-07-04 20:11	  126976	--a------	C:\Qoobox\Quarantine\C\WINDOWS\xhelper.dll.vir2007-07-30 21:14	  84992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\WebAssist.dll.vir2007-08-04 18:23	  13380	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqrqqp.dll.vir2007-08-04 18:24	  92730	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\locdev.dll.vir2007-08-04 18:33	  55235	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\qwerty12.exe.vir2007-08-04 18:33	  63581	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp8.tmp.dll.vir2007-08-05 16:53	  63587	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp4.tmp.dll.vir2007-08-10 18:12	  58798	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp10.tmp.exe.vir2007-08-11 21:47	  124739	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmpE.tmp.exe.vir2007-08-11 21:47	  131455	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wvtutt.dll.vir2007-08-11 21:47	  1484469	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ttutvw.ini.vir2007-08-12 22:56	  64725	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp7.tmp.dll.vir2007-08-13 14:49	  124674	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp2.tmp.exe.vir2007-08-13 14:49	  131469	--a------	C:\Qoobox\Quarantine\C\WINDOWS\ssrpnk.dll.vir2007-08-13 14:52	  55330	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp4.tmp.exe.vir2007-08-13 14:52	  64495	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp3.tmp.dll.vir2007-08-13 14:52	  79527	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp3.tmp.exe.vir2007-08-13 14:56	  58798	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\EDUARD~2\DADOSD~1\tmp13A.tmp.exe.vir2007-08-13 20:42	  1216198	--a------	C:\Qoobox\Quarantine\C\WINDOWS\knprss.ini.vir2007-08-13 20:44	  1098	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf2007-08-13 20:44	  2956	--a------	C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf2007-08-13 20:45	  154	--a------	C:\Qoobox\Quarantine\catchme.log2007-08-13 20:45	  90637	--a------	C:\Qoobox\Quarantine\catchme2007-08-13_205406.53.zipListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ A483-DDDFC:\QOOBOX\---Quarantine	|   catchme.log	|   catchme2007-08-13_205406.53.zip	|   	+---C	|   +---DOCUME~1	|   |   \---EDUARD~2	|   |	   \---DADOSD~1	|   |			   tmp10.tmp.exe.vir	|   |			   tmp13A.tmp.exe.vir	|   |			   tmp2.tmp.exe.vir	|   |			   tmp3.tmp.exe.vir	|   |			   tmp4.tmp.exe.vir	|   |			   tmpE.tmp.exe.vir	|   |			   	|   \---WINDOWS	|	   |   knprss.ini.vir	|	   |   ssrpnk.dll.vir	|	   |   ttutvw.ini.vir	|	   |   WebAssist.dll.vir	|	   |   wvtutt.dll.vir	|	   |   xhelper.dll.vir	|	   |   	|	   \---system32	|			   locdev.dll.vir	|			   qwerty12.exe.vir	|			   ssqrqqp.dll.vir	|			   tmp3.tmp.dll.vir	|			   tmp4.tmp.dll.vir	|			   tmp7.tmp.dll.vir	|			   tmp8.tmp.dll.vir	|			   win32.exe.vir	|			   	\---Registry_backups			LEGACY_DOMAINSERVICE.reg.cf			services_DomainService.reg.cf

 

_________________________________________________________________

 

O Log do find loop permanece vazio e, respondendo a sua pergunta, não fiz a restauração do sistema.

 

Até +!

[Shine 0]

Oi.Você ainda não consegue localizar a pasta "System32" na pasta Windows?De alguma forma o Sistema Operacional está executando normalmente, pois sem a pasta System32 o Windows nem iria funcionar.Os problemas ainda acontecem?Por favor, peço que faça um novo log do HijackThis e cole-o na sua resposta para ser analisado.Abraços! ;)

[eduardo_elv 0]

Oi Lídia!

 

Eu falei com um amigo meu e ele me disse para desativar a opção de ocultar arquivos do sistema operacional, então fui no windows de novo e lá estava a pasta, o estranho é que meu pc já está configurado para mostrar arquivos ocultos. Além disso, a minha pesquisa por pastas ocultas não resustou em nada.

 

Antes que este tópico seja fechado tenho mais duas dúvidas, se puder me responder, é claro.

 

Eu também quero saber o que é a tarefa "winmds" e porque ela estava lotando meus processos. O uso do arquivo de paginação chegou a passar de 900.

 

Também quero saber se posso deletar a pasta QooBox

 

Aqui vai o log do Hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:01:14, on 7/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

 

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

O17 - HKLM\System\CS1\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

___________________________________

 

Obrigado por tudo!

[Shine 0]

Opa! Tudo bom?

 

Eu também quero saber o que é a tarefa "winmds" e porque ela estava lotando meus processos. O uso do arquivo de paginação chegou a passar de 900.

"winmds" é um arquivo executável de um tipo de malware que estava agendando tarefas, o processo é parecido como update de antivirus, e por isso havia uma lista enorme de jobs, ou seja, muitas tarefas agendadas pelo malware e seu pc sofreu uma sobrecarga.

 

Você executou o FindLop e não foi achado mais nada?

 

Também quero saber se posso deletar a pasta QooBox

Antes de deletar essa pasta "QooBox" é muito importante ter a certeza de que a pasta System32 está na pasta do "Windows", como exemplo: C:\Windows\System32.

 

Então, veja se a pasta System32 está no lugar correto, depois de ter essa certeza... está tudo certo para deletar o QooBox. Seu Sistema Operacional está funcionando normalmente, certo?

 

Seu log do HijackThis não apresentou mais entradas maliciosas

Há ainda algum problema?

 

Abraços!

[eduardo_elv 0]

Lídia,O FindLoop não acusa nadaA bendita system32 está no windowsO pc está funcionando à todo o vaporObrigado por me ajudar tanto tempo, ainda bem que existem pessoas como você que ajudam nós, pobres leigos, a resolverem seus problemas.Tenha uma boa semana!Bjs!

[Shine 0]

Opa!!!

 

Que otimo que tudo deu certo!

 

Desabilite e reabilite a Restauração do Sistema para finalizar.

 

Precisando de algo mais nos procure.

 

Um grande abraço!! :)