E Wimad-vírus??

jonofisher · #1 21. Set 2008, 16:43

HI Evil Fantasy - Estou tendo um problema semelhante ao que o outro usuário aqui. Tenho baixado e executar o combofix, o volume de produção, o que é inferior. Gostaria de receber qualquer ajuda que você pode ser capaz de proporcionar. Sei que o arquivo que o trojan entrou em - i tentaram eliminá-lo, mas o Windows não me deixa - diz que está em uso. Qualquer pensamento seria muito bem-vindos.

Obrigado

ComboFix 08-09-20.05 - Administrador 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Executando de: C: \ Documents and Settings \ Administrador \ Desktop \ ComboFix.exe
* Criado um novo ponto restaurar
ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
.
((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ publicidade publicidade [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ hits. gureport.co [1]. txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ notícias. uk.msn [2]. txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ revsc i [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ rtm [6]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ servi ng-sys [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ speci ficclick [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ Doubler comércio [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrador @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrador \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Arquivos criados a partir de 2008/08/21 a 2008/09/21 ))))))))))) ))))))))))))))))))))
.
2008/09/22 00:28. 2008/09/16 01:03 <dir> d -------- C: \ 32788R22FWJFW
2008/09/22 00:00. 2008/09/22 00:00 <dir> d -------- C: \ Program Files \ Exterminar It!
2008/09/14 21:22. 2008/04/14 01:12 221,184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008/09/14 20:54. 2008/09/14 20:54 <dir> d -------- C: \ WINDOWS \ system32 \ scripts
2008/09/14 20:54. 2008/09/14 20:54 <dir> d -------- C: \ WINDOWS \ system32 \ pt
2008/09/14 20:54. 2008/09/14 20:54 <dir> d -------- C: \ WINDOWS \ l2schemas
2008/09/14 20:27. 2008/04/13 18:28 2940928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008/09/14 20:26. 2008/04/14 01:10 844,314 --------- C: \ WINDOWS \ system32 \ dllcache \ Msdxm.ocx
2008/09/13 18:04. 2008/09/13 18:04 <dir> d -------- C: \ Program Files \ Java
2008/09/13 18:04. 2008/09/13 18:05 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ LimeWire
2008/09/13 18:04. 2008/06/10 02:32 73,728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008/09/13 18:03. 2008/09/13 18:03 <dir> d -------- C: \ Program Files \ Common Files \ Java
2008/09/13 18:00. 2008/09/13 18:00 <dir> d -------- C: \ Program Files \ LimeWire
2008/09/13 12:43. 2008/09/13 12:43 <dir> d -------- C: \ Program Files \ iDump
2008/09/13 12:08. 2008/09/13 12:08 <dir> d -------- C: \ Program Files \ iTunes
2008/09/13 12:08. 2008/09/13 12:08 <dir> d -------- C: \ Program Files \ iPod
2008/09/13 12:08. 2008/09/13 12:08 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008/09/13 12:08. 2008/09/13 12:08 <dir> d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Apple Computer
2008/09/13 12:08. 2008/04/17 13:12 107,368 - a ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008/09/13 12:08. 2008/04/17 13:12 15,464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys
2008/09/13 12:07. 2008/09/13 12:07 <dir> d -------- C: \ Program Files \ QuickTime
2008/09/13 12:07. 2008/09/13 12:07 <dir> d -------- C: \ Program Files \ Bonjour
2008/09/13 12:07. 2008/09/13 12:07 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008/09/13 12:06. 2008/09/13 12:06 <dir> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008/09/13 12:06. 2008/09/13 12:06 <dir> d -------- C: \ Program Files \ Common Files \ Apple
2008/09/13 12:06. 2008/09/13 12:06 <dir> d -------- C: \ Program Files \ Apple Software Update
2008/09/13 12:06. 2008/09/13 12:06 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008/09/06 15:09. 2008/09/06 15:09 90,112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008/09/06 15:09. 2008/09/06 15:09 57,344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008/08/29 10:18. 2008/08/29 10:18 87,336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008/08/29 09:53. 2008/08/29 09:53 61,440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/08/03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrador \ Application Data \ skypePM
2008/08/03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrador \ Application Data \ Skype
2008/08/03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008/08/03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008/08/03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008/07/18 21:10 94,920 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008/07/18 21:10 94,920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008/07/18 21:10 53,448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008/07/18 21:10 53,448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuauclt.exe
2008/07/18 21:10 45,768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008/07/18 21:10 36,552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008/07/18 21:10 36,552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008/07/18 21:09 563,912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008/07/18 21:09 563,912 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008/07/18 21:09 325,832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008/07/18 21:09 325,832 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008/07/18 21:09 205,000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008/07/18 21:09 205,000 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008/07/18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008/07/18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Wuaueng.dll
2008/07/07 20:26 253,952 ---- aw C: \ WINDOWS \ system32 \ Es.dll
2008/07/07 20:26 253,952 ------ w C: \ WINDOWS \ system32 \ dllcache \ Es.dll
2008/06/26 08:15 619,520 ------ w C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2008/06/26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2008/06/24 16:43 74,240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008/06/24 16:43 74,240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008/06/23 15:09 666,112 ---- aw C: \ WINDOWS \ system32 \ wininet.dll
2008/06/23 15:09 666,112 ------ w C: \ WINDOWS \ system32 \ dllcache \ wininet.dll
2008/06/23 15:09 3.067.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001/10/11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003/06/27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Arquivos de Programas \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Arquivos de Programas \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Arquivos de Programas \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 TrackPoint Driver; C: \ WINDOWS \ system32 \ DRIVERS \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (f1882860-129-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* Serviço recém-criado * - PROCEXP90
.
Conteúdo da 'Tarefas agendadas' pasta
.
.
Scan Suplementar ------- -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / ie
R1 -: HKCU-Internet Settings, ProxyOverride = *. local
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xportar para o Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ System32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
5/1/2600 Windows Service Pack 3 FAT NTAPI
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
ficheiros ocultos: 0
************************************************** ************************
.
--------------------- DLLs Loaded Sob Running Processes ---------------------
PROCESS: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Conclusão tempo: 2008/09/22 0:33:07
ComboFix-quarantined-files.txt 2008-09-21 23:33:06
Pré-Run: 9484075008 bytes livres
Post-Run: 9686056960 bytes livres
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 21. Set 2008, 17:37

Baixar TrendMicro HijackThis.exe (HJT) ao desktop.

Dê um duplo clique sobre HJTInstall.
Clique sobre a Instalar botão.
Será automaticamente no lugar HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Após a instalação, HijackThis deve abrir para você.
Clique sobre a Faça um sistema de digitalizar e salvar um arquivo de log botão
HijackThis fará a varredura e, em seguida, será aberto um log no Bloco de Notas.
Copie e cole todo o conteúdo do log em sua postagem.
Não HijackThis correção tem nada ainda. A maior parte do que ele encontra serão inofensivos ou até mesmo necessária.

jonofisher · #3 21. Set 2008, 23:43

Obrigado pela ajuda. saída do arquivo abaixo:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 07:40:46, em 22/09/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (regente) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner Classe) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Controle) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
Fim do processo - 6502 bytes

**evilfantasy** · #4 22. Set 2008, 07:42

Não vejo qualquer malware, o que você está tendo problemas?

Você pode executar os exames aqui http://www.computer-juice.com/forums...-posting-7476/ e post os logs quando completa. Olhe para o AVG informações. Você precisa atualizar o seu.

jonofisher · #5 22. Set 2008, 10:38

Oi Evilfantasy - thanks. O problema é este: Um suspeito foi descarregado a partir de mp3 limewire. Acho que foi clicado em dupla, e certamente foi uma tentativa de carregar no iTunes. (No entanto, não terá sido executado com os media player - não use isso - é que isso importa como eu li algures que wimad utiliza janelas mediaplayer vulnerabilidade). Eu então digitalizado o arquivo com o AVG, que pegou Wimad E. Mas parece que vai me deixar quarentena ou apagá-lo ainda mais, se eu tente e apagar o arquivo, o Windows diz que o arquivo está em uso e, portanto, não pode ser eliminado .

Vou passar os passos que você sugere em outra página.

Obrigado

**evilfantasy** · #6 22. Set 2008, 10:41

Post o log de MalwareBytes. Se não encontrá-lo, vamos utilizar um outro scanner para encontrá-lo.

Similar Threads
Fio	Thread Starter	Fórum	Respostas	Última postagem
Vírus Pergunta - Alguém pode me dizer se eu possa ter um vírus	billozz	Vírus, spyware e Segurança	1	2. De abril de 2009 13:58
Meus amigos MAC tem um vírus ... umm ... sim ... um vírus ...	cheesepuff	Vírus, spyware e Segurança	3	29. De outubro de 2008 12:58
I podem ter apenas um vírus.	xXeneXx	Vírus, spyware e Segurança	2	28. De outubro de 2008 17:26
Por favor, por favor Pleeease Ajuda, Wimad-E vírus??	LiamRepiso	Vírus, spyware e Segurança	16	2008 Sep 10. 04:39
Vírus	lolli_pop	Vírus, spyware e Segurança	13	17. De novembro de 2007 09:42