Publicado em 27 de dez.

[Resolvido!] PC travando e abrindo páginas

#topicos-resolvidos-seguranca-malwares

Olá, pessoal estou novamente precisando da ajuda de vcs!!! Não sei mais o que fazer!! Grato Altair!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:23, on 27/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\QuickTime\QTTask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\twumk.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Altair.HOME\Configurações locais\Temporary Internet Files\Content.IE5\TIGEHO6T\HiJackThis[2].exe

C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXNHWQK.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: {b2755231-0b14-6dc9-be34-bedbe901145c} - {c541109e-bdeb-43eb-9cd6-41b01325572b} - C:\WINDOWS\system32\tefmey.dll

O2 - BHO: (no name) - {C7EF6252-DF2E-4622-B55A-D25E0736DFF3} - C:\WINDOWS\system32\cbXOFvUK.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\LEC\Translate DotNet\LEC IE Translation Extension.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [84af38f1] rundll32.exe "C:\WINDOWS\system32\swuwcsdo.dll",b

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200439285468

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214509059609

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{387FC9CF-08B4-459B-9E10-A3DC53457045}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{387FC9CF-08B4-459B-9E10-A3DC53457045}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS2\Services\Tcpip\..\{387FC9CF-08B4-459B-9E10-A3DC53457045}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS3\Services\Tcpip\..\{387FC9CF-08B4-459B-9E10-A3DC53457045}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\arquiv~1\bandoo\bndhook.dll,avgrsstx.dll tefmey.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing)

O20 - Winlogon Notify: cbXNHWQK - C:\WINDOWS\SYSTEM32\cbXNHWQK.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

End of file - 12214 bytes

Discussão (11)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

DigRam· 28 de dez.

Boa Tarde! altasena

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

altasena· 28 de dez.

Boa Tarde! altasena

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Olá amigo fiz o que você pediu!!! Muito grato !! UM abraço!

ComboFix 08-12-28.01 - Altair 2008-12-28 18:16:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.452 [GMT -2:00]

Executando de: c:\documents and settings\Altair.HOME\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free On-access scanning disabled (Outdated)

* Criado um novo ponto de restauro

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\arquivos de programas\Antivirus 2009

c:\arquivos de programas\Antivirus 2009\av2009.exe

c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\pi.exe

c:\windows\system32\amjgjc.dll

c:\windows\system32\Cache

c:\windows\system32\cbXNHWQK.dll

c:\windows\system32\cbXOFvUK.dll

c:\windows\system32\cmifrr.dll

c:\windows\system32\efcBrOhh.dll

c:\windows\system32\eijscg.dll

c:\windows\system32\erkfykas.dll

c:\windows\system32\fluqfwcb.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gegsvdwq.dll

c:\windows\system32\ieupdates.exe

c:\windows\system32\Implode.dll

c:\windows\system32\jmgnlsib.dll

c:\windows\system32\KUvFOXbc.ini

c:\windows\system32\KUvFOXbc.ini2

c:\windows\system32\odscwuws.ini

c:\windows\system32\ogkdymgg.ini

c:\windows\system32\qwdvsgeg.ini

c:\windows\system32\tefmey.dll

c:\windows\system32\xywgaeve.dll

----- BITS: Sites possivelmente infetados -----

hxxp://childhe.com

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Legacy_GBPSV

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-28 to 2008-12-28 ))))))))))))))))))))))))))))

2008-12-27 14:03 . 2008-12-27 14:05 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Lavasoft

2008-12-27 12:26 . 2008-12-27 12:25 401,720 --a------ C:\HiJackThis.exe

2008-12-24 22:45 . 2008-12-24 22:45	<DIR>	d--------	c:\documents and settings\Altair.HOME\Dados de aplicativos\Babylon

2008-12-24 22:45 . 2008-12-24 22:45	<DIR>	d--------	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Babylon

2008-12-24 22:44 . 2008-12-24 22:44 45,056 --a------ c:\windows\system32\jkkjIbxy.dll

2008-12-22 21:07 . 2008-12-28 14:08	<DIR>	d--h-----	C:\$AVG8.VAULT$

2008-12-22 18:09 . 2008-12-24 19:49	<DIR>	d--------	c:\windows\system32\Prefetchxs

2008-12-22 18:09 . 2008-12-28 14:28	<DIR>	d--------	c:\windows\system32\CatRoot_3

2008-12-22 18:09 . 2008-12-22 18:09 478,064 ---hs---- c:\windows\system32\twumk.exe

2008-12-22 18:08 . 2008-12-22 18:09 1,127,936 ---hs---- c:\windows\system32\jumps.exe

2008-12-16 14:08 . 2008-12-16 14:08 268 --ah----- C:\sqmdata18.sqm

2008-12-16 14:08 . 2008-12-16 14:08 244 --ah----- C:\sqmnoopt18.sqm

2008-12-14 22:14 . 2008-12-14 22:15	<DIR>	d--------	c:\arquivos de programas\milhao

2008-12-14 22:10 . 2008-12-14 22:10	<DIR>	d--------	C:\ACROREAD

2008-12-14 22:10 . 2008-12-14 22:10 103 --a------ c:\windows\~ACROBAT.TMP

2008-12-14 22:09 . 2008-12-14 22:10	<DIR>	d--------	c:\windows\UNWISE

2008-12-14 22:09 . 2008-12-14 22:10	<DIR>	d--------	c:\arquivos de programas\TOONWORX

2008-12-14 22:09 . 2000-01-01 23:20 72,960 --a------ c:\windows\system\P3LIB250.DLL

2008-12-14 22:09 . 2000-01-01 23:20 54,272 --a------ c:\windows\system\P3LIB200.DLL

2008-12-14 22:09 . 2000-01-01 23:20 29,354 --a------ c:\windows\system\WEMU387.386

2008-12-14 22:09 . 2000-01-01 23:20 5,195 --a------ c:\windows\system\DVA.386

2008-12-14 22:09 . 2008-12-14 22:10 207 --a------ c:\windows\TOONWORX.INI

2008-12-14 22:03 . 2008-12-14 22:03 <DIR> d-------- C:\WALLY

2008-12-14 22:03 . 1995-03-16 10:02 53,456 --a------ c:\windows\system\IP20.DRV

2008-12-14 22:02 . 1996-01-12 12:22 246,784 --a------ c:\windows\UN160416.EXE

2008-12-14 22:02 . 1995-08-15 13:56 160,084 --a------ c:\windows\system\CDTEST.DLL

2008-12-14 22:02 . 2000-01-01 23:20 26,000 --a------ c:\windows\system\CTL3D.DLL

2008-12-14 22:02 . 1995-05-10 22:30 12,672 --a------ c:\windows\system\DCVIDEO.DLL

2008-12-06 23:10 . 2008-12-06 23:10 <DIR> d-------- C:\Games

2008-12-03 21:38 . 2008-12-03 22:54 377,211,788 --a------ C:\top_setup_1.37.exe.sl

2008-12-02 09:09 . 2008-12-02 09:09 268 --ah----- C:\sqmdata17.sqm

2008-12-02 09:09 . 2008-12-02 09:09 244 --ah----- C:\sqmnoopt17.sqm

2008-11-29 15:40 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

2008-11-29 09:44 . 2001-02-12 15:56 45,568 --a------ c:\windows\UniFish3.exe

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-12-27 16:04 --------- d-----w c:\arquivos de programas\Lavasoft

2008-12-27 16:03 --------- d-----w c:\documents and settings\Altair.HOME\Dados de aplicativos\Lavasoft

2008-12-27 16:02 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-12-25 00:44 --------- d-----w c:\arquivos de programas\eMule

2008-12-22 20:14 --------- d-----w c:\arquivos de programas\GbPlugin

2008-12-17 02:03 --------- d-----w c:\documents and settings\Altair.HOME\Dados de aplicativos\Image Zone Express

2008-12-13 20:28 --------- d-----w c:\arquivos de programas\Java

2008-12-11 20:10 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Microsoft Help

2008-12-11 13:24 --------- d-----w c:\documents and settings\Altair.HOME\Dados de aplicativos\Skype

2008-12-09 14:09 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-26 23:43 --------- d-----w c:\documents and settings\Altair.HOME\Dados de aplicativos\zweitgeist

2008-11-26 23:43 --------- d-----w c:\arquivos de programas\weblin

2008-11-24 14:14 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-11-24 14:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg8

2008-11-14 11:40 --------- d-----w c:\arquivos de programas\O Resgate dos Bichos - CD 2

2008-11-14 10:50 90,112 ----a-w c:\windows\Cuninst.exe

2008-11-03 20:35 --------- d-----w c:\arquivos de programas\gamespeed

2008-11-01 13:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2008-10-31 22:36 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-10-31 22:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-10-30 23:00 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-30 21:05 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-10-30 20:32 --------- d-----w c:\arquivos de programas\Microsoft Office Outlook Connector

2008-10-30 20:03 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-30 19:50 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-10-23 11:07 1,188,152 ----a-w c:\windows\Sempre Roupa Nova.scr

2008-10-22 18:15 178,591 ----a-w C:\bankerfix.exe

2008-03-03 16:07 92,064 ----a-w c:\documents and settings\Altair.HOME\mqdmmdm.sys

2008-03-03 16:07 9,232 ----a-w c:\documents and settings\Altair.HOME\mqdmmdfl.sys

2008-03-03 16:07 79,328 ----a-w c:\documents and settings\Altair.HOME\mqdmserd.sys

2008-03-03 16:07 66,656 ----a-w c:\documents and settings\Altair.HOME\mqdmbus.sys

2008-03-03 16:07 6,208 ----a-w c:\documents and settings\Altair.HOME\mqdmcmnt.sys

2008-03-03 16:07 5,936 ----a-w c:\documents and settings\Altair.HOME\mqdmwhnt.sys

2008-03-03 16:07 4,048 ----a-w c:\documents and settings\Altair.HOME\mqdmcr.sys

2008-03-03 16:07 25,600 ----a-w c:\documents and settings\Altair.HOME\usbsermptxp.sys

2008-03-03 16:07 22,768 ----a-w c:\documents and settings\Altair.HOME\usbsermpt.sys

2008-11-23 23:48 67,696 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2008-11-23 23:48 54,376 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2008-11-23 23:48 34,952 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2008-11-23 23:48 46,720 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2008-11-23 23:48 172,144 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 20058152]

"PhotoShow Deluxe Media Manager"="c:\arquiv~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 212992]

"twumk.exe"="c:\windows\system32\twumk.exe" [2008-12-22 478064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-05-13 32768]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\Altair.HOME\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

Sum rio do OneNote.onetoc2 [2008-04-15 3656]

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

ATI CATALYST System Tray.lnk - c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe [2005-05-13 32768]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

LightSurf.lnk - c:\arquivos de programas\LightSurf\Common\IconMgr.exe [2008-04-18 98304]

Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Documents and Settings\\Altair.HOME\\Meus documentos\\eMule0.46c\\emule.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Altair.HOME\\Dados de aplicativos\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-24 97928]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-11-24 231704]

R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\arquivos de programas\HWiNFO32\HWiNFO32.SYS [2006-04-05 7040]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []

S3 XDva081;XDva081;\??\c:\windows\system32\XDva081.sys []

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job

c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-12-28 c:\windows\Tasks\okvtgigf.job

c:\windows\system32\rundll32.exe [2008-04-14 00:21]

- - - ORFÃOS REMOVIDOS - - - -

BHO-{4c956910-c391-4da7-8b81-3a2feefd6a37} - c:\windows\system32\amjgjc.dll

BHO-{C025DEA7-A297-406D-9FA7-A62C66973A3D} - c:\windows\system32\cbXOFvUK.dll

HKCU-Run-Nero PhotoShow Media Manager - c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

HKCU-Run-ares - c:\arquivos de programas\Ares\Ares.exe

HKLM-Run-WinampAgent - c:\arquivos de programas\Winamp\winampa.exe

HKLM-Run-NWEReboot - (no file)

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquiv~1\GbPlugin\gbiehabn.dll

Notify- GbPluginAbn - c:\arquiv~1\GbPlugin\gbiehabn.dll

------- Scan Suplementar -------

uStart Page = hxxp://www.globo.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}

hxxp://www.powerchallenge.com/applet/PowerLoader.cab

c:\windows\Downloaded Program Files\PowerLoader.inf

O16 -: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

c:\windows\Downloaded Program Files\GbPluginABN.inf

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 18:24:53

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

------------------------ Outros Processos em Execução ------------------------

c:\windows\system32\ati2evxx.exe

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\ati2evxx.exe

c:\arquivos de programas\LightSurf\Colorific\hgcctl95.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\arquivos de programas\LightSurf\Color Indicator\TICIcon.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\UAService7.exe

c:\windows\system32\searchindexer.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

**************************************************************************

Tempo para conclusão: 2008-12-28 18:29:36 - Máquina reiniciou [Altair]

ComboFix-quarantined-files.txt 2008-12-28 20:29:11

Pré-execução: 41 pasta(s) 19.734.994.944 bytes disponíveis

Pós execução: 41 pasta(s) 20,452,155,392 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

276 --- E O F --- 2008-12-19 21:40:20

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:35:05, on 28/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\QuickTime\QTTask.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\twumk.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\LightSurf\Common\IconMgr.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Altair.HOME\Desktop\HiJackThis.exe