[Arquivado] Trojan Horse Downloader Generic6.wgf

[Fernando Bigi 0]

Pessoal estou infectado pelo virus TROJAN HORSE DOWNLOADER GENERIC6.WGF

 

Alguém pode me ajudar ???

 

Segue meu log do combofix.

 

 

ComboFix 07-11-19.4C - Fernando 2007-11-30 15:00:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1046.18.174 [GMT -2:00]

Executando de: C:\Documents and Settings\Fernando\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))

.

 

2007-11-30 14:54 <DIR> d-------- C:\WINDOWS\system32\bits

2007-11-30 14:53 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll

2007-11-30 14:53 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

2007-11-30 14:53 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2007-11-30 14:53 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll

2007-11-30 14:53 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll

2007-11-30 14:53 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll

2007-11-30 14:53 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2007-11-30 14:48 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-11-30 14:48 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-11-30 14:48 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2007-11-30 14:48 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-11-30 14:48 53,080 --a--c--- C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-11-30 14:48 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-11-30 14:48 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2007-11-30 14:48 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-11-30 14:48 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2007-11-30 14:48 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2007-11-30 14:48 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2007-11-30 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\MailFrontier

2007-11-30 13:53 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-11-30 13:52 75,248 --a------ C:\WINDOWS\zllsputility.exe

2007-11-30 13:51 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-11-30 13:51 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-11-30 13:51 353,247 --a------ C:\WINDOWS\system32\vsconfig.xml

2007-11-30 13:50 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-11-30 13:50 <DIR> d-------- C:\Arquivos de programas\Zone Labs 7

2007-11-30 00:11 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2007-11-30 00:11 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2007-11-30 00:11 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2007-11-30 00:11 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2007-11-30 00:11 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2007-11-30 00:11 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2007-11-30 00:11 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2007-11-30 00:11 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-11-29 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2007-11-29 16:19 <DIR> d-------- C:\Arquivos de programas\Avira

2007-11-29 16:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-11-29 16:06 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-11-28 18:48 <DIR> d-------- C:\Arquivos de programas\Avast Alwil Software

2007-11-28 18:48 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-11-28 18:48 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-11-28 18:48 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-11-28 18:48 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-11-28 18:48 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-27 20:08 <DIR> d-------- C:\WINDOWS\rdrive

2007-11-27 17:11 0 --a------ C:\WINDOWS\system32\View.exe

2007-11-27 11:52 <DIR> d-------- C:\Arquivos de programas\PacSteam

2007-11-23 22:35 2,484 --a------ C:\WINDOWS\system32\lol.exe

2007-11-22 15:42 93,440 --a------ C:\WINDOWS\system32\dpseria.dll

2007-11-22 14:14 <DIR> d-------- C:\Arquivos de programas\Dcads Advanced Toolbar

2007-11-21 23:14 <DIR> d-------- C:\Arquivos de programas\Steam Valve PC

2007-11-21 18:37 104 --a------ C:\WINDOWS\system32\appmr.dll

2007-11-20 18:43 2,920 --a------ C:\WINDOWS\system32\Gothic.exe

2007-11-16 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-11-14 17:40 36,864 --a------ C:\WINDOWS\system32\hbn.exe

2007-11-12 18:39 2,920 --a------ C:\WINDOWS\system32\kl.exe

2007-11-12 18:39 71 --a------ C:\WINDOWS\system32\i

2007-11-10 18:11 0 --a------ C:\WINDOWS\system32\bmr.exe

2007-10-30 17:36 0 --a------ C:\WINDOWS\system32\msv.exe

2007-10-28 11:00 0 --a------ C:\WINDOWS\system32\winsvc32.exe

2007-10-17 15:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe

2007-10-05 17:16 <DIR> d-------- C:\Documents and Settings\Fernando\.jSMS

2007-10-03 19:34 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-10-01 19:42 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-30 15:47 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\AVG7

2007-11-29 13:03 --------- d-----w C:\Documents and Settings\Geral\Dados de aplicativos\AVG7

2007-11-27 19:39 --------- d-----w C:\Arquivos de programas\Valve

2007-11-27 17:22 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Skype

2007-11-26 23:33 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\LimeWire

2007-11-25 01:25 19,200 ----a-w C:\WINDOWS\system32\drivers\xmwqvxal.dat

2007-11-25 00:37 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy 1.4

2007-10-21 14:11 --------- d-----w C:\Arquivos de programas\LimeWire 4.0

2007-10-17 21:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-10-01 21:23 --------- d-----w C:\Arquivos de programas\coolpro2

2007-09-20 23:23 16,752 ----a-w C:\Documents and Settings\Fernando\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-08-31 22:26 45,056 ----a-w C:\WINDOWS\system32\cdrtc.dll

2007-08-31 22:26 45,056 ----a-w C:\WINDOWS\system32\cdral.dll

2007-08-31 22:26 40,960 ----a-w C:\WINDOWS\uneng.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

C:\WINDOWS\System32\spads.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6BC1136-993A-441F-B73A-F578D18E00D1}]

2001-10-28 16:06 93440 --a------ C:\WINDOWS\System32\dpseria.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}]

C:\WINDOWS\System32\nst22.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-28 16:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 17:51]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-08-30 19:11]

"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-06-18 04:25 C:\WINDOWS\system32\NVATray.exe]

"WatchDog"="C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]

"AdaptecDirectCD"="C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-14 12:34]

"avast!"="C:\ARQUIV~1\AVASTA~1\AVAST4~1.104\ashDisp.exe" [2007-09-06 07:06]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-29 16:25]

"NvCplDaemon"="RUNDLL32.exe" [2001-10-28 16:07 C:\WINDOWS\system32\rundll32.exe]

"ZoneAlarm Client"="C:\Arquivos de programas\Zone Labs 7\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-28 16:06]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-24 17:51]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office XP\Office10\OSA.EXE [2001-02-13 10:01:04]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=NVDESK32.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RunDLL32.exe NvMCTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\spads.dll DllVerify

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Arquivos de programas\Steam Valve PC\Steam.exe -silent

 

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys

R0 voesvjwd;voesvjwd;C:\WINDOWS\System32\drivers\xmwqvxal.dat

R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys

S2 System Procedure Call;System Procedure Call;"C:\WINDOWS\system32\svshost.exe"

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s

 

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-30 15:09:50

Windows 5.1.2600 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusÆo: 2007-11-30 15:10:55 - machine was rebooted

.

--- E O F ---

[DigRam 144]

Bom Dia Fernando Bigi!

 

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na guia Inicializar,marque tôdos os ítens e confirme!

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo para êste Tópico. Não crie outro!

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.