[Arquivado] Conta wow hackeada

bossnia · Novembro 20, 2008

Hackearam a conta do wow e o antivirus encontrou virus na máquina e no pendrive. Formatei a máquina depois de limpar o pen pelo antivirus e agora, com o windows limpo o hijackthis encontrou virus novamente.

A máquina está somente com o windows e o virus, preciso dela e não posso usa-la antes de resolver este problema.

Lendo o forum vi que existe um software chamado usbfix que gera um log também. Rodei e estou enviando o lod do hijackthis e do usbfix.

Mestres, como devo proceder?

Segue o log do hijack this:

Logfile of HijackThis v1.99.1

Scan saved at 18:12:21, on 20/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Bibi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

log do usbfix:

-------------- UsbFix V2.410 ---------------

* User : Bibi - BIBIA

* Outils mis a jours le 20/11/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 18:57:27 le qui 20/11/2008

* Windows Xp - Internet Explorer 7.0.5730.13

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\DOCUME~1\Bibi\CONFIG~1\Temp\1.tmp\b2e.exe

C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\kamsoft.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\sistray.exe

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco fixo

E: - Unidade de disco remov¡vel

+- Contenu de l'autorun : C:\autorun.inf

;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls

24j

[AutoRun]

;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3D

aAw2d42wK

open=abk.bat

;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc

shell\open\Command=abk.bat

;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3

shell\open\Default=1

;FDnA071sso329Kd383kjK2K

shell\explore\Command=abk.bat

;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS

3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl

+- Contenu de l'autorun : E:\autorun.inf

;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls

24j

[AutoRun]

;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3D

aAw2d42wK

open=abk.bat

;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc

shell\open\Command=abk.bat

;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3

shell\open\Default=1

;FDnA071sso329Kd383kjK2K

shell\explore\Command=abk.bat

;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS

3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl

--------------- [ Lecteur C ] ----------------

C: - Unidade de disco fixo

+- Listing des fichiers présents :

[20/11/2008 00:00][-r-hs----] C:\abk.bat

[20/11/2008 00:00][-r-hs----] C:\AUTOEXEC.BAT

[14/04/2008 09:00][-rahs----] C:\NTDETECT.COM

[19/11/2008 22:51][---hs----] C:\boot.ini

[20/11/2008 18:56][-r-hs----] C:\autorun.inf

[20/11/2008 18:57][--a------] C:\UsbFix.txt

[19/11/2008 22:56][--a------] C:\CONFIG.SYS

[19/11/2008 22:56][--a------] C:\IO.SYS

[19/11/2008 22:56][--a------] C:\MSDOS.SYS

--------------- [ Lecteur E ] ----------------

E: - Unidade de disco remov¡vel

+- Listing des fichiers présents :

[20/11/2008 00:00][-r-hs----] E:\abk.bat

[20/11/2008 18:56][-r-hs----] E:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

kamsoft=C:\WINDOWS\system32\kamsoft.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

SunJavaUpdateSched="C:\Arquivos de programas\Java\jre1.6.0\bin\jusched.exe"

SiSPower=Rundll32.exe SiSPower.dll,ModeAgent

SynTPStart=C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

SMSERIAL=C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

BisonHK=C:\WINDOWS\BisonCam\BisonHK.exe

RTHDCPL=RTHDCPL.EXE

Alcmtr=ALCMTR.EXE

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [20/11/2008 00:00] C:\WINDOWS\system32\kamsoft.exe

C:\autorun.inf ~> fichier appelé : "C:\abk.bat" ( présent ! )

Supprimé ! - C:\abk.bat

E:\autorun.inf ~> fichier appelé : "E:\abk.bat" ( présent ! )

Supprimé ! - E:\abk.bat

Supprimé ! - [20/11/2008 18:56][-r-hs----] C:\autorun.inf

Supprimé ! - [20/11/2008 18:56][-r-hs----] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[19/11/2008 22:56][--a------] C:\AUTOEXEC.BAT

[14/04/2008 09:00][-rahs----] C:\NTDETECT.COM

[19/11/2008 22:51][---hs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------

MGuitar · Novembro 20, 2008

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

bossnia · Novembro 20, 2008

Impressionante a sua velocidade de resposta!!!

segue o log:

ComboFix 08-11-19.08 - Bibi 2008-11-20 20:08:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2575 [GMT -2:00]

Executando de: c:\documents and settings\Bibi\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\gasretyw0.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))

.

2008-11-20 18:54 . 2008-11-20 20:04 <DIR> d-------- c:\arquivos de programas\UsbFix

2008-11-20 18:17 . 2008-11-20 18:17 0 --a------ c:\windows\nsreg.dat

2008-11-20 00:00 . 2008-11-20 00:00 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll

2008-11-19 23:33 . 2008-11-19 23:33 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-19 23:22 . 2008-11-19 23:22 <DIR> d-------- c:\windows\system32\Lang

2008-11-19 23:22 . 2008-11-19 23:22 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2008-11-19 23:22 . 2008-11-19 23:22 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2008-11-19 23:21 . 2008-11-19 23:21 <DIR> d-------- c:\arquivos de programas\Realtek

2008-11-19 23:20 . 2008-11-19 23:20 <DIR> d----c--- c:\windows\system32\DRVSTORE

2008-11-19 23:19 . 2008-11-19 23:20 <DIR> d-------- c:\windows\OPTIONS

2008-11-19 23:19 . 2008-11-19 23:19 <DIR> d-------- c:\arquivos de programas\Motorola

2008-11-19 23:19 . 2007-12-26 00:20 288,000 --a------ c:\windows\system32\drivers\rtl8187B.sys

2008-11-19 23:19 . 2007-12-26 00:20 288,000 --a------ c:\windows\system\rtl8187B.sys

2008-11-19 23:18 . 2008-11-19 23:18 <DIR> d-------- c:\documents and settings\Bibi\Dados de aplicativos\InstallShield

2008-11-19 23:18 . 2008-11-19 23:18 <DIR> d-------- c:\arquivos de programas\Synaptics

2008-11-19 23:18 . 2008-11-19 23:18 <DIR> d-------- c:\arquivos de programas\sisagp

2008-11-19 23:18 . 2008-11-19 23:18 <DIR> d-------- c:\arquivos de programas\REALTEK RTL8187B Wireless LAN Driver

2008-11-19 23:18 . 2008-11-19 23:21 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2008-11-19 23:17 . 2008-11-19 23:18 <DIR> d-------- c:\arquivos de programas\SiS VGA Utilities V3.83

2008-11-19 23:11 . 2008-11-19 23:18 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-19 23:11 . 2008-11-19 23:18 128,869 --a------ c:\windows\system32\VGAunistlog.ini

2008-11-19 23:08 . 2007-01-19 01:38 983,936 --a------ c:\windows\system32\drivers\smserial.sys

2008-11-19 23:08 . 2007-01-19 01:34 196,608 --a------ c:\windows\system32\sm56co6a.dll

2008-11-19 23:08 . 2008-01-23 00:07 77,968 --a------ c:\windows\system32\drivers\jmcr.sys

2008-11-19 23:08 . 2008-03-03 02:00 43,392 --a------ c:\windows\system32\drivers\SiSGbeXP.sys

2008-11-19 23:07 . 2008-04-13 11:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2008-11-19 23:04 . 2008-11-19 23:04 <DIR> d---s---- c:\windows\system32\Microsoft

2008-11-19 23:04 . 2008-11-19 23:04 <DIR> d-------- c:\documents and settings\LocalService\Dados de aplicativos

2008-11-19 23:04 . 2008-11-20 20:08 <DIR> d--h----- c:\documents and settings\LocalService\Configurações locais

2008-11-19 23:04 . 2008-11-19 23:04 <DIR> d--hs---- c:\documents and settings\LocalService

2008-11-19 23:04 . 2008-11-19 22:53 <DIR> d--h----- c:\documents and settings\Bibi\Modelos

2008-11-19 23:04 . 2008-11-19 23:05 <DIR> dr------- c:\documents and settings\Bibi\Meus documentos

2008-11-19 23:04 . 2008-11-19 20:48 <DIR> dr------- c:\documents and settings\Bibi\Menu Iniciar

2008-11-19 23:04 . 2008-11-19 23:05 <DIR> dr------- c:\documents and settings\Bibi\Favoritos

2008-11-19 23:04 . 2008-11-20 18:17 <DIR> dr-h----- c:\documents and settings\Bibi\Dados de aplicativos

2008-11-19 23:04 . 2008-11-20 20:08 <DIR> d--h----- c:\documents and settings\Bibi\Configurações locais

2008-11-19 23:04 . 2008-11-19 20:48 <DIR> d--h----- c:\documents and settings\Bibi\Ambiente de rede

2008-11-19 23:04 . 2008-11-19 20:48 <DIR> d--h----- c:\documents and settings\Bibi\Ambiente de impressão

2008-11-19 23:04 . 2008-11-19 23:04 <DIR> d-------- c:\documents and settings\Bibi

2008-11-19 23:03 . 2008-11-19 23:03 <DIR> d-------- c:\documents and settings\NetworkService\Dados de aplicativos

2008-11-19 23:03 . 2008-11-20 20:08 <DIR> d--h----- c:\documents and settings\NetworkService\Configurações locais

2008-11-19 23:03 . 2008-11-19 23:03 <DIR> d--hs---- c:\documents and settings\NetworkService

2008-11-19 23:03 . 2008-11-19 23:03 8,192 --a------ c:\windows\REGLOCS.OLD

2008-11-19 23:02 . 2008-11-19 22:53 <DIR> d--h----- c:\windows\system32\config\systemprofile\Modelos

2008-11-19 23:02 . 2008-11-19 20:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Meus documentos

2008-11-19 23:02 . 2008-11-19 20:48 <DIR> dr------- c:\windows\system32\config\systemprofile\Menu Iniciar

2008-11-19 23:02 . 2008-11-19 20:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Favoritos

2008-11-19 23:02 . 2008-11-19 22:58 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Dados de aplicativos

2008-11-19 23:02 . 2008-11-20 20:08 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Configurações locais

2008-11-19 23:02 . 2008-11-19 20:48 <DIR> d--h----- c:\windows\system32\config\systemprofile\Ambiente de rede

2008-11-19 23:02 . 2008-11-19 20:48 <DIR> d--h----- c:\windows\system32\config\systemprofile\Ambiente de impressão

2008-11-19 23:01 . 2008-04-14 09:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2008-11-19 23:00 . 2008-11-19 23:00 <DIR> d-------- c:\windows\system32\xircom

2008-11-19 23:00 . 2008-11-19 23:00 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2

2008-11-19 23:00 . 2008-11-19 23:00 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 01:21 315,392 ----a-w c:\windows\HideWin.exe

2008-11-20 00:59 --------- d-----w c:\arquivos de programas\Java

2008-11-20 00:59 --------- d-----w c:\arquivos de programas\Arquivos comuns\Java

2008-11-20 00:55 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-20 00:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0\bin\jusched.exe" [2008-11-19 77824]

"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-19 634880]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

"SiSPower"="SiSPower.dll" [2007-10-03 c:\windows\system32\SiSPower.dll]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-27 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-19 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-11-19 77968]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-11-19 288000]

*Newly Created Service* - PROCEXP90

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Bibi\Dados de aplicativos\Mozilla\Firefox\Profiles\7ym14fgo.default\

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjava11.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjava12.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjava13.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjava14.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjava32.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npjpi160.dll

FF -: plugin - c:\arquivos de programas\Java\jre1.6.0\bin\npoji610.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-20 20:09:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-20 20:09:24

ComboFix-quarantined-files.txt 2008-11-20 22:09:22

Pré-execução: 8 pasta(s) 157.530.030.080 bytes disponíveis

Pós execução: 8 pasta(s) 157,627,072,512 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

137

MGuitar · Novembro 21, 2008

Delete a pasta C:\Qoobox e o arquivo C:\ComboFix.txt. Vá em Adicionar ou Remover Programas e desinstale o software USBFix.

Selecione e copie este conteúdo aqui abaixo (começando de File). Cole em seu bloco de notas e salve-o na área de trabalho com o nome de CFScript.txt

File::
c:\windows\system32\gasretyw1.dll

Folder::

c:\arquivos de programas\UsbFix

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Seu computador será reiniciado automaticamente;

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

bossnia · Novembro 21, 2008

seguem logs novos:

ComboFix 08-11-19.08 - Bibi 2008-11-21 7:35:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2506 [GMT -2:00]

Executando de: c:\documents and settings\Bibi\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Bibi\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

c:\windows\system32\gasretyw1.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\UsbFix

c:\arquivos de programas\UsbFix\Tools\Ico.ico

c:\arquivos de programas\UsbFix\Tools\Ico2.ico

c:\arquivos de programas\UsbFix\Tools\Kill.exe

c:\arquivos de programas\UsbFix\Tools\nircmd.exe

c:\arquivos de programas\UsbFix\Tools\Proc.exe

c:\arquivos de programas\UsbFix\Tools\swreg.exe

c:\arquivos de programas\UsbFix\Uninstal.exe

c:\arquivos de programas\UsbFix\UsbFix.exe

c:\windows\system32\gasretyw1.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-21 to 2008-11-21 ))))))))))))))))))))))))))))