[Arquivado] Logs para análise.

[grapeJuice 0]

Resumindo: Estava em um tracker de torrent, acabei baixando o arquivo, logo depois fui ler os comentários, após de executador e recebido o vírus, por puro descuido meu, e vi vários usuários desesperados porque o cara estava "controlando" o computador deles.

 

Logs.:

Hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 02:46:33, on 1/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\PowerStrip\PStrip.exe

C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Arquivos de programas\Rainmeter\Rainmeter.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Wladmir\CONFIG~1\Temp\ir_ext_temp_2\AutoPlay\Docs\MyBot2\Bot.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

C:\DOCUME~1\Wladmir\CONFIG~1\Temp\ir_ext_temp_2\AutoPlay\Docs\MyBot2\Bot.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PowerStrip for Windows] C:\Arquivos de programas\PowerStrip\PStrip.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [RoboForm] "C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainmeter.lnk = C:\Arquivos de programas\Rainmeter\Rainmeter.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Barra de Ferramentas do RF - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Personalizar Menu - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Preencher - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Salvar Formulários - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barra de Ferramentas do RF - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217439844689

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

ComboFix:

 

ComboFix 08-11-30.01 - Wladmir 2008-12-01 2:58:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1484 [GMT -2:00]

Executando de: c:\documents and settings\Wladmir\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Sites possivelmente infetados -----

 

hxxp://www.hhdsoftware.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-01 to 2008-12-01 ))))))))))))))))))))))))))))

.

 

2008-11-30 02:14 . 2008-11-27 11:05 3,094,147 --------- c:\windows\IMAXMA~1.CAB

2008-11-30 02:14 . 2008-11-30 02:14 286,720 --------- c:\windows\Setup1.exe

2008-11-30 02:14 . 2008-11-30 02:14 73,216 --a------ c:\windows\ST6UNST.EXE

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\arquivos de programas\HHD Software

2008-11-29 16:11 . 2008-11-29 16:11 <DIR> d-------- c:\arquivos de programas\Cheat Engine

2008-11-29 16:11 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll

2008-11-29 16:11 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll

2008-11-29 12:54 . 2008-11-29 12:54 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\RoboForm

2008-11-29 12:54 . 2008-11-29 12:54 <DIR> d-------- c:\arquivos de programas\Siber Systems

2008-11-29 09:29 . 2008-11-29 14:20 <DIR> d-------- C:\Nexon

2008-11-28 16:24 . 2008-11-28 16:24 <DIR> d-------- c:\arquivos de programas\Hotspot Shield

2008-11-28 15:46 . 2008-11-28 15:46 <DIR> d-------- C:\Program Files

2008-11-27 18:53 . 2006-03-03 11:02 1,680,896 --a------ c:\windows\system32\vcl100.bpl

2008-11-27 18:53 . 2006-03-03 11:02 843,264 --a------ c:\windows\system32\rtl100.bpl

2008-11-27 18:53 . 2006-03-03 11:02 658,432 --a------ c:\windows\system32\cc3270mt.dll

2008-11-27 18:53 . 2006-03-03 11:02 287,744 --a------ c:\windows\system32\dbrtl100.bpl

2008-11-27 18:53 . 2006-03-03 11:02 273,920 --a------ c:\windows\system32\vcldb100.bpl

2008-11-27 18:53 . 2006-05-15 08:20 30,208 --a------ c:\windows\system32\borlndmm.dll

2008-11-27 18:23 . 2008-11-27 18:23 <DIR> d-------- c:\documents and settings\Wladmir\Dados de aplicativos\Nexon

2008-11-27 18:17 . 2003-07-20 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

2008-11-27 18:17 . 2005-01-04 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys

2008-11-21 12:19 . 2008-11-21 12:19 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-11-21 12:15 . 2008-11-21 12:15 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-21 12:15 . 2008-11-21 12:15 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-21 12:15 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-21 12:15 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-21 12:15 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll

2008-11-20 23:48 . 2008-11-20 23:48 <DIR> d-------- c:\arquivos de programas\VertrigoServ

2008-11-20 22:09 . 2008-11-20 22:10 <DIR> d-------- c:\arquivos de programas\EasyPHP1-8

2008-11-16 21:35 . 2008-11-23 21:50 <DIR> d-------- C:\Lop SD

2008-11-16 20:10 . 2008-12-01 02:46 <DIR> d-------- C:\HijackThis

2008-11-16 19:24 . 2008-11-16 19:24 <DIR> d-------- c:\arquivos de programas\Enigma Software Group

2008-11-16 12:53 . 2008-11-16 12:53 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Fallout3

2008-11-16 12:53 . 2008-11-16 13:11 <DIR> d-------- c:\arquivos de programas\Bethesda Softworks

2008-11-16 11:53 . 2008-11-16 11:53 <DIR> d-------- c:\arquivos de programas\MSBuild

2008-11-16 11:49 . 2008-11-16 12:52 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-16 11:48 . 2008-11-16 11:48 <DIR> d-------- c:\arquivos de programas\Reference Assemblies

2008-11-16 11:48 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-11-16 11:43 . 2008-11-16 11:43 <DIR> d-------- c:\windows\system32\xlive

2008-11-13 21:53 . 2008-11-13 21:53 <DIR> d-------- c:\documents and settings\Wladmir\Dados de aplicativos\SmartFTP

2008-11-13 21:53 . 2008-11-21 12:08 <DIR> d-------- c:\arquivos de programas\SmartFTP Client

2008-11-13 15:33 . 2008-11-13 15:33 <DIR> d-------- c:\arquivos de programas\GoldWave

2008-11-13 11:32 . 2008-11-13 11:32 268 --ah----- C:\sqmdata05.sqm

2008-11-13 11:32 . 2008-11-13 11:32 244 --ah----- C:\sqmnoopt05.sqm

2008-11-12 14:28 . 2008-11-12 14:28 268 --ah----- C:\sqmdata04.sqm

2008-11-12 14:28 . 2008-11-12 14:28 244 --ah----- C:\sqmnoopt04.sqm

2008-11-12 07:50 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-11 14:09 . 2008-11-11 14:09 0 --a------ c:\windows\SETUP32.INI

2008-11-10 17:10 . 2008-11-10 17:24 <DIR> d-------- c:\arquivos de programas\Inno Setup 5

2008-11-10 00:20 . 2008-11-10 00:20 <DIR> d-------- c:\arquivos de programas\BreakPoint Software

2008-11-09 18:12 . 2008-11-19 18:01 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-11-09 15:32 . 2008-11-21 12:07 <DIR> d-------- C:\Cronus

2008-11-09 12:31 . 2008-11-09 12:31 <DIR> d-------- c:\arquivos de programas\No-IP

2008-11-09 10:57 . 2008-11-09 11:02 <DIR> d-------- c:\documents and settings\Wladmir\Dados de aplicativos\Notepad++

2008-11-09 10:57 . 2008-11-09 10:57 <DIR> d-------- c:\arquivos de programas\Notepad++

2008-11-06 12:24 . 2004-02-12 13:19 11,336 --a------ c:\windows\system32\drivers\vkeyfdo.sys

2008-11-01 12:13 . 2008-11-01 12:13 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-01 04:43 --------- d-----w c:\documents and settings\Wladmir\Dados de aplicativos\foobar2000

2008-11-16 14:53 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-11-01 12:59 --------- d-----w c:\arquivos de programas\MessengerDiscovery

2008-11-01 03:26 65,536 ----a-w c:\windows\IFinst27.exe

2008-10-31 00:35 --------- d-----w c:\arquivos de programas\FlashGet

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-06 02:10 --------- d-----w c:\arquivos de programas\The KMPlayer

2008-10-05 05:14 --------- d-----w c:\documents and settings\Wladmir\Dados de aplicativos\SPORE

2008-10-04 06:02 --------- d-----w c:\arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-10-03 03:29 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-10-03 01:50 --------- d-----w c:\arquivos de programas\Opera

2008-10-03 01:48 --------- d-----w c:\arquivos de programas\Winamp

2008-10-02 05:04 --------- d-----w c:\arquivos de programas\Arquivos comuns\HP

2008-10-02 05:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Hewlett-Packard

2008-10-02 05:03 --------- d-----w c:\arquivos de programas\HP

2008-10-01 16:12 --------- d-----w c:\arquivos de programas\foobar2000

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-25 01:42 720,896 ----a-w c:\windows\iun6002ev.exe

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-11 22:53 4,056 ----a-w C:\totnp233.dll

2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-09-03 17:50 2,560 ----a-w c:\windows\system32\bitcometres.dll

2008-07-30 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

2008-07-30 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008073020080731\index.dat

2008-07-30 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

2008-07-30 16:05 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2008-11-28 16:24 204248 --a------ c:\arquivos de programas\Hotspot Shield\hssie\HssIE.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"PowerStrip for Windows"="c:\arquivos de programas\PowerStrip\PStrip.exe" [2008-07-12 734968]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"RoboForm"="c:\arquivos de programas\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-29 160592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 172032]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-06 185896]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\Wladmir\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Rainmeter.lnk - c:\arquivos de programas\Rainmeter\Rainmeter.exe [2006-01-21 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-03 06:46 13529088 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-03 06:46 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-03-25 05:28 144784 c:\arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2004-06-29 10:06 88363 c:\windows\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2005-12-09 05:49 15691264 c:\windows\RTHDCPL.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"c:\\Documents and Settings\\All Users.WINDOWS\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7523:TCP"= 7523:TCP:BitComet 7523 TCP

"7523:UDP"= 7523:UDP:BitComet 7523 UDP

"8000:TCP"= 8000:TCP:BitComet 8000 TCP

"8000:UDP"= 8000:UDP:BitComet 8000 UDP

"6900:TCP"= 6900:TCP:login-server_sql

"5121:TCP"= 5121:TCP:map-server_sql

"6121:TCP"= 6121:TCP:char-server_sql

"8080:TCP"= 8080:TCP:Ragnarok

"80:TCP"= 80:TCP:Ragnarok2

 

R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-14 27992]

R3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; []

R3 vkeyfdo;Virtual Keybord Function Driver;c:\windows\system32\Drivers\vkeyfdo.sys [2008-11-06 11336]

S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-08-03 4224]

S3 npkycryp;npkycryp; []

S3 XDva090;XDva090; []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-12-01 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 10:59]

 

2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Wladmir\Dados de aplicativos\Mozilla\Firefox\Profiles\je7y6s16.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF -: plugin - c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 02:59:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-01 3:01:19

ComboFix-quarantined-files.txt 2008-12-01 05:00:59

 

Pré-execução: 8.879.644.672 bytes disponíveis

Pós execução: 8,723,775,488 bytes disponíveis

 

206 --- E O F --- 2008-11-30 05:00:21

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.