[Arquivado]Trojan-Downloader

[m0lk4 0]

Ola!

 

Tou a ter problemas com o PC ; cada vexe mais lento , mensagem de hidden data sending.... C\:Windows\explorer.exe .... sempre aparecer,virus sp istu, se aceito vai para 1 site dum anti virus... o meu Kpsrky ta sp aparecer hidden file sending... explorer.exe e no inicio kuando entro no pc aparece sp 1 trojan-dowloader . ta aki o meu log :

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:24:41, on 10-10-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\System32\LckFldService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\xtreme\mirc32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Hijack\HiJackThis_v2.exe

C:\Programas\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/pt/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programas\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {52700273-ECB2-E661-E69B-BA6EF89998EC} - C:\WINDOWS\system32\lgsc.dll

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dslkycio.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B83905E5-AB4E-44D2-8F85-A80C6D552F93} - C:\WINDOWS\system32\efede.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programas\FlashGet\getflash.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Ad-Aware] "C:\Programas\Ad-Aware SE Professional\Ad-Aware.exe" +c

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\glfqqeam.dll",sitypnow

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?e22e7d802c96478d8b70aec12fcfd080

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?e22e7d802c96478d8b70aec12fcfd080

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programas\TuneUp2004\TuneUp 2004\Utilities\WinStylerThemeSvc.exe

 

--

End of file - 6765 bytes

 

Kaspersky found this and alot more of those:

 

detected: riskware Invader Running process: C:\WINDOWS\explorer.exe

detected: Trojan program Trojan-Spy.Win32.Banker.ewf URL: http://www.jubijuterias.com/loja/includes/...E_Patch//TeLock

detected: Trojan program Trojan-Spy.Win32.Banker.ewg URL: http://www.jubijuterias.com/loja/includes/...E_Patch//TeLock

not found: Trojan program Trojan.Win32.Obfuscated.en File: C:\Documents and Settings\HeHe\Definições locais\Application Data\Mozilla\Firefox\Profiles\7nfxjoox.default\Cache\197996CBd01

detected: Trojan program Trojan.Win32.Obfuscated.en URL: http://nb.dns-look-up.com/bins/uninstall.exe

detected: riskware Hidden data sending Running process: C:\WINDOWS\Explorer.EXE

detected: riskware Hidden data sending Running process: C:\WINDOWS\explorer.exe

detected: Trojan program Trojan-Downloader.Win32.Tiny.id URL: http://82.98.235.78/cook/lkjh.exe?uid=948D...B3F8525A7A71B3C

detected: Trojan program Trojan.Win32.Agent.bck URL: http://82.98.235.78/netob/valera.exe?uid=9...B3F8525A7A71B3C

 

 

 

 

se me poderem ajudar fico gratu por tudo...

[DigRam 144]

Bom Dia mOlk4!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.