[Arquivado] Trojan-Downloader.Win32.Banload.osi

jana.cgo · Dezembro 9, 2008

*Peguei esse virus n sei onde! Ele foi detectado pleo Kaspersky, mas n foi desinfectado!

*Ja tentei de td! Ai descobri vcs!

Li esse topico e ja fiz td isso!

---------------------------------------------------------------------------------------------------------------------------------------------------

Baixe o HijackThis versão 2.0.2.

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (para uma pasta própria tipo c:/Hijack).

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado em um TÓPICO PRÓPRIO.

O Log q deu foi esse, espero q vcs possam me ajudar!!!!!

Desde ja Valeu

---------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:26, on 8/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\systemq.exe

C:\WINDOWS\system32\nvsvc33.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\DOCUME~1\Jana\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Downloads\BITCOMET - Filmes\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Bando do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [explorer] C:\WINDOWS\systemq.exe

O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\system32\nvsvc33.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar link usando &BitComet - res://G:\Downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://G:\Downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://G:\Downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Downloads\BITCOMET - Filmes\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{E9B32743-C7F2-4F5A-8EA5-BBBAFBBF56D7}: NameServer = 200.165.132.155 200.149.55.142

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8841 bytes

E agora???

PedroN · Dezembro 9, 2008

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

jana.cgo · Dezembro 9, 2008

Brigadooo pela rapidez! Fiz exatamente o q você mmandou!!

Aqui ta o Log do ComboFix:

ComboFix 08-12-07.04 - Jana 2008-12-09 20:07:48.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.290 [GMT -2:00]

Executando de: c:\documents and settings\Jana\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\ActivationManager

c:\arquivos de programas\ActivationManager\Uninstall.exe

c:\arquivos de programas\GbPluggin\svchost

c:\windows\system32\Desktop_.ini

c:\windows\TRANSFORMERS.DLL

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-09 to 2008-12-09 ))))))))))))))))))))))))))))

.

2008-12-09 20:01 . 2008-11-24 19:14 <DIR> d-------- C:\32788R22FWJFW

2008-12-08 22:25 . 2008-12-08 22:25 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-12-08 22:17 . 2008-12-08 22:17 812,344 --a------ C:\HJTInstall.exe

2008-12-05 20:16 . 2008-12-05 20:16 366,696 ---hs---- c:\windows\systemq.exe

2008-12-05 20:15 . 2008-12-05 20:16 344,576 --a------ c:\windows\system32\dllhostc.exe

2008-12-05 20:14 . 2008-12-05 20:15 1,133,056 ---hs---- c:\windows\system32\nvsvc33.exe

2008-12-02 19:19 . 2008-12-02 19:19 <DIR> d-------- c:\documents and settings\Jana\Dados de aplicativos\Ambient Design

2008-11-18 21:02 . 2008-11-18 21:02 38 --a------ c:\windows\AviSplitter.INI

2008-11-14 05:27 . 2008-11-14 05:27 <DIR> d-------- c:\arquivos de programas\GRETECH

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 22:11 32 --sha-w c:\windows\system32\drivers\fidbox2.idx

2008-12-09 22:11 32 --sha-w c:\windows\system32\drivers\fidbox2.dat

2008-12-09 22:11 32 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-12-09 22:11 32 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-10-31 20:04 --------- d-----w c:\documents and settings\Jana\Dados de aplicativos\Lightcomm

2008-10-29 15:05 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-29 15:05 --------- d-----w c:\arquivos de programas\iTunes

2008-10-29 15:05 --------- d-----w c:\arquivos de programas\iPod

2008-10-29 15:04 --------- d-----w c:\arquivos de programas\Bonjour

2008-10-29 15:02 --------- d-----w c:\arquivos de programas\QuickTime

2008-10-22 22:50 --------- d-----w c:\documents and settings\Jana\Dados de aplicativos\Zylom

2008-10-22 22:50 --------- d-----w c:\documents and settings\Jana\Dados de aplicativos\GamesCafe

2008-10-22 22:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Zylom

2008-10-22 22:50 --------- d-----w c:\arquivos de programas\Zylom Games

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 227856]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Messenger\\MSMSGS.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21933:TCP"= 21933:TCP:BitComet 21933 TCP

"21933:UDP"= 21933:UDP:BitComet 21933 UDP

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: Adicionar ao Anti-Banner

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar link usando &BitComet - g:\downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - g:\downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - g:\downloads\BITCOMET - Filmes\BitComet\BitComet.exe/AddVideo.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FireFox -: Profile - c:\documents and settings\Jana\Dados de aplicativos\Mozilla\Firefox\Profiles\bhzkq3hp.default\

.

------- Associação de arquivos/ficheiros -------

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 20:12:28

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1036)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1380)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\SYSTEM32\WLTRYSVC.EXE

c:\windows\SYSTEM32\BCMWLTRY.EXE

c:\arquivos de programas\ARQUIVOS COMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

c:\arquivos de programas\BONJOUR\MDNSRESPONDER.EXE

c:\arquivos de programas\CYBERLINK\SHARED FILES\RICHVIDEO.EXE

c:\windows\system32\wscntfy.exe

c:\docume~1\Jana\CONFIG~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-09 20:14:17 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-09 22:14:16

Pré-execução: 13 pasta(s) 11.763.793.920 bytes disponíveis

Pós execução: 13 pasta(s) 11,825,561,600 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

163 --- E O F --- 2008-05-04 11:55:25

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

E esse eh o Hijack This atualizado:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:17:00, on 9/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\Jana\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe