[Resolvido!] Micro infectado

[Annluciap 0]

Alguém poderia olhar o log abaixo, por favor?

 

Obrigada.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:02:52, on 1/22/aaaa

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINNT\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\WINNT\system32\VTTimer.exe

C:\WINNT\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

C:\HijackThis\HijackThis.exe

C:\WINNT\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: NaturalColorLoad.lnk = C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/elivro/support/...s/ebraryRdr.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205850891765

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O17 - HKLM\System\CCS\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS1\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS2\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 6230 bytes

[DigRam 144]

Boa Tarde! Annluciap

 

<!> O que ocorre com o PC? :mellow:

 

Abraços!

[Annluciap 0]

Oi, o antivirus do mciro detectou cinco trojans.

 

Por isso pedi para alguém dar uma olhada no log do hijack.

 

Obrigada.

[DigRam 144]

Boa Tarde! Annluciap

 

<@> Faça o download do a-squared Free 4.0.

 

<!> Link Opcional: < >

 

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve o relatório desta verificação,e poste-o na sua resposta.

 

Abraços!

[Annluciap 0]

Olá,

 

segue relatório.

 

Obrigada.

 

 

a-squared Free - Versão 4.0

Última atualização 1/28/quarta-feira 11:22:49

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 1/28/quarta-feira 11:35:23

 

Key: HKEY_USERS\S-1-5-21-1202660629-1078081533-725345543-500\software\kazaa detectado: Trace.Registry.KaZaA!A2

C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserver!A2

C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2

C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt detectado: Trace.TrackingCookie.ig.com!A2

 

Analisado

 

Arquivos: 27379

Objetos: 402907

Cookies: 21

Processos: 30

 

Encontrado

 

Arquivos: 0

Objetos: 1

Cookies: 4

Processos: 0

Chaves do registro: 0

 

Fim da análise: 1/28/quarta-feira 12:07:00

Duração da análise: 0:31:37

 

C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt Em quarentena Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2

C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserver!A2

C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserv!A2

Key: HKEY_USERS\S-1-5-21-1202660629-1078081533-725345543-500\software\kazaa Em quarentena Trace.Registry.KaZaA!A2

 

Em quarentena

 

Arquivos: 0

Objetos: 1

Cookies: 4

[DigRam 144]

Boa Tarde! Annluciap

 

<!> Abra o HijackThis --> Clique: Do a system scan only

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

 

<!> Marque,àcima,estas entradas! --> Clique em Fix checked. --> Sim!

------------------------------

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Annluciap 0]

Oi seguem os logs.

 

Obrigada.

 

 

KASPERSKY ONLINE SCANNER 7 REPORT

Friday, January 30, 2009

Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Friday, January 30, 2009 13:03:07

Records in database: 1728252

 

 

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

 

Scan area My Computer

A:\

C:\

D:\

 

Scan statistics

Files scanned 19727

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 00:46:55

 

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

***************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:59, on 1/30/aaaa

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\VTTimer.exe

C:\WINNT\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINNT\system32\internat.exe

C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: NaturalColorLoad.lnk = C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/elivro/support/...s/ebraryRdr.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205850891765

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O17 - HKLM\System\CCS\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS1\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O17 - HKLM\System\CS2\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5518 bytes

[DigRam 144]

Boa Tarde! Annluciap

 

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,vá em: < Docs >

-----------------------------

<!> O log está limpo! :thumbsup:

 

Abraços!

[Annluciap 0]

Obrigada pela ajuda.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.