[Arquivado] &nbspAnalise de LOG, pc com virus q o antivirus n consegue

[jgwerneck 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:40:26, on 09-Nov-10

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g1.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iExplUpd] C:\Windows\system32\IExplUpd.exe

O4 - HKLM\..\Run: [synNglp] C:\Windows\system32\SynNglp.exe

O4 - HKLM\..\Run: [Nyet.exe] C:\ProgramData\Dados de aplicativos\Nyet.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"

O4 - HKCU\..\Run: [MsgrUpd] C:\Windows\system32\MsgrUpd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

 

--

End of file - 7535 bytes

[wings 22]

Olá jgwerneck

 

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Clique com o botão direito do mouse no Malwarebytes e selecione "Executar como administrador"

 

*Instale o programa

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[jgwerneck 0]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5081

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

09-Nov-10 13:34:48

mbam-log-2010-11-09 (13-34-48).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 203116

Tempo decorrido: 42 minuto(s), 23 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 3

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 7

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iexplupd (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msgrupd (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nyet.exe (Trojan.Banker) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Windows\System32\IExplUpd.exe (Spyware.Banker) -> Quarantined and deleted successfully.

C:\ProgramData\Nyet.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

C:\Windows\System32\Nyet.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

C:\Windows\System32\megaspdr.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\MsgrUpd.exe (Trojan.Banker) -> Quarantined and deleted successfully.

C:\Windows\necont (Malware.Trace) -> Quarantined and deleted successfully.

C:\ProgramData\Dados de aplicativos\Nyet.exe (Trojan.Banker) -> Quarantined and deleted successfully.

[wings 22]

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções abaixo:

 

[X] Verificar All Users

Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Lop

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

SystemDrive%\documents and settings\All Users\Dados de aplicativos\*.*

SystemDrive%\documents and settings\All Users\Dados de aplicativos\*

%SystemDrive%\documents and settings\All Users\Menu iniciar\Programas\Inicializar\*.*

%SystemDrive%\documents and settings\User\Configurações Locais\Temp\*.*

*Clique [Verificar] e aguarde o término

*Cole o relatório apresentado (OTL.txt)

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.