Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde
Meu anti virus detectou um Backdoor ; e nesta circunstância ,perçebi que o mesmo não abre mais, no icone meu computador>propriedades também não e obter um print idem .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:18, on 21/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
D:\Arquivos de programas\CursorXP\CursorXP.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\osk.exe
D:\WINDOWS\system32\MSSWCHX.EXE
D:\Arquivos de programas\AlienGUIse\wbload.exe
D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\setup_9.0.0.722_21.04.2010_17-13.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Defraggler\Defraggler.exe
D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para HiJackThis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - Default URLSearchHook is missing
O1 - Hosts: ÿþ1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe
O4 - S-1-5-18 Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe (User 'Default user')
O4 - Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 5018 bytes
Obrigado
Boa noite
_________________________________
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Versão da Base de Dados: 4016
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/4/2010 19:28:22
mbam-log-2010-04-21 (19-28-22).txt
Tipo de Verificação: Verificação Completa (D:\|)
Objetos escaneados: 147960
Tempo decorrido: 1 hora(s), 34 minuto(s), 11 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP140\A0010322.exe (Backdoor.VB) -> Quarantined and deleted successfully.
______________________________
Após apenas 1 h perante o log supra.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Versão da Base de Dados: 4018
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/4/2010 20:59:37
mbam-log-2010-04-21 (20-59-37).txt
Tipo de Verificação: Verificação Completa (D:\|)
Objetos escaneados: 148589
Tempo decorrido: 39 minuto(s), 27 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 2
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
D:\WINDOWS\sed.exe (Trojan.Agent.Gen) -> No action taken.
D:\WINDOWS\Sed.exe.vi (Trojan.Agent.Gen) -> No action taken.
Abraços
Bom dia DigRam
Não consigo instalar .
Abraços
>
Bom dia DigRam
Não consigo instalar .
Abraços
/////////////\\\\\\\\\\\\
Opa! EDSSX
<!> Tente em BitDefender.
0000000000000000000000
<@> Faça escaneamento de desinfecção,em: < BitDefender >
<@> Ps: Utilize o navegador Internet Explorer!
<@> Abrirá a página: BitDefender OnLine Scanner ( Free and effective malware cleanup directly from your browser )
<@> Clique em < /applications/core/interface/imageproxy/imageproxy.php?img=http://img510.imageshack.us/img510/1824/bitdefender.jpg&key=e2a816133b70fb16243d900222fabdac04c6245b7fdbc016aaf6a417d8bcadc2" alt="bitdefender.jpg" /> >
<@> Marque a caixinha: "I agree with the Terms and Conditions" --> "Start Here"
<@> Clique na barra azul,e aceite a instalação do ActiveX. ( Instalar este Complemento para todos os Usuários... )
<@> Aguarde a instalação e,à seguir,clique em "Start Scan".
<@> Terminando,poste o relatório: D:\Windows\BDOSCAN8\bdoscan.log <--
Abraços!
Bom dia
Segue:
QuickScan Beta 32-bit v0.9.9.18
-------------------------------
Scan date: Thu Apr 22 11:44:50 2010
Machine ID: 40F5D453
No infection found.
-------------------
Processes
---------
<unsigned> Gadwin PrintScreen 3964 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe
<unsigned> PLAS Service 1052 D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe
<unsigned> Stardock CursorXP 272 D:\Arquivos de programas\CursorXP\CursorXP.exe
<verified> AntiVir Desktop 260 D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
<verified> AntiVir Desktop 356 D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
<verified> AntiVir Desktop 836 D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
<verified> AntiVir Desktop 1732 D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
<verified> Firefox 3804 D:\Arquivos de programas\Mozilla Firefox\firefox.exe
<verified> Java Platform SE 6 U20 408 D:\Arquivos de programas\Java\jre6\bin\jqs.exe
<verified> Java Platform SE Auto Updater 2 0 236 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
<verified> Malwarebytes' Anti-Malware 2360 D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft Search Enhancement Pack 936 D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Microsoft® Visual Studio .NET 884 D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 2812 D:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1280 D:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1360 D:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 1688 D:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 656 D:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 776 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1040 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1544 D:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1608 D:\WINDOWS\system32\svchost.exe
<verified> PC Tools Auxiliary Service 2980 D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
<verified> PC Tools GUI Application 3708 D:\Arquivos de programas\Spyware Doctor\pctsGui.exe
<verified> PC Tools Security Service 276 D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
<verified> PC Tools Tray Application 1456 D:\Arquivos de programas\Spyware Doctor\pctsTray.exe
<verified> Sistema operacional Microsoft® Windows® 1792 D:\WINDOWS\Explorer.EXE
<verified> Sistema operacional Microsoft® Windows® 2740 D:\WINDOWS\system32\MSSWCHX.EXE
<verified> Sistema operacional Microsoft® Windows® 2728 D:\WINDOWS\system32\osk.exe
<verified> Sistema operacional Microsoft® Windows® 1348 D:\WINDOWS\system32\services.exe
<verified> Sistema Operacional Microsoft® Windows® 1236 D:\WINDOWS\System32\smss.exe
<verified> Sistema operacional Microsoft® Windows® 2284 D:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified> Sistema operacional Microsoft® Windows® 1304 D:\WINDOWS\system32\winlogon.exeNetwork activity
----------------
Process firefox.exe (3804) connected on port 80 (HTTP) --> qw-in-f138.1e100.net
Process firefox.exe (3804) connected on port 80 (HTTP) --> lga15s04-in-f154.1e100.net
Process firefox.exe (3804) connected on port 80 (HTTP) --> CRL.VERISIGN.NET
Process svchost.exe (1608) listens on ports: 135 (RPC)
Autoruns and critical files
---------------------------
<unsigned> Ahead Software Gmbh NeroCheck C:\WINDOWS\System32\NeroCheck.exe
<unsigned> Stardock CursorXP D:\Arquivos de programas\CursorXP\CursorXP.exe
<unsigned> WindowBlinds 4.x for x86 machines D:\WINDOWS\system32\WBSYS.DLL
<verified> Adobe Acrobat D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
<verified> AntiVir Desktop D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
<verified> Java Platform SE Auto Updater 2 0 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\CRYPTNET.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\DIMSNTFY.DLL
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\WPDShServiceObj.dll
<verified> PC Tools Tray Application D:\Arquivos de programas\Spyware Doctor\pctsTray.exe
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\BROWSEUI.DLL
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\CRYPT32.DLL
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\CSCDLL.DLL
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\logonui.exe
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\sclgntfy.dll
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\SHELL32.DLL
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\stobject.dll
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\upnpui.dll
<verified> Sistema operacional Microsoft® Windows® d:\windows\system32\userinit.exe
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\WLNOTIFY.DLL
<verified> Windows® Internet Explorer D:\WINDOWS\system32\webcheck.dllBrowser plugins
---------------
<unsigned> bdupd.dll D:\WINDOWS\Downloaded Program Files\bdupd.dll
<unsigned> ipsupd.dll D:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> Shockwave for Director D:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<verified> AcroIEHelperShim Library d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat D:\Arquivos de programas\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> GbpDist Module D:\WINDOWS\Downloaded Program Files\gbpdist.dll
<verified> Java Platform SE 6 U20 d:\arquivos de programas\java\jre6\bin\jp2ssv.dll
<verified> Java Platform SE 6 U20 d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft Search Enhancement Pack d:\arquivos de programas\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\winrnr.dll
<verified> NPSWF32.dll D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In d:\Arquivos de programas\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\mswsock.dll
<verified> Windows Presentation Foundation d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer D:\WINDOWS\system32\IEFRAME.DLLMissing files
-------------
File not found: D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"
File not found: hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,
76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,0,79,00,73,00,00,00
referenced in: HKLM\System\ControlSet001\services\NtTdiDr\"ImagePath"
Scan
----
<unsigned> MD5: 3e4c03cefad8de135263236b61a49c90 C:\WINDOWS\System32\NeroCheck.exe
<unsigned> MD5: b242aff9b81ddbc6501296d90350fb37 D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
<unsigned> MD5: 0159f60caa4169f1bec0294990aa8c4e D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\1046\MDMUI.DLL
<unsigned> MD5: c0fad4903271cf91f104c7d9a028d039 D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe
<unsigned> MD5: 0c82754d7ff191e55525f7d2679657ba D:\Arquivos de programas\Avira\AntiVir Desktop\aebb.dll
<unsigned> MD5: 61434e8957467c93d1e2b9258e78ed17 D:\Arquivos de programas\Avira\AntiVir Desktop\AECORE.DLL
<unsigned> MD5: 05c1fb890143704eb526c3044c6cd506 D:\Arquivos de programas\Avira\AntiVir Desktop\aeemu.dll
<unsigned> MD5: 90f90795e235e28c723a57c6ef9f0659 D:\Arquivos de programas\Avira\AntiVir Desktop\aegen.dll
<unsigned> MD5: 26693a1c19f012eb7f21ec54681ce0ac D:\Arquivos de programas\Avira\AntiVir Desktop\aehelp.dll
<unsigned> MD5: 988a4adc4d368bc3117a943120d183b2 D:\Arquivos de programas\Avira\AntiVir Desktop\AEHEUR.DLL
<unsigned> MD5: a34040c3cc4ff232df2d88bb596a3e6f D:\Arquivos de programas\Avira\AntiVir Desktop\AEOFFICE.DLL
<unsigned> MD5: 68b89e18be8c02f8ee6410fef17143b1 D:\Arquivos de programas\Avira\AntiVir Desktop\AEPACK.DLL
<unsigned> MD5: eae5f4b8b274dcc719438aac5ba08b6a D:\Arquivos de programas\Avira\AntiVir Desktop\AERDL.DLL
<unsigned> MD5: d1efc8020eadaa19c39c974e2af354d8 D:\Arquivos de programas\Avira\AntiVir Desktop\AESBX.DLL
<unsigned> MD5: 79fb5a728af28f6f6b4536cf5be20da8 D:\Arquivos de programas\Avira\AntiVir Desktop\AESCN.DLL
<unsigned> MD5: 24d3b4dd021475a3b83f177e441b3938 D:\Arquivos de programas\Avira\AntiVir Desktop\AESCRIPT.DLL
<unsigned> MD5: 35b320ae9ea62857e4f2b972dcf8a768 D:\Arquivos de programas\Avira\AntiVir Desktop\AEVDF.DLL
<unsigned> MD5: ddf0d660e994d0bb912f37dca7afe8f7 D:\Arquivos de programas\Avira\AntiVir Desktop\AVEVTLOG.DLL
<unsigned> MD5: e1ac63748ef4d24e04060c5c61160643 D:\Arquivos de programas\Avira\AntiVir Desktop\AVGIO.DLL
<unsigned> MD5: 06990855177b4ab5366864738c43d459 D:\Arquivos de programas\Avira\AntiVir Desktop\AVIPC.DLL
<unsigned> MD5: 92ea86876dfde3b9f6b4b6443c8b11fb D:\Arquivos de programas\Avira\AntiVir Desktop\AVPREF.DLL
<unsigned> MD5: dfca644502dfa491384a53f87ae03fb6 D:\Arquivos de programas\Avira\AntiVir Desktop\AVSMTP.DLL
<unsigned> MD5: e297d7ede615bc39f6a3708e2f9a924c D:\Arquivos de programas\Avira\AntiVir Desktop\CCGEN.DLL
<unsigned> MD5: a48457fa81661ff73b549e42ca2488a2 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGENRC.DLL
<unsigned> MD5: 298b49e02025add1d12aaf27937a3549 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGRDRC.DLL
<unsigned> MD5: 41303e032613d2c4e29be8b8eb5f027b D:\Arquivos de programas\Avira\AntiVir Desktop\CCGRDW.DLL
<unsigned> MD5: 80803bf24c42c1b7130f8ad69e05b744 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGUARD.DLL
<unsigned> MD5: 81ba09327b20a9bf88e47091d9d0d3c7 D:\Arquivos de programas\Avira\AntiVir Desktop\cclic.dll
<unsigned> MD5: 939286b2d5177e88d1fa804413ac8862 D:\Arquivos de programas\Avira\AntiVir Desktop\cclicrc.dll
<unsigned> MD5: dcd62c40142df3b41f64ac837feb5716 D:\Arquivos de programas\Avira\AntiVir Desktop\ccmainrc.dll
<unsigned> MD5: f65abcdedecb5d5fe6cd037867dbec5d D:\Arquivos de programas\Avira\AntiVir Desktop\ccmsg.dll
<unsigned> MD5: 76d19b395001f884eeed44d582fd5658 D:\Arquivos de programas\Avira\AntiVir Desktop\ccmsgrc.dll
<unsigned> MD5: 91fe94f0defa802320466bab90bb4f0a D:\Arquivos de programas\Avira\AntiVir Desktop\ccupdate.dll
<unsigned> MD5: 3fef6e15b2f4596a58854e4ef4f1d9eb D:\Arquivos de programas\Avira\AntiVir Desktop\ccupdrc.dll
<unsigned> MD5: 96bcd91d7f84ec265ceb2f4d47838a51 D:\Arquivos de programas\Avira\AntiVir Desktop\CCWKRLIB.DLL
<unsigned> MD5: 01936b92434b6ab994d9bb2139729cfb D:\Arquivos de programas\Avira\AntiVir Desktop\CFGLIB.DLL
<unsigned> MD5: 92d9eb35797530fedc07b1d75533f68e D:\Arquivos de programas\Avira\AntiVir Desktop\GUARDMSG.DLL
<unsigned> MD5: 020e9a91b8da0927e8a60868d90f515a D:\Arquivos de programas\Avira\AntiVir Desktop\LIBDB44.DLL
<unsigned> MD5: 7464c6694036b42ba237eb723a34d0f4 D:\Arquivos de programas\Avira\AntiVir Desktop\RCIMAGE.DLL
<unsigned> MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa D:\Arquivos de programas\Avira\AntiVir Desktop\SCHEDR.DLL
<unsigned> MD5: 902c61f27c86b4a0c0bff31f154ddbeb D:\Arquivos de programas\Avira\AntiVir Desktop\shlext.dll
<unsigned> MD5: 0815aff09e50a3cf1349396f5b2ebc6a D:\Arquivos de programas\Avira\AntiVir Desktop\SQLITE3.DLL
<unsigned> MD5: 3ef2a4bd267ac889cf90d0ec80cc9a11 D:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
<unsigned> MD5: 2c6df80a7c4c651f1fa2e34e3aff9261 D:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
<unsigned> MD5: 7b70742882445f1269fc49708ab39751 D:\Arquivos de programas\CursorXP\CursorXP.exe
<unsigned> MD5: 33cfc1e1dc8b71974806378a821143f9 D:\Arquivos de programas\CursorXP\CurXP0.dll
<unsigned> MD5: ad298bdbf33c10efd2f9bb2bae8718d9 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 D:\Arquivos de programas\Java\jre6\bin\MSVCR71.DLL
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 D:\Arquivos de programas\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 D:\Arquivos de programas\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c D:\Arquivos de programas\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 2e0601e04e009a664714649d1b2bc126 D:\Arquivos de programas\Spyware Doctor\klg.dat
<unsigned> MD5: c13d1e38e6549f156f9f484225c79cac D:\Arquivos de programas\Spyware Doctor\PCToolsComponents.bpl
<unsigned> MD5: ee4751299febfab77e689c60721ef218 D:\Arquivos de programas\Spyware Doctor\rtl100.bpl
<unsigned> MD5: aa2baee9c50ab6fed72de7c8867dff49 D:\Arquivos de programas\Spyware Doctor\vcl100.bpl
<unsigned> MD5: a57234a9295b026c13fbf81b729fafa6 D:\WINDOWS\Downloaded Program Files\bdupd.dll
<unsigned> MD5: fe691848ced7c74b2a177319ac154a1f D:\WINDOWS\Downloaded Program Files\ipsupd.dll
<unsigned> MD5: 9317118077072c08cd84597d2925249a D:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 3a1dc7c08ae1af450ffd753a0fd82f9d D:\WINDOWS\system32\drivers\CPUIDLEP.sys
<unsigned> MD5: 18221b858dcbac906f7c30911b7630bc D:\WINDOWS\system32\WBSYS.DLLNo file uploaded.
Scan finished - communication took 8 sec
Total traffic - 0.08 MB sent, 3.06 KB recvd
Scanned 1148 files and modules - 661 seconds
Obrigado
Opa! EDSSX
>
QuickScan Beta 32-bit v0.9.9.18-------------------------------
Scan date: Thu Apr 22 11:44:50 2010
Machine ID: 40F5D453
No infection found.
<!> Não foram detectadas infecções,nessa modalidade rápida,em BitDefender.
<!> Não conseguiu realizar a de desinfecção,tradicional,em BitDefender?
00000000000000000000000
00000000000000000000000
<@> Faça escaneamento online em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i100.photobucket.com/albums/m7/dasaki/Clipboard06.jpg&key=552e718348c1c3269e154028268d118c06da2b062f5684bab12449c68e20b427" alt="Clipboard06.jpg" /> > Link!
<@> Ps: Utilize o navegador Firefox ou Internet Explorer.
<@> Faça o registro gratuito,para que tenhas a opção na desinfecção de arquivos.
<@> Clique em "Registar-se".
<@> Terminando,clique em "Enviar".
<@> Na janela de boas vindas,escolha a "Análise rápida" --> Clique em "Analisar agora".
<@> Se esta é a primeira vez que utiliza o ActiveScan 2.0,com o Mozilla Firefox,será pedido a instalação de um plugin.
<@> Portanto,para que o ActiveScan 2.0 funcione,é necessário transferir e instalar essa extensão.
<@> Aguarde,também,a atualização do ActiveScan 2.0.
<@> Terminando,podes dar início ao scan.
<@> Ao final da verificação,clique em "Disinfect". <-- Caso esteja habilitada!
<@> Ps: A opção disinfect é com ônus,para que seja efetuada.
<@> Clique,à seguir,em "Export to" para que tenhamos o relatório. <-- Salve-o no desktop!
<@> Poste: ActiveScan.txt <--
Abraços!
Boa tarde
Segue:
;*****************************************************************************
ANALYSIS: 2010-04-22 13:33:49
PROTECTIONS: 1
MALWARE: 0
SUSPECTS: 0
;*****************************************************************************
PROTECTIONS
Description Version Active Updated
;=============================================================================
AntiVir Desktop 10.0.1.44 Yes Yes
;=============================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=============================================================================
SUSPECTS
Sent Location
;=============================================================================
VULNERABILITIES
Id Severity Description
;=============================================================================
217831 HIGH MS10-005
;=============================================================================
Abraços
Boa Tarde! EDSSX
<!> O relatório do Panda,não mostrou problemas relacionados à malwares.
00000000000000000000000
<!> Baixe esta atualização: < KB978706 >
<!> Clique em "Fazer Download",e instale-a em seu PC.
00000000000000000000000
<!> Tudo Ok?
Abraços!
Boa tarde
Acho que sim .
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Versão da Base de Dados: 4021
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/4/2010 14:30:29
mbam-log-2010-04-22 (14-30-29).txt
Tipo de Verificação: Verificação Completa (D:\|)
Objetos escaneados: 144117
Tempo decorrido: 1 hora(s), 2 minuto(s), 14 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:57, on 22/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
D:\Arquivos de programas\CursorXP\CursorXP.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\osk.exe
D:\WINDOWS\system32\MSSWCHX.EXE
D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
D:\Arquivos de programas\Spyware Doctor\pctsTray.exe
D:\Arquivos de programas\Spyware Doctor\pctsGui.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ÿþ1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iSTray] "D:\Arquivos de programas\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe
--
End of file - 5094 bytes
Obrigado e abraços
Boa Tarde! EDSSX
<!> Seus logs estão limpos! :)
<!> Bom trabalho!
Abraços!
Boa tarde
Ok, pode ençerrar o tópico .
Abraços
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! EDSSX
<@> Faça um escaneamento,online,em:
'>http://www.eset.com/onlinescan/index.php"]/applications/core/interface/imageproxy/imageproxy.php?img=http://www.eset.com/images/online_scanner_banner.jpg&key=632a5f3a67bbb7c21650fa96762ccf0d972b46504b35bdbfb0d4fd24edbc9507" alt="online_scanner_banner.jpg" />
<@> Ps: Utilize o navegador Internet Explorer.
<@> Clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.eset.com/images/online_scanner_button.jpg&key=d949755ffd57a7a5718840af1a8b617b97ca472f304c7b0bdf7e801e6e609809" alt="online_scanner_button.jpg" /> >
<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.
<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.
<@> Aceite a instalação do ActiveX --> Dê início ao scan.
<@> Concluindo,poste o relatório: D:\Program Files\EsetOnlineScanner\log.txt
Abraços!