[Resolvido!] Backdoor + Backdoor

[EDSSX 0]

Boa tarde

 

 

Meu anti virus detectou um Backdoor ; e nesta circunstância ,perçebi que o mesmo não abre mais, no icone meu computador>propriedades também não e obter um print idem .

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:22:18, on 21/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\osk.exe

D:\WINDOWS\system32\MSSWCHX.EXE

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\setup_9.0.0.722_21.04.2010_17-13.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Defraggler\Defraggler.exe

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para HiJackThis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R3 - Default URLSearchHook is missing

O1 - Hosts: ÿþ1

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O4 - S-1-5-18 Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe (User 'Default user')

O4 - Startup: setup_9.0.0.722_21.04.2010_17-13.lnk = D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_21.04.2010_17-13\startup.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 5018 bytes

 

 

 

Obrigado

 

Boa noite

_________________________________

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Versão da Base de Dados: 4016

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

21/4/2010 19:28:22

mbam-log-2010-04-21 (19-28-22).txt

 

Tipo de Verificação: Verificação Completa (D:\|)

Objetos escaneados: 147960

Tempo decorrido: 1 hora(s), 34 minuto(s), 11 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP140\A0010322.exe (Backdoor.VB) -> Quarantined and deleted successfully.

______________________________

 

Após apenas 1 h perante o log supra.

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Versão da Base de Dados: 4018

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

21/4/2010 20:59:37

mbam-log-2010-04-21 (20-59-37).txt

 

Tipo de Verificação: Verificação Completa (D:\|)

Objetos escaneados: 148589

Tempo decorrido: 39 minuto(s), 27 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 2

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

D:\WINDOWS\sed.exe (Trojan.Agent.Gen) -> No action taken.

D:\WINDOWS\Sed.exe.vi (Trojan.Agent.Gen) -> No action taken.

 

 

Abraços

[DigRam 144]

Bom Dia! EDSSX

 

<@> Faça um escaneamento,online,em:

 

'>http://www.eset.com/onlinescan/index.php"]

 

<@> Ps: Utilize o navegador Internet Explorer.

<@> Clique em: < >

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX --> Dê início ao scan.

<@> Concluindo,poste o relatório: D:\Program Files\EsetOnlineScanner\log.txt

 

Abraços!

[EDSSX 0]

Bom dia DigRam

 

 

 

Não consigo instalar .

 

 

 

Abraços

[DigRam 144]

Bom dia DigRam

 

 

 

Não consigo instalar .

 

 

Abraços

/////////////\\\\\\\\\\\\

Opa! EDSSX

 

<!> Tente em BitDefender.

0000000000000000000000

<@> Faça escaneamento de desinfecção,em: < BitDefender >

<@> Ps: Utilize o navegador Internet Explorer!

<@> Abrirá a página: BitDefender OnLine Scanner ( Free and effective malware cleanup directly from your browser )

<@> Clique em < >

<@> Marque a caixinha: "I agree with the Terms and Conditions" --> "Start Here"

<@> Clique na barra azul,e aceite a instalação do ActiveX. ( Instalar este Complemento para todos os Usuários... )

<@> Aguarde a instalação e,à seguir,clique em "Start Scan".

<@> Terminando,poste o relatório: D:\Windows\BDOSCAN8\bdoscan.log <--

 

Abraços!

[EDSSX 0]

Bom dia

 

 

Segue:

 

QuickScan Beta 32-bit v0.9.9.18

-------------------------------

 

Scan date: Thu Apr 22 11:44:50 2010

Machine ID: 40F5D453

 

 

 

No infection found.

-------------------

 

 

 

Processes

---------

<unsigned> Gadwin PrintScreen 3964 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

<unsigned> PLAS Service 1052 D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe

<unsigned> Stardock CursorXP 272 D:\Arquivos de programas\CursorXP\CursorXP.exe

 

<verified> AntiVir Desktop 260 D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<verified> AntiVir Desktop 356 D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

<verified> AntiVir Desktop 836 D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

<verified> AntiVir Desktop 1732 D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

<verified> Firefox 3804 D:\Arquivos de programas\Mozilla Firefox\firefox.exe

<verified> Java Platform SE 6 U20 408 D:\Arquivos de programas\Java\jre6\bin\jqs.exe

<verified> Java Platform SE Auto Updater 2 0 236 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

<verified> Malwarebytes' Anti-Malware 2360 D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

<verified> Microsoft Search Enhancement Pack 936 D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

<verified> Microsoft® Visual Studio .NET 884 D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

<verified> Microsoft® Windows® Operating System 2812 D:\WINDOWS\System32\alg.exe

<verified> Microsoft® Windows® Operating System 1280 D:\WINDOWS\system32\csrss.exe

<verified> Microsoft® Windows® Operating System 1360 D:\WINDOWS\system32\lsass.exe

<verified> Microsoft® Windows® Operating System 1688 D:\WINDOWS\system32\spoolsv.exe

<verified> Microsoft® Windows® Operating System 656 D:\WINDOWS\System32\svchost.exe

<verified> Microsoft® Windows® Operating System 776 D:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1040 D:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1544 D:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1608 D:\WINDOWS\system32\svchost.exe

<verified> PC Tools Auxiliary Service 2980 D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

<verified> PC Tools GUI Application 3708 D:\Arquivos de programas\Spyware Doctor\pctsGui.exe

<verified> PC Tools Security Service 276 D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

<verified> PC Tools Tray Application 1456 D:\Arquivos de programas\Spyware Doctor\pctsTray.exe

<verified> Sistema operacional Microsoft® Windows® 1792 D:\WINDOWS\Explorer.EXE

<verified> Sistema operacional Microsoft® Windows® 2740 D:\WINDOWS\system32\MSSWCHX.EXE

<verified> Sistema operacional Microsoft® Windows® 2728 D:\WINDOWS\system32\osk.exe

<verified> Sistema operacional Microsoft® Windows® 1348 D:\WINDOWS\system32\services.exe

<verified> Sistema Operacional Microsoft® Windows® 1236 D:\WINDOWS\System32\smss.exe

<verified> Sistema operacional Microsoft® Windows® 2284 D:\WINDOWS\system32\wbem\wmiapsrv.exe

<verified> Sistema operacional Microsoft® Windows® 1304 D:\WINDOWS\system32\winlogon.exe

 

 

Network activity

----------------

Process firefox.exe (3804) connected on port 80 (HTTP) --> qw-in-f138.1e100.net

Process firefox.exe (3804) connected on port 80 (HTTP) --> lga15s04-in-f154.1e100.net

Process firefox.exe (3804) connected on port 80 (HTTP) --> CRL.VERISIGN.NET

 

Process svchost.exe (1608) listens on ports: 135 (RPC)

 

 

Autoruns and critical files

---------------------------

<unsigned> Ahead Software Gmbh NeroCheck C:\WINDOWS\System32\NeroCheck.exe

<unsigned> Stardock CursorXP D:\Arquivos de programas\CursorXP\CursorXP.exe

<unsigned> WindowBlinds 4.x for x86 machines D:\WINDOWS\system32\WBSYS.DLL

 

<verified> Adobe Acrobat D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

<verified> Adobe Reader and Acrobat Manager D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

<verified> AntiVir Desktop D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<verified> Java Platform SE Auto Updater 2 0 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\CRYPTNET.DLL

<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\DIMSNTFY.DLL

<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\WPDShServiceObj.dll

<verified> PC Tools Tray Application D:\Arquivos de programas\Spyware Doctor\pctsTray.exe

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\BROWSEUI.DLL

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\CRYPT32.DLL

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\CSCDLL.DLL

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\logonui.exe

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\sclgntfy.dll

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\SHELL32.DLL

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\stobject.dll

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\upnpui.dll

<verified> Sistema operacional Microsoft® Windows® d:\windows\system32\userinit.exe

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\WLNOTIFY.DLL

<verified> Windows® Internet Explorer D:\WINDOWS\system32\webcheck.dll

 

 

Browser plugins

---------------

<unsigned> bdupd.dll D:\WINDOWS\Downloaded Program Files\bdupd.dll

<unsigned> ipsupd.dll D:\WINDOWS\Downloaded Program Files\ipsupd.dll

<unsigned> Shockwave for Director D:\WINDOWS\system32\Adobe\Director\np32dsw.dll

 

<verified> AcroIEHelperShim Library d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll

<verified> Adobe Acrobat D:\Arquivos de programas\Internet Explorer\plugins\nppdf32.dll

<verified> Adobe® Flash® Player ActiveX D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

<verified> BitDefender QuickScan D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

<verified> BitDefender QuickScan D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

<verified> GbpDist Module D:\WINDOWS\Downloaded Program Files\gbpdist.dll

<verified> Java Platform SE 6 U20 d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

<verified> Java Platform SE 6 U20 d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

<verified> Microsoft Search Enhancement Pack d:\arquivos de programas\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll

<verified> Microsoft® Windows® Operating System D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\rsvpsp.dll

<verified> Microsoft® Windows® Operating System D:\WINDOWS\system32\winrnr.dll

<verified> NPSWF32.dll D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

<verified> Silverlight Plug-In d:\Arquivos de programas\Microsoft Silverlight\3.0.50106.0\npctrl.dll

<verified> Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\mswsock.dll

<verified> Windows Presentation Foundation d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

<verified> Windows® Internet Explorer D:\WINDOWS\system32\IEFRAME.DLL

 

 

Missing files

-------------

File not found: D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\catchme.sys

referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

 

File not found: hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,

76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,0,79,00,73,00,00,00

referenced in: HKLM\System\ControlSet001\services\NtTdiDr\"ImagePath"

 

 

Scan

----

<unsigned> MD5: 3e4c03cefad8de135263236b61a49c90 C:\WINDOWS\System32\NeroCheck.exe

<unsigned> MD5: b242aff9b81ddbc6501296d90350fb37 D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

<unsigned> MD5: 0159f60caa4169f1bec0294990aa8c4e D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\1046\MDMUI.DLL

<unsigned> MD5: c0fad4903271cf91f104c7d9a028d039 D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe

<unsigned> MD5: 0c82754d7ff191e55525f7d2679657ba D:\Arquivos de programas\Avira\AntiVir Desktop\aebb.dll

<unsigned> MD5: 61434e8957467c93d1e2b9258e78ed17 D:\Arquivos de programas\Avira\AntiVir Desktop\AECORE.DLL

<unsigned> MD5: 05c1fb890143704eb526c3044c6cd506 D:\Arquivos de programas\Avira\AntiVir Desktop\aeemu.dll

<unsigned> MD5: 90f90795e235e28c723a57c6ef9f0659 D:\Arquivos de programas\Avira\AntiVir Desktop\aegen.dll

<unsigned> MD5: 26693a1c19f012eb7f21ec54681ce0ac D:\Arquivos de programas\Avira\AntiVir Desktop\aehelp.dll

<unsigned> MD5: 988a4adc4d368bc3117a943120d183b2 D:\Arquivos de programas\Avira\AntiVir Desktop\AEHEUR.DLL

<unsigned> MD5: a34040c3cc4ff232df2d88bb596a3e6f D:\Arquivos de programas\Avira\AntiVir Desktop\AEOFFICE.DLL

<unsigned> MD5: 68b89e18be8c02f8ee6410fef17143b1 D:\Arquivos de programas\Avira\AntiVir Desktop\AEPACK.DLL

<unsigned> MD5: eae5f4b8b274dcc719438aac5ba08b6a D:\Arquivos de programas\Avira\AntiVir Desktop\AERDL.DLL

<unsigned> MD5: d1efc8020eadaa19c39c974e2af354d8 D:\Arquivos de programas\Avira\AntiVir Desktop\AESBX.DLL

<unsigned> MD5: 79fb5a728af28f6f6b4536cf5be20da8 D:\Arquivos de programas\Avira\AntiVir Desktop\AESCN.DLL

<unsigned> MD5: 24d3b4dd021475a3b83f177e441b3938 D:\Arquivos de programas\Avira\AntiVir Desktop\AESCRIPT.DLL

<unsigned> MD5: 35b320ae9ea62857e4f2b972dcf8a768 D:\Arquivos de programas\Avira\AntiVir Desktop\AEVDF.DLL

<unsigned> MD5: ddf0d660e994d0bb912f37dca7afe8f7 D:\Arquivos de programas\Avira\AntiVir Desktop\AVEVTLOG.DLL

<unsigned> MD5: e1ac63748ef4d24e04060c5c61160643 D:\Arquivos de programas\Avira\AntiVir Desktop\AVGIO.DLL

<unsigned> MD5: 06990855177b4ab5366864738c43d459 D:\Arquivos de programas\Avira\AntiVir Desktop\AVIPC.DLL

<unsigned> MD5: 92ea86876dfde3b9f6b4b6443c8b11fb D:\Arquivos de programas\Avira\AntiVir Desktop\AVPREF.DLL

<unsigned> MD5: dfca644502dfa491384a53f87ae03fb6 D:\Arquivos de programas\Avira\AntiVir Desktop\AVSMTP.DLL

<unsigned> MD5: e297d7ede615bc39f6a3708e2f9a924c D:\Arquivos de programas\Avira\AntiVir Desktop\CCGEN.DLL

<unsigned> MD5: a48457fa81661ff73b549e42ca2488a2 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGENRC.DLL

<unsigned> MD5: 298b49e02025add1d12aaf27937a3549 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGRDRC.DLL

<unsigned> MD5: 41303e032613d2c4e29be8b8eb5f027b D:\Arquivos de programas\Avira\AntiVir Desktop\CCGRDW.DLL

<unsigned> MD5: 80803bf24c42c1b7130f8ad69e05b744 D:\Arquivos de programas\Avira\AntiVir Desktop\CCGUARD.DLL

<unsigned> MD5: 81ba09327b20a9bf88e47091d9d0d3c7 D:\Arquivos de programas\Avira\AntiVir Desktop\cclic.dll

<unsigned> MD5: 939286b2d5177e88d1fa804413ac8862 D:\Arquivos de programas\Avira\AntiVir Desktop\cclicrc.dll

<unsigned> MD5: dcd62c40142df3b41f64ac837feb5716 D:\Arquivos de programas\Avira\AntiVir Desktop\ccmainrc.dll

<unsigned> MD5: f65abcdedecb5d5fe6cd037867dbec5d D:\Arquivos de programas\Avira\AntiVir Desktop\ccmsg.dll

<unsigned> MD5: 76d19b395001f884eeed44d582fd5658 D:\Arquivos de programas\Avira\AntiVir Desktop\ccmsgrc.dll

<unsigned> MD5: 91fe94f0defa802320466bab90bb4f0a D:\Arquivos de programas\Avira\AntiVir Desktop\ccupdate.dll

<unsigned> MD5: 3fef6e15b2f4596a58854e4ef4f1d9eb D:\Arquivos de programas\Avira\AntiVir Desktop\ccupdrc.dll

<unsigned> MD5: 96bcd91d7f84ec265ceb2f4d47838a51 D:\Arquivos de programas\Avira\AntiVir Desktop\CCWKRLIB.DLL

<unsigned> MD5: 01936b92434b6ab994d9bb2139729cfb D:\Arquivos de programas\Avira\AntiVir Desktop\CFGLIB.DLL

<unsigned> MD5: 92d9eb35797530fedc07b1d75533f68e D:\Arquivos de programas\Avira\AntiVir Desktop\GUARDMSG.DLL

<unsigned> MD5: 020e9a91b8da0927e8a60868d90f515a D:\Arquivos de programas\Avira\AntiVir Desktop\LIBDB44.DLL

<unsigned> MD5: 7464c6694036b42ba237eb723a34d0f4 D:\Arquivos de programas\Avira\AntiVir Desktop\RCIMAGE.DLL

<unsigned> MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa D:\Arquivos de programas\Avira\AntiVir Desktop\SCHEDR.DLL

<unsigned> MD5: 902c61f27c86b4a0c0bff31f154ddbeb D:\Arquivos de programas\Avira\AntiVir Desktop\shlext.dll

<unsigned> MD5: 0815aff09e50a3cf1349396f5b2ebc6a D:\Arquivos de programas\Avira\AntiVir Desktop\SQLITE3.DLL

<unsigned> MD5: 3ef2a4bd267ac889cf90d0ec80cc9a11 D:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

<unsigned> MD5: 2c6df80a7c4c651f1fa2e34e3aff9261 D:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll

<unsigned> MD5: 7b70742882445f1269fc49708ab39751 D:\Arquivos de programas\CursorXP\CursorXP.exe

<unsigned> MD5: 33cfc1e1dc8b71974806378a821143f9 D:\Arquivos de programas\CursorXP\CurXP0.dll

<unsigned> MD5: ad298bdbf33c10efd2f9bb2bae8718d9 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 D:\Arquivos de programas\Java\jre6\bin\MSVCR71.DLL

<unsigned> MD5: 26b018758226a5dc06de45496c394d40 D:\Arquivos de programas\Mozilla Firefox\freebl3.dll

<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 D:\Arquivos de programas\Mozilla Firefox\nssdbm3.dll

<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c D:\Arquivos de programas\Mozilla Firefox\softokn3.dll

<unsigned> MD5: 2e0601e04e009a664714649d1b2bc126 D:\Arquivos de programas\Spyware Doctor\klg.dat

<unsigned> MD5: c13d1e38e6549f156f9f484225c79cac D:\Arquivos de programas\Spyware Doctor\PCToolsComponents.bpl

<unsigned> MD5: ee4751299febfab77e689c60721ef218 D:\Arquivos de programas\Spyware Doctor\rtl100.bpl

<unsigned> MD5: aa2baee9c50ab6fed72de7c8867dff49 D:\Arquivos de programas\Spyware Doctor\vcl100.bpl

<unsigned> MD5: a57234a9295b026c13fbf81b729fafa6 D:\WINDOWS\Downloaded Program Files\bdupd.dll

<unsigned> MD5: fe691848ced7c74b2a177319ac154a1f D:\WINDOWS\Downloaded Program Files\ipsupd.dll

<unsigned> MD5: 9317118077072c08cd84597d2925249a D:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<unsigned> MD5: 3a1dc7c08ae1af450ffd753a0fd82f9d D:\WINDOWS\system32\drivers\CPUIDLEP.sys

<unsigned> MD5: 18221b858dcbac906f7c30911b7630bc D:\WINDOWS\system32\WBSYS.DLL

 

 

No file uploaded.

 

Scan finished - communication took 8 sec

Total traffic - 0.08 MB sent, 3.06 KB recvd

Scanned 1148 files and modules - 661 seconds

 

 

Obrigado

[DigRam 144]

Opa! EDSSX

 

QuickScan Beta 32-bit v0.9.9.18

-------------------------------

 

Scan date: Thu Apr 22 11:44:50 2010

Machine ID: 40F5D453

 

No infection found.

<!> Não foram detectadas infecções,nessa modalidade rápida,em BitDefender.

<!> Não conseguiu realizar a de desinfecção,tradicional,em BitDefender?

00000000000000000000000

00000000000000000000000

<@> Faça escaneamento online em: < > Link!

<@> Ps: Utilize o navegador Firefox ou Internet Explorer.

<@> Faça o registro gratuito,para que tenhas a opção na desinfecção de arquivos.

<@> Clique em "Registar-se".

<@> Terminando,clique em "Enviar".

<@> Na janela de boas vindas,escolha a "Análise rápida" --> Clique em "Analisar agora".

<@> Se esta é a primeira vez que utiliza o ActiveScan 2.0,com o Mozilla Firefox,será pedido a instalação de um plugin.

<@> Portanto,para que o ActiveScan 2.0 funcione,é necessário transferir e instalar essa extensão.

<@> Aguarde,também,a atualização do ActiveScan 2.0.

<@> Terminando,podes dar início ao scan.

<@> Ao final da verificação,clique em "Disinfect". <-- Caso esteja habilitada!

<@> Ps: A opção disinfect é com ônus,para que seja efetuada.

<@> Clique,à seguir,em "Export to" para que tenhamos o relatório. <-- Salve-o no desktop!

<@> Poste: ActiveScan.txt <--

 

Abraços!

[EDSSX 0]

Boa tarde

 

Segue:

 

;*****************************************************************************

ANALYSIS: 2010-04-22 13:33:49

PROTECTIONS: 1

MALWARE: 0

SUSPECTS: 0

;*****************************************************************************

PROTECTIONS

Description Version Active Updated

;=============================================================================

AntiVir Desktop 10.0.1.44 Yes Yes

;=============================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;=============================================================================

SUSPECTS

Sent Location

;=============================================================================

VULNERABILITIES

Id Severity Description

;=============================================================================

217831 HIGH MS10-005

;=============================================================================

 

Abraços

[DigRam 144]

Boa Tarde! EDSSX

 

<!> O relatório do Panda,não mostrou problemas relacionados à malwares.

00000000000000000000000

<!> Baixe esta atualização: < KB978706 >

<!> Clique em "Fazer Download",e instale-a em seu PC.

00000000000000000000000

<!> Tudo Ok?

 

Abraços!

[EDSSX 0]

Boa tarde

 

 

Acho que sim .

 

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Versão da Base de Dados: 4021

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

22/4/2010 14:30:29

mbam-log-2010-04-22 (14-30-29).txt

 

Tipo de Verificação: Verificação Completa (D:\|)

Objetos escaneados: 144117

Tempo decorrido: 1 hora(s), 2 minuto(s), 14 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:39:57, on 22/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\osk.exe

D:\WINDOWS\system32\MSSWCHX.EXE

D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

D:\Arquivos de programas\Spyware Doctor\pctsTray.exe

D:\Arquivos de programas\Spyware Doctor\pctsGui.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: ÿþ1

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "D:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe

 

--

End of file - 5094 bytes

 

 

 

Obrigado e abraços

[DigRam 144]

Boa Tarde! EDSSX

 

<!> Seus logs estão limpos! :)

<!> Bom trabalho!

 

Abraços!

[EDSSX 0]

Boa tarde

 

 

Ok, pode ençerrar o tópico .

 

 

Abraços

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.