Ajuda - Busca - Membros - Calendário
Versão Completa: [Resolvido]Sucessivas notificações de Vírus
Fórum Script Brasil > Segurança e Malwares > Remoção De Malwares > Casos Resolvidos
Lelus
03/06/2009 - 15:32
Caro Moderador

Recentemente tive várias notificações de vírus em meu computador. Bom, eu usava o AVG 8, daí resolvi instalar também o Avira, que começou a localizar vários vírus em meu pc. As notificações diminuiram, mas o AVir sempre notifica a presença de alguns todas as vezes que peço para fazer o Scan. O que estou fazendo de errado?
Grato pela atenção.
Lelus

Segue abaixo meus logs do hijackthis e do Avira AntiVir:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:38, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S45.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.MSN.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9ca696609c364) (gupdate1c9ca696609c364) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8935 bytes


Antivirus Avira:



Avira AntiVir Personal
Report file date: quarta-feira, 3 de junho de 2009 14:27

Scanning for 1449151 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAM-989A41F5A80

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/4/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 17/4/2009 12:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 00:33:26
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/5/2009 14:55:21
ANTIVIR3.VDF : 7.1.4.52 122368 Bytes 3/6/2009 15:04:22
Engineversion : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 1/6/2009 14:55:34
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 1/6/2009 14:55:33
AESCN.DLL : 8.1.2.3 127347 Bytes 1/6/2009 14:55:32
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 1/6/2009 14:55:32
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/2/2009 00:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 1/6/2009 14:55:30
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/2/2009 00:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 1/6/2009 14:55:25
AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 18:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 1/6/2009 14:55:23
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/2/2009 15:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 14:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: quarta-feira, 3 de junho de 2009 14:27

Starting search for hidden objects.
'33419' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'JustVoip.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'PSNGive.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'PsnLite.exe' - '1' Module(s) have been scanned
Scan process 'LaunchU3.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'gbpsv.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000095
[0] Archive type: RAR
--> Flash_Disinfector.exe
--> Flash_Disinfector.exe
[1] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
C:\Instaladores\Flash_Disinfector_www.pplware.com.rar
[0] Archive type: RAR
--> Flash_Disinfector.exe
--> Flash_Disinfector.exe
[1] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
C:\Instaladores\Flash_Disinfector_www.pplware.com\Flash_Disinfector.exe

[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

Beginning disinfection:
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000095
[NOTE] The file was moved to '4a56bd31.qua'!
C:\Instaladores\Flash_Disinfector_www.pplware.com.rar
[NOTE] The file was moved to '4a87bd3f.qua'!
C:\Instaladores\Flash_Disinfector_www.pplware.com\Flash_Disinfector.exe
[NOTE] The file was moved to '4bf10330.qua'!


End of the scan: quarta-feira, 3 de junho de 2009 15:11
Used time: 38:23 Minute(s)

The scan has been done completely.

3671 Scanned directories
158653 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
158648 Files not concerned
1397 Archives were scanned
2 Warnings
5 Notes
33419 Objects were scanned with rootkit scan
0 Hidden objects were found


JackSSA
04/06/2009 - 15:23
Faça o download do Malwarebytes Anti-Malware
http://www.besttechie.net/mbam/mbam-setup.exe
  • Faça a instalação dando um duplo clique em mbam-setup.exe.
  • Marque Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em Concluir.
  • Marque Verificação Rápida e depois clique em Verificar.
  • Quando o scan terminar, clique em Ok e em Mostrar Resultados para ver o log.
  • Se algo for detectado, veja se tudo está marcado e clique em Remover.
  • O log é automaticamente gravado e pode ser consultado clicando em Logs do menu principal do programa.
  • Copie e cole o conteúdo desse log na sua próxima resposta.
  • Poste também um novo Log do Hijackthis.
Lelus
07/06/2009 - 13:18

Caro Moderador

Fiz o que me recomendou. Segue abaixo os logs solicitados.

Grato

Lelus

Malwarebytes' Anti-Malware 1.37
Versão do banco de dados: 2243
Windows 5.1.2600 Service Pack 3

7/6/2009 13:04:27
mbam-log-2009-06-07 (13-04-27).txt

Tipo de Verificação: Rápida
Objetos verificados: 79014
Tempo decorrido: 18 minute(s), 50 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 1
Ítens do Registro infectados: 1
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
(Nenhum ítem malicioso foi detectado)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:48, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S45.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.MSN.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9ca696609c364) (gupdate1c9ca696609c364) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10033 bytes

JackSSA
08/06/2009 - 19:10
Faça download do Kaspersky Removal Tool Salve no seu desktop (área de trabalho).
  • Instale o programa normalmente seguindo todos os seus passos.
  • Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção clique em "skip".
  • Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".
  • Dê um nome para o arquivo e salve numa pasta de sua preferência
  • Poste o conteúdo desse arquivo em sua próxima resposta.
Lelus
09/06/2009 - 15:07
Caro Moderador

Parece que não foi detectado nada.
De qualquer forma, aguardo orientações.
Segue abaixo o log.
Desde já sou muito grato!
Lelus

Scan
----
Scanned: 177122
Detected: 0
Untreated: 0
Start time: 9/6/2009 13:16:17
Duration: 01:31:16
Finish time: 9/6/2009 14:47:33


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file007 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file008 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file009 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file010 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file011 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file013 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file014 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file015 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file016 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file017 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file018 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file019 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file020 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file021 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file022 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file023 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file024 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file025 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file026 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file027 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file028 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file029 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file030 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file031 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file032 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file033 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file034 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file035 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file036 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file037 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file038 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file039 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file040 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file041 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file042 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file043 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file044 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file045 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file046 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file047 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file048 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file049 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file050 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file051 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file052 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file053 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file054 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file055 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file056 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file057 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file058 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file059 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file060 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file061 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file062 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file063 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file064 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file065 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file066 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file067 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file068 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file069 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file070 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file071 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file072 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file073 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file074 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file075 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file076 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file077 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file078 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file079 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file080 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file081 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file082 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file083 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file084 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file085 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file086 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file087 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file088 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file089 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file090 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file091 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file092 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file093 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file094 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file095 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file096 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file097 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file098 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file099 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file100 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file101 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file102 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file103 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file104 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file105 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file106 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file107 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file108 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file109 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file110 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file111 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file112 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file113 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file114 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file115 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file116 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file117 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file118 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file119 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file120 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file121 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file122 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file123 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file124 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file125 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file126 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file127 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file128 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file129 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file130 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file131 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file132 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file133 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file134 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file135 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file136 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file137 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file138 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file139 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file140 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file141 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file142 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file143 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file144 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file145 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file146 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file147 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file148 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file149 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file150 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file151 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file152 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file153 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file154 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file155 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file156 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file157 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file158 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file159 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file160 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file161 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file162 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file163 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file164 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file165 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file166 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file167 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file168 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file169 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file170 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file171 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file172 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file173 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file174 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file175 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file176 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file177 password protected
9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file178 password protected
9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.000 password protected
9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.001 password protected
9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.PTD password protected
9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.000 password protected
9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.001 password protected
9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.PTD password protected


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 177122 0 0 0 0 3893 1312 177 6
System memory 2990 0 0 0 0 0 7 0 0
Startup objects 736 0 0 0 0 0 141 0 0
Disk boot sectors 2 0 0 0 0 0 0 0 0
Meu computador 173394 0 0 0 0 3893 1164 177 6


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
JackSSA
10/06/2009 - 14:27
Versões antigas do Java, têm vunerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

Faça o download do JavaRa:
http://sourceforge.net/project/downloading...use_mirror=osdn

Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search.

Se estiver atualizado, receberá um aviso de que tem a última versão. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.


Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Seu Log está limpo. Ainda há algum problema com o PC?
Lelus
15/06/2009 - 18:05
Caro Moderador

Só uma dúvida. Eu uso o navegador Google Chrome e para que ele ficasse funcionando bem na maioria das paginas, eu precisei instalar algumas versões que ele recomendou do Java, que eram de fato 2 ou 3 versões mais antigas, para fazer rodar a maquina java nos sites que pediam isso. Bom, mesmo assim, ainda não é 100%. Alguns sites que envolvem segurança o java não responde corretamente.
Neste caso, qual a recomendação? instalo mesmo assim a mais nova versão?
Grato pela ajuda e no mais não tenho mais problemas para resolver com relação ao aos malwares.
Lelus
JackSSA
16/06/2009 - 16:02
http://java.com/en/download/faq/chrome.xml

Google Chrome requires Java 6 Update 10 or greater (Java 6u10+), as indicated in the Google Chrome Help Center.

Google Chrome requer Java 6 Update 10 ou superior, indicado no Centro de Ajuda do Google Chrome.

Possívelmente a versão Update 12 (mais nova) seja plemamente compatível.

Lelus
16/06/2009 - 23:27
Caro Moderador

Grato pela ajuda.
Acho que agora os problemas por que passei já foram resolvidos.
Muito Obrigado.
Lelus
JackSSA
17/06/2009 - 16:10
Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.
Esta é uma versão simplificada de nosso conteúdo principal. Para ver a versão completa com maiores informações, formatação e imagens, por favor clique aqui.
Invision Power Board © 2001-2013 Invision Power Services, Inc.