[Arquivado] Erro no micro ao conectar via telefone

[Reinaldo 0]

Boa noite!

Até o momento ainda trava o micro e o anti virus ainda dá sinal de virus encontrado e o micro tem travado também, muito estranho porque eu tinha formatado faz 15 dias e logo em seguida começou esses probelmas, mas vamos lá.

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 6/4/2009 22:22:35

Database loaded: signatures - 217648, NN profile(s) - 2, microprograms of healing - 56, signature database released 06.04.2009 20:09

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 106028

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082B80)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559B80

KiST = 804E2D20 (284)

Function NtCreateKey (29) intercepted (8056F063->F9B16A2E), hook not defined

Function NtCreateThread (35) intercepted (8057F262->F9B16A24), hook not defined

Function NtDeleteKey (3F) intercepted (8059D6BD->F9B16A33), hook not defined

Function NtDeleteValueKey (41) intercepted (80597430->F9B16A3D), hook not defined

Function NtLoadKey (62) intercepted (805B0F28->F9B16A42), hook not defined

Function NtOpenProcess (7A) intercepted (8057459E->F9B16A10), hook not defined

Function NtOpenThread (80) intercepted (80597C0A->F9B16A15), hook not defined

Function NtReplaceKey (C1) intercepted (8064D892->F9B16A4C), hook not defined

Function NtRestoreKey (CC) intercepted (8064C3B0->F9B16A47), hook not defined

Function NtSetValueKey (F7) intercepted (80575527->F9B16A38), hook not defined

Function NtTerminateProcess (101) intercepted (8058AE1E->F9B16A1F), hook not defined

Functions checked: 284, intercepted: 11, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 25

Number of modules loaded: 317

Scanning memory - complete

3. Scanning disks

Direct reading C:\Documents and Settings\ive lima\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\ive lima\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\ive lima\Configurações locais\Histórico\History.IE5\MSHist012009040620090407\index.dat

Direct reading C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\ive lima\Cookies\index.dat

Direct reading C:\Documents and Settings\ive lima\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP0\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\format.com)

C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\more.com)

C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\tree.com)

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\software

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_658.dat

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: TlntSvr (Telnet)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting

)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 168769, extracted from archives: 135848, malicious software found 0, suspicions - 0

Scanning finished at 6/4/2009 22:52:39

Time of scanning: 00:30:07

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

view_log.txt

 

C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\format.com3PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\more.com3PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)C:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\tree.com3PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

[DigRam 144]

Boa Noite! Reinaldo

 

<@> Abra o avz4 e delete os arquivos,que estão quarantinados.

<@> Clique em File --> 'Quarantine Folder Viewer.

<@> Marque todas as caixinhas,e clique em Delete. --> Yes!

<@> Clique,também,em Delete folder --> Yes --> OK.

<><><><><><><><><><><><>

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

 

Abraços!

[Reinaldo 0]

Bom dia!

DigRam,

Segue o relatório:

 

 

 

Scan

----

Scanned: 477108

Detected: 5

Untreated: 0

Start time: 8/4/2009 21:14:47

Duration: 06:45:11

Finish time: 9/4/2009 03:59:58

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Packed.Win32.Klone.bj File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000003.exe//PE_Patch.UPX//UPX

deleted: Trojan program Packed.Win32.Klone.bj File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\zitudh.exe//PE_Patch.UPX//UPX

deleted: virus Net-Worm.Win32.Kido.ih File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\fwsryowb[1].gif

deleted: virus Net-Worm.Win32.Kido.ih File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\S5QFGHQB\fwsryowb[1].bmp

deleted: virus Net-Worm.Win32.Kido.ih File: C:\WINDOWS\system32\x//PE_Patch.UPX//UPX

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

8/4/2009 22:45:52 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000003.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

8/4/2009 22:45:53 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000003.exe//PE_Patch.UPX//UPX not disinfected postponed

8/4/2009 22:46:01 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\zitudh.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

8/4/2009 22:46:01 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\zitudh.exe//PE_Patch.UPX//UPX not disinfected postponed

8/4/2009 23:43:11 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\fwsryowb[1].gif detected virus 'Net-Worm.Win32.Kido.ih'

8/4/2009 23:43:11 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\fwsryowb[1].gif not disinfected postponed

8/4/2009 23:43:12 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\S5QFGHQB\fwsryowb[1].bmp detected virus 'Net-Worm.Win32.Kido.ih'

8/4/2009 23:43:12 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\S5QFGHQB\fwsryowb[1].bmp not disinfected postponed

9/4/2009 00:38:40 File: C:\WINDOWS\system32\x//PE_Patch.UPX//UPX detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 00:38:40 File: C:\WINDOWS\system32\x//PE_Patch.UPX//UPX not disinfected postponed

9/4/2009 01:12:54 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000003.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

9/4/2009 01:12:54 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000003.exe//PE_Patch.UPX//UPX not disinfected postponed

9/4/2009 01:13:01 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\zitudh.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

9/4/2009 01:13:01 File: C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\zitudh.exe//PE_Patch.UPX//UPX not disinfected postponed

9/4/2009 02:10:51 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\fwsryowb[1].gif detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 02:10:51 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\fwsryowb[1].gif not disinfected postponed

9/4/2009 02:10:52 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\S5QFGHQB\fwsryowb[1].bmp detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 02:10:52 File: C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\S5QFGHQB\fwsryowb[1].bmp not disinfected postponed

9/4/2009 03:07:20 File: C:\WINDOWS\system32\x//PE_Patch.UPX//UPX detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 03:07:21 File: C:\WINDOWS\system32\x//PE_Patch.UPX//UPX not disinfected postponed

9/4/2009 03:12:40 File: c:\documents and settings\ive lima\doctorweb\quarantine\a0000003.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

9/4/2009 03:59:12 File: c:\documents and settings\ive lima\doctorweb\quarantine\a0000003.exe//PE_Patch.UPX//UPX not disinfected cannot be disinfected

9/4/2009 03:59:39 File: c:\documents and settings\ive lima\doctorweb\quarantine\a0000003.exe deleted

9/4/2009 03:59:40 File: c:\documents and settings\ive lima\doctorweb\quarantine\zitudh.exe//PE_Patch.UPX//UPX detected Trojan program 'Packed.Win32.Klone.bj'

9/4/2009 03:59:43 File: c:\documents and settings\ive lima\doctorweb\quarantine\zitudh.exe//PE_Patch.UPX//UPX not disinfected cannot be disinfected

9/4/2009 03:59:47 File: c:\documents and settings\ive lima\doctorweb\quarantine\zitudh.exe deleted

9/4/2009 03:59:47 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\k9afc56b\fwsryowb[1].gif detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 03:59:49 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\k9afc56b\fwsryowb[1].gif not disinfected cannot be disinfected

9/4/2009 03:59:51 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\k9afc56b\fwsryowb[1].gif deleted

9/4/2009 03:59:51 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\s5qfghqb\fwsryowb[1].bmp detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 03:59:53 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\s5qfghqb\fwsryowb[1].bmp not disinfected cannot be disinfected

9/4/2009 03:59:54 File: c:\documents and settings\networkservice\configurações locais\temporary internet files\content.ie5\s5qfghqb\fwsryowb[1].bmp deleted

9/4/2009 03:59:54 File: c:\windows\system32\x//PE_Patch.UPX//UPX detected virus 'Net-Worm.Win32.Kido.ih'

9/4/2009 03:59:57 File: c:\windows\system32\x//PE_Patch.UPX//UPX not disinfected cannot be disinfected

9/4/2009 03:59:58 File: c:\windows\system32\x deleted

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

[DigRam 144]

Bom Dia! Reinaldo

 

<@> A infecção,é devido a um worm polifórmico,denominado: Worm Kido ou Conficker Kido Downadup

 

<@> Leia: < http://www.linhadefensiva.org/forum/index....mp;#entry444174 >

 

<@> Baixe: < Kaspersky Kido Killer 3.4.3 >

 

<@> Ps: Antes de utilizar a ferramenta,procure instalar esta correção:

 

< MS08-067 >

 

<@> Ao executar os procedimentos,poste o relatório da ferramenta ou do Avira.

 

Abraços!

[Reinaldo 0]

Meu amigo,

Não está funfando o link < Kaspersky Kido Killer 3.4.3 >, tem outro?

 

abraços!!

Reinaldo

 

Eu de novo, meu amigo encontrei outro programa da Symantec e rodei, fiz isso porque não consegui baixar o que você indicou e esse tem a mesma descrição do indicado por você.

veja o relatório abaxo:

 

 

 

 

Symantec W32.Downadup Removal Tool 1.1.0.2

 

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\dkou[1].bmp: W32.Downadup.B (unrepairable) (deleted)

 

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\K9AFC56B\zmofrcd[1].gif: W32.Downadup.B (unrepairable) (deleted)

 

 

registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: dl (value deleted)

registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: ds (value deleted)

registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3))

registry: HKLM\system\CurrentControlSet\Services\ERSvc: Start (value set to 0x00000002 (2))

registry: HKLM\system\CurrentControlSet\Services\wscsvc: Start (value set to 0x00000002 (2))

registry: HKLM\system\CurrentControlSet\Services\wuauserv: Start (value set to 0x00000002 (2))

 

W32.Downadup has been successfully removed from your computer!

 

Here is the report:

 

The total number of the scanned files: 32929

The number of deleted threat files: 2

The number of threat processes terminated: 0

The number of threat threads terminated: 0

The number of registry entries fixed: 6

[DigRam 144]

Boa Noite! Reinaldo

 

<!> O link para baixar a ferramenta da Kaspersky,está inacessível.

<!> A utilização da ferramenta Symantec,foi providencial.

<><><><><><><><><><>

<@> Utilize a tool da Sophos,na confirmação da limpeza.

<@> Baixe: < ssconftool_10_sfx.exe > ( 771,55kb )

<@> Poste o relatório dessa verificação!

<><><><><><><><><><>

<!> Com o computador desinfectado,faremos a otimização de sua conecção com o TuneUp Utilities.

 

Abraços!

[Reinaldo 0]

Boa noite!

caro DigRam,

Segue o relatório do avira após rodar o programa ssconftool_10_sfx.exe.

 

 

 

Avira AntiVir Personal

Report file date: quinta-feira, 9 de abril de 2009 21:20

 

Scanning for 1346250 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : IVE-R6PHPMKAQLW

 

Version information:

BUILD.DAT : 9.0.0.387 17962 Bytes 24/3/2009 11:04:00

AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/2/2009 15:13:26

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 23:33:26

ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1/4/2009 00:04:37

ANTIVIR3.VDF : 7.1.3.40 158720 Bytes 9/4/2009 00:13:32

Engineversion : 8.2.0.138

AEVDF.DLL : 8.1.1.0 106868 Bytes 27/1/2009 20:36:42

AESCRIPT.DLL : 8.1.1.73 373114 Bytes 4/4/2009 00:17:05

AESCN.DLL : 8.1.1.10 127348 Bytes 4/4/2009 00:16:04

AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 21:24:41

AEPACK.DLL : 8.1.3.12 397687 Bytes 4/4/2009 00:15:20

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/2/2009 23:01:56

AEHEUR.DLL : 8.1.0.114 1700214 Bytes 4/4/2009 00:13:33

AEHELP.DLL : 8.1.2.2 119158 Bytes 26/2/2009 23:01:56

AEGEN.DLL : 8.1.1.33 340340 Bytes 4/4/2009 00:08:19

AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 17:32:40

AECORE.DLL : 8.1.6.7 176502 Bytes 4/4/2009 00:06:28

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 13:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09

AVARKT.DLL : 9.0.0.1 292609 Bytes 9/2/2009 10:52:24

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10

RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/2/2009 14:45:45

RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/3/2009 18:55:12

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: quinta-feira, 9 de abril de 2009 21:20

 

Starting search for hidden objects.

'32919' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'update.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

27 processes with 27 modules were scanned

 

Starting master boot sector scan:

 

Start scanning boot sectors:

 

Starting to scan executable files (registry).

The registry was scanned ( '45' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000002.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\knrwth.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000098.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000099.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

 

Beginning disinfection:

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000002.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

[NOTE] The file was moved to '4a0e9b69.qua'!

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\knrwth.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

[NOTE] The file was moved to '4a509ba8.qua'!

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000098.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

[NOTE] The file was moved to '4a0e9b6b.qua'!

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000099.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

[NOTE] The file was moved to '4b7b7f6c.qua'!

 

 

End of the scan: quinta-feira, 9 de abril de 2009 22:04

Used time: 44:24 Minute(s)

 

The scan has been done completely.

 

2399 Scanned directories

205850 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

205845 Files not concerned

1219 Archives were scanned

1 Warnings

5 Notes

32919 Objects were scanned with rootkit scan

0 Hidden objects were found

 

 

 

http://superdownloads.uol.com.br/redir.cfm?softid=66280

[DigRam 144]

Boa Noite! Reinaldo

 

<@> Não esqueça de instalar o patche: < MS08-067 >

<><><><><><><><><><>

<@> As detecções do Avira,foram animadoras,pois não vi a presença do Kido.

 

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\A0000002.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

C:\Documents and Settings\ive lima\DoctorWeb\Quarantine\knrwth.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

<!> Estas apontam,apenas,a quarentena do DrWebCureIt.

 

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000098.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP1\A0000099.exe

[DETECTION] Is the TR/Autoit.GD.1 Trojan

<!> Temos aqui,o arquivo de volume,que guarda a RS. Sem o Kido.

<><><><><><><><><><>

<@> Delete a ferramenta DrWebCureIt,e a sua quarentena.

 

<!> C:\Documents and Settings\ive lima\DoctorWeb\Quarantine <--

 

<@> Baixe-o,novamente,e execute-o com a Restauração do Sistema desligada!

<@> Ps: Não procure rodar a primeira,que foi baixada!

<@> Poste o seu relatório e ligue a Restauração do Sistema.

<><><><><><><><><><>

<@> Faça um escaneamento de desinfecção,em < BitDefender > e poste o relatório.

<@> Ps: Utilize o navegador Internet Explorer!

<@> Abrirá a página: < BitDefender OnLine Scanner >

 

<@> Clique em: < >

 

<@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan.

<@> Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <--

<><><><><><><><><><>

<!> Ps: O scan em BitDefender,garantirá a ausência de infecções no volume.

 

Abraços!

[Reinaldo 0]

Bom dia!

 

DigRam

 

eu fiz a atualização do patche: < MS08-067 >, mas pra tirar duvidas vou fazer de novo você me confirma se é esse: http://www.microsoft.com/downloads/details...76-2067b73d6a03.

 

Quando você manda rodar novamente é essa ferramenta DrWebCureIt?

 

Reinaldo

 

[DigRam 144]

Bom dia!

 

DigRam

 

eu fiz a atualização do patche: < MS08-067 >, mas pra tirar duvidas vou fazer de novo você me confirma se é esse: http://www.microsoft.com/downloads/details...76-2067b73d6a03.

 

Quando você manda rodar novamente é essa ferramenta DrWebCureIt?

 

Reinaldo

 

<><><><><><><><><><>

Opa! Reinaldo

 

<!> Está correto,se voçê baixou e instalou a atualização: < Atualização de segurança para o Windows XP (KB958644) >

<!> Quanto ao DrWebCureIt,em instruções anteriores,deverá ser deletado e baixado novamente.

<!> Como a ferramenta é atualizada diariamente,não se admite rodar a antiga.

<!> Portanto,baixe uma nova versão e execute-a,postando à seguir,o seu relatório.

<!> Ps: Não esqueça o scan em BitDefender.

 

Abraços!

[Reinaldo 0]

Boa atarde!

DigRam

Segue o relatório:

 

instala[1].exe\data003C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\XJNUM861\instala[1].exeProvavelmente BACKDOOR.Trojaninstala[1].exeC:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\XJNUM861O arquivo contém objectos infectadosMovido.googletalk-setup-pt-BR.exe\data009C:\RECYCLER\S-1-5-21-2025429265-1960408961-682003330-1003\Dc48\googletalk-setup-pt-BR.exeTrojan.Click.4944googletalk-setup-pt-BR.exeC:\RECYCLER\S-1-5-21-2025429265-1960408961-682003330-1003\Dc48O arquivo contém objectos infectadosMovido.vnc-4_1_2-x86_win32.exe\data005C:\RECYCLER\S-1-5-21-2025429265-1960408961-682003330-1003\Dc48\vnc-4_1_2-x86_win32.exeProgram.RemoteAdmin.51vnc-4_1_2-x86_win32.exeC:\RECYCLER\S-1-5-21-2025429265-1960408961-682003330-1003\Dc48O arquivo contém objectos infectadosMovido.

[DigRam 144]

Boa Tarde! Reinaldo

 

<!> Restou o scan em BitDefender,mas...caso não consiga,lhe dou mais 2 opções.

 

<1> Panda

<2> Eset

 

<@> Faça um escaneamento OnLine,pelo Panda.

<@> Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

<@> Digite o seu E-Mail.

<@> Marque o botão: Não desejo receber informações...

<@> Clique em: "Pesquise agora,sem custos". --> Aguarde!

<@> Permita a instalação do Active X.

<@> Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

<@> Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

 

<!> Leia o Tutorial: < Link >

 

<@> No aviso,clique em Instalar.

<@> Aguarde a finalização,da contagem regressiva!

<@> Concluindo,vá em: "Selecione um dispositivo para analisar..."

<@> Escolha: "O Meu Computador"

<@> Aguarde!Pois vai demorar para concluir o scan.

<@> Terminando,copie o relatório e poste,na sua resposta.

<><><><><><><><><><><>

<@> Faça um escaneamento,online,em Eset.

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

 

Abraços!

[Reinaldo 0]

Boa noite!

DigRam

Segue o relatório.

 

BitDefender Online Scanner

 

Scan report generated at: Fri, Apr 10, 2009 - 20:58:50

 

Scan path: A:\;C:\;D:\;

 

Statistics

 

Time

 

01:23:03

 

Files

 

135046

 

Folders

 

2480

 

Boot Sectors

 

0

 

Archives

 

3617

 

Packed Files

 

5848

 

 

 

Results

 

Identified Viruses

 

0

 

Infected Files

 

0

 

Suspect Files

 

0

 

Warnings

 

0

 

Disinfected

 

0

 

Deleted Files

 

0

 

 

 

Engines Info

 

Virus Definitions

 

2846051

 

Engine build

 

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

 

Scan plugins

 

17

 

Archive plugins

 

45

 

Unpack plugins

 

7

 

E-mail plugins

 

6

 

System plugins

 

4

 

 

 

Scan Settings

 

First Action

 

Disinfect

 

Second Action

 

Delete

 

Heuristics

 

Yes

 

Enable Warnings

 

Yes

 

Scanned Extensions

 

*;

 

Exclude Extensions

 

 

Scan Emails

 

Yes

 

Scan Archives

 

Yes

 

Scan Packed

 

Yes

 

Scan Files

 

Yes

 

Scan Boot

 

Yes

 

 

 

Scanned File

 

Status

No virus found.

 

 

 

 

Vai precisar fazer o panda ou eset?

 

abraços!

[DigRam 144]

Boa Noite! Reinaldo

 

Vai precisar fazer o panda ou eset?

<!> Creio não haver neçessidade,já que o relatório do BitDefender veio limpo.

<!> O Avira,ainda detecta malwares?

<><><><><><><><><><><>

<@> Baixe: < > ( ...by Atribune )

<@> Salve-o no Desktop!

<@> Reinicie o computador,em Modo de Segurança!

<@> Clique em ATF-Cleaner.exe

<@> Em "Select Files To Delete",marque Select All.

<@> Clique em Empty Selected.

<@> Na janela Done Cleaning,dê o OK --> Exit

 

<@> Atenção: Se utiliza o Firefox:

 

* No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected.

 

<@> Atenção: Se utiliza o Opera:

 

* No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected.

<><><><><><><><><><><>

<@> Faça o download do TuneUp Utilities 2009.

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2009TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Em Start Page,procure otimizar: Maintenance e Speed. ( De acordo com sua conecção! )

<><><><><><><><><><><>

<@> Atualize o seu navegador: IE6 --> Para o IE7. ( Não baixe o IE8 )

<@> Atualize o Service Pack: SP2 --> Para SP3.

<@> Atualize o Java. <-- Aborte!

<><><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><><>

<!> O log está limpo!

<!> Os seus problemas,ainda,permanecem?

 

Abraços!

[Reinaldo 0]

Bom dia!

Caro DigRam,

Estou tentando instalar o IE 7 e aparece uma informaÇao que meu sistema nao suporta IE 7.

[DigRam 144]

Bom dia!

Caro DigRam,

Estou tentando instalar o IE 7 e aparece uma informaÇao que meu sistema nao suporta IE 7.

<><><><><><><><><><>

Opa! Reinaldo

 

<!> Imagine o IE8! rsrsrs...

<><><><><><><><><><>

<!> Vá em Iniciar --> Executar --> Digite ou cole: --> Clique: OK.

 

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

 

<!> Cuidado ao digitar! <-- Obedeça aos espaçamentos!

<!> Abrir-se-à a tela do prompt,para início do reparo. --> Aguarde!

<!> Reinstale o IE7.

 

Abraços!

[Reinaldo 0]

Olá meu amigo,

fiz como indicado e ainda continua o mesm erro:

 

abraços!!

[DigRam 144]

Olá meu amigo,

fiz como indicado e ainda continua o mesm erro:

 

abraços!!

<><><><><><><><><>

Opa! Reinaldo

 

<!> Execute,abaixo,este procedimento...e,caso não funcione,fique com o IE6 e navegue com o Firefox.

<><><><><><><><><>

<@> Baixe: < SubInACL >

<@> Clique em Download,para baixar a ferramenta SubInACL. ( SubInACL.exe )

<@> Instale-a na pasta: %programfiles%\Windows Resource Kits\Tools <--

<@> Copie estas informações,sob o QUOTE,para o Bloco de Notas.

 

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f

subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f

subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f

subinacl /subdirectories %SystemDrive% /grant=system=f

<@> Salve-as como: Sub.bat,e dê o seguinte caminho para o batchfile.

 

<!> %programfiles%\Windows Resource Kits\Tools\sub.bat <-- Caminho!

 

<@> Em Salvar como...,coloque: "Todos os arquivos"

<@> Execute o arquivo Sub.bat,da seguinte forma:

<@> Vá em Iniciar --> Executar --> Digite ou cole:

 

%programfiles%\Windows Resource Kits\Tools\Sub.bat

 

<@> Uma janela de prompt de comando é aberta.

<@> A ferramenta será executada por 5 à 10 minutos ou mais.

<@> Terminando,a janela de prompt de comando será fechada automaticamente.

<@> Reinicie e tente reinstalar o Internet Explorer 7.

 

Abraços!

[Reinaldo 0]

Olá DgRam,

Assim que poder eu volto para finalizarmos todos os ajustes, estou meio sem tempo mas de qualquer forma orbrigado pela sua ajuda.

[DigRam 144]

Olá DgRam,

Assim que poder eu volto para finalizarmos todos os ajustes, estou meio sem tempo mas de qualquer forma orbrigado pela sua ajuda.

<><><><><><><><><>

Opa! Reinaldo

 

<!> E não esqueça de baixar o TuneUp Utilities 2009. :thumbsup:

 

Abraços!