Viviane Tavares

finalmente consegui passar o scan o resultado foi este: Scan ---- Scanned: 370079 Detected: 7 Untreated: 7 Start time: 11/7/2008 11:10:36 Duration: 17:46:36 Finish time: 12/7/2008 04:57:12 Detected -------- Status Object ------ ------ detected: Trojan program Trojan-Downloader.Win32.Banload.quando File: c:\windows\system\system.exe detected: riskware not-a-virus:Downloader.Win32.PopCap.b File: c:\windows\downloaded program files\popcaploader.dll detected: Trojan program Trojan-Downloader.Win32.Agent.vvt File: C:\Documents and Settings\Administrador\Configurações locais\Temp\javatmp15759.php//PE_Patch.UPX//UPX detected: Trojan program Trojan-Downloader.Win32.Banload.quando File: C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\NXGDZ51Y\win[1].jpg detected: Trojan program Exploit.PHP.Userpic.a File: C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo\MJOLauncher\Zone\luxor_ar_web\locale\english\data\bitmaps\fonts\score.jpg detected: Trojan program Exploit.PHP.Userpic.a File: C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo\MJOLauncher\Zone\luxor_web\locale\english\data\bitmaps\fonts\score.jpg detected: riskware not-a-virus:PSWTool.Win32.MailPassView.130 File: C:\WINDOWS\system\outlok.exe//PE_Patch//NiceProtect//PE_Patch.UPX//UPX (...) 11/7/2008 21:12:29 File: c:\windows\system\system.exe detected Trojan program 'Trojan-Downloader.Win32.Banload.quando' 12/7/2008 04:56:57 File: c:\windows\system\system.exe not disinfected skipped by user 12/7/2008 04:56:57 File: c:\windows\downloaded program files\popcaploader.dll detected riskware 'not-a-virus:Downloader.Win32.PopCap.b' 12/7/2008 04:57:06 File: c:\windows\downloaded program files\popcaploader.dll not disinfected skipped by user 12/7/2008 04:57:07 File: c:\documents and settings\administrador\configurações locais\temp\javatmp15759.php packed file PE_Patch.UPX 12/7/2008 04:57:07 File: c:\documents and settings\administrador\configurações locais\temp\javatmp15759.php//PE_Patch.UPX packed file UPX 12/7/2008 04:57:07 File: c:\documents and settings\administrador\configurações locais\temp\javatmp15759.php//PE_Patch.UPX//UPX detected Trojan program 'Trojan-Downloader.Win32.Agent.vvt' 12/7/2008 04:57:08 File: c:\documents and settings\administrador\configurações locais\temp\javatmp15759.php//PE_Patch.UPX//UPX not disinfected skipped by user 12/7/2008 04:57:08 File: c:\documents and settings\administrador\configurações locais\temporary internet files\content.ie5\nxgdz51y\win[1].jpg detected Trojan program 'Trojan-Downloader.Win32.Banload.quando' 12/7/2008 04:57:08 File: c:\documents and settings\administrador\configurações locais\temporary internet files\content.ie5\nxgdz51y\win[1].jpg not disinfected skipped by user 12/7/2008 04:57:09 File: c:\documents and settings\all users\dados de aplicativos\mumbojumbo\mjolauncher\zone\luxor_ar_web\locale\english\data\bitmaps\fonts\score.jpg detected Trojan program 'Exploit.PHP.Userpic.a' 12/7/2008 04:57:09 File: c:\documents and settings\all users\dados de aplicativos\mumbojumbo\mjolauncher\zone\luxor_ar_web\locale\english\data\bitmaps\fonts\score.jpg not disinfected skipped by user 12/7/2008 04:57:09 File: c:\documents and settings\all users\dados de aplicativos\mumbojumbo\mjolauncher\zone\luxor_web\locale\english\data\bitmaps\fonts\score.jpg detected Trojan program 'Exploit.PHP.Userpic.a' 12/7/2008 04:57:09 File: c:\documents and settings\all users\dados de aplicativos\mumbojumbo\mjolauncher\zone\luxor_web\locale\english\data\bitmaps\fonts\score.jpg not disinfected skipped by user 12/7/2008 04:57:09 File: c:\windows\system\outlok.exe packed file PE_Patch 12/7/2008 04:57:09 File: c:\windows\system\outlok.exe//PE_Patch packed file NiceProtect 12/7/2008 04:57:10 File: c:\windows\system\outlok.exe//PE_Patch//NiceProtect packed file PE_Patch.UPX 12/7/2008 04:57:10 File: c:\windows\system\outlok.exe//PE_Patch//NiceProtect//PE_Patch.UPX packed file UPX 12/7/2008 04:57:10 File: c:\windows\system\outlok.exe//PE_Patch//NiceProtect//PE_Patch.UPX//UPX detected riskware 'not-a-virus:PSWTool.Win32.MailPassView.130' 12/7/2008 04:57:12 File: c:\windows\system\outlok.exe//PE_Patch//NiceProtect//PE_Patch.UPX//UPX not disinfected skipped by user Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 347264 7 7 0 0 7391 6078 40 12 System memory 175 0 0 0 0 0 1 0 0 meu computador 347089 7 7 0 0 7391 6077 40 12 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- preciso postar todo o resto dos eventos??? desde já agradeço a ajuda!!!! oi, quando liguei o pc gerou estes dados abaixo, não se vai ajudar, mas achei melhor postar aqui. :) <AVZ_CollectSysInfo> -------------------- Start time: 12/7/2008 11:02:16 Duration: 00:05:02 Finish time: 12/7/2008 11:07:18 <AVZ_CollectSysInfo> -------------------- Time Event ---- ----- 12/7/2008 11:02:27 1.1 Searching for user-mode API hooks 12/7/2008 11:02:28 Analysis: kernel32.dll, export table found in section .text 12/7/2008 11:02:28 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42 12/7/2008 11:02:28 Hook kernel32.dll:CreateProcessA (99) blocked 12/7/2008 11:02:28 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040 12/7/2008 11:02:28 Hook kernel32.dll:CreateProcessW (103) blocked 12/7/2008 11:02:28 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC 12/7/2008 11:02:28 Hook kernel32.dll:FreeLibrary (241) blocked 12/7/2008 11:02:28 Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB 12/7/2008 11:02:28 Hook kernel32.dll:GetModuleFileNameA (372) blocked 12/7/2008 11:02:28 Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0 12/7/2008 11:02:28 Hook kernel32.dll:GetModuleFileNameW (373) blocked 12/7/2008 11:02:28 Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648 12/7/2008 11:02:28 Hook kernel32.dll:GetProcAddress (408) blocked 12/7/2008 11:02:28 Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F 12/7/2008 11:02:28 Hook kernel32.dll:LoadLibraryA (578) blocked 12/7/2008 11:02:28 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!) 12/7/2008 11:02:28 Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF 12/7/2008 11:02:28 Hook kernel32.dll:LoadLibraryExA (579) blocked 12/7/2008 11:02:28 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!) 12/7/2008 11:02:28 Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A 12/7/2008 11:02:28 Hook kernel32.dll:LoadLibraryExW (580) blocked 12/7/2008 11:02:28 Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C 12/7/2008 11:02:28 Hook kernel32.dll:LoadLibraryW (581) blocked 12/7/2008 11:02:28 IAT modification detected: GetModuleFileNameW - 009A0010<>7C80B3D5 12/7/2008 11:02:28 Analysis: ntdll.dll, export table found in section .text 12/7/2008 11:02:28 Analysis: user32.dll, export table found in section .text 12/7/2008 11:02:29 Analysis: advapi32.dll, export table found in section .text 12/7/2008 11:02:29 Analysis: ws2_32.dll, export table found in section .text 12/7/2008 11:02:29 Analysis: wininet.dll, export table found in section .text 12/7/2008 11:02:30 Analysis: rasapi32.dll, export table found in section .text 12/7/2008 11:02:31 Analysis: urlmon.dll, export table found in section .text 12/7/2008 11:02:31 Analysis: netapi32.dll, export table found in section .text 12/7/2008 11:02:33 1.2 Searching for kernel-mode API hooks 12/7/2008 11:02:33 Driver loaded successfully 12/7/2008 11:02:33 SDT found (RVA=082680) 12/7/2008 11:02:33 Kernel ntoskrnl.exe found in memory at address 804D7000 12/7/2008 11:02:33 SDT = 80559680 12/7/2008 11:02:33 KiST = 804E26A8 (284) 12/7/2008 11:02:35 Function NtClose (19) intercepted (80566D49->F8F10588), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:35 >>> Function restored successfully ! 12/7/2008 11:02:35 >>> Hook code blocked 12/7/2008 11:02:36 Function NtCreateKey (29) intercepted (8056E7A9->F8F10444), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtDeleteValueKey (41) intercepted (80593AAC->F8F10922), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtDuplicateObject (44) intercepted (80572B26->F8F1001C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtOpenKey (77) intercepted (80567CFB->F8F1051E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtOpenProcess (7A) intercepted (80572D06->F8F0FF5C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtOpenThread (80) intercepted (8058C806->F8F0FFC0), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtQueryValueKey (B1) intercepted (8056B103->F8F1063E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:36 Function NtRestoreKey (CC) intercepted (8064C042->F8F105FE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:36 >>> Function restored successfully ! 12/7/2008 11:02:36 >>> Hook code blocked 12/7/2008 11:02:37 Function NtSetValueKey (F7) intercepted (80573C8D->F8F1077E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS 12/7/2008 11:02:37 >>> Function restored successfully ! 12/7/2008 11:02:37 >>> Hook code blocked 12/7/2008 11:02:39 Functions checked: 284, intercepted: 10, restored: 10 12/7/2008 11:02:39 1.3 Checking IDT and SYSENTER 12/7/2008 11:02:39 Analysis for CPU 1 12/7/2008 11:02:39 Checking IDT and SYSENTER - complete 12/7/2008 11:02:41 >>>> Suspicion for Rootkit uteznzg1 C:\WINDOWS\system32\Drivers\uteznzg1.sys 12/7/2008 11:02:41 1.4 Searching for masking processes and drivers 12/7/2008 11:02:41 Checking not performed: extended monitoring driver (AVZPM) is not installed 12/7/2008 11:02:41 Driver loaded successfully 12/7/2008 11:02:41 1.5 Checking of IRP handlers 12/7/2008 11:02:41 \driver\tcpip[iRP_MJ_INTERNAL_DEVICE_CONTROL] = FB10A85A -> C:\WINDOWS\System32\Drivers\avgtdi.sys, driver recognized as trusted 12/7/2008 11:02:42 Checking - complete 12/7/2008 11:02:57 >>> C:\WINDOWS\wt\webdriver\webdriver.dll HSC: suspicion for Spy.WindTangent 12/7/2008 11:03:00 >>> C:\WINDOWS\Downloaded Program Files\popcaploader.dll HSC: suspicion for Downloader.PopCapLoader (high degree of probability) 12/7/2008 11:03:09 >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto) 12/7/2008 11:03:09 >> Services: potentially dangerous service allowed: TermService (Serviços de terminal) 12/7/2008 11:03:10 >> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP) 12/7/2008 11:03:10 >> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas) 12/7/2008 11:03:10 >> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting) 12/7/2008 11:03:10 >> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota) 12/7/2008 11:03:10 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! 12/7/2008 11:03:10 >> Security: disk drives' autorun is enabled 12/7/2008 11:03:10 >> Security: administrative shares (C$, D$ ...) are enabled 12/7/2008 11:03:10 >> Security: anonymous user access is enabled 12/7/2008 11:03:10 >> Security: sending Remote Assistant queries is enabled 12/7/2008 11:03:10 >> Security: automatic logon is enabled 12/7/2008 11:03:17 >> Disable HDD autorun 12/7/2008 11:03:18 >> Disable autorun from network drives 12/7/2008 11:03:18 >> Disable CD/DVD autorun 12/7/2008 11:03:18 >> Disable removable media autorun 12/7/2008 11:03:18 >> Windows Update is disabled 12/7/2008 11:03:18 System Analysis in progress 12/7/2008 11:07:18 System Analysis - complete 12/7/2008 11:07:18 Delete file:C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-LN5PN\LOG\avptool_syscheck.htm 12/7/2008 11:07:18 Delete file:C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-LN5PN\LOG\avptool_syscheck.xml 12/7/2008 11:07:18 Script executed without errors

muito obrigada pela ajuda Miliane!!!! este fórum foi uma benção pra mim!! abraços :D