Ir para conteúdo
Fórum Script Brasil

Lelus

Membros
 Perfil  Explorar Conteúdo

  • Total de itens

    13

  • Registro em

  • Última visita

 Tipo de Conteúdo 

Tudo que Lelus postou

  1. Lelus
    Caro Moderador Consegui às duras penas executar o DDS. Meu computador está apresentando sérios problemas. O windows não carrega mais. Pelos últimos aviso, o explorer.exe estava apresentando problema. Bom, talvez a melhor coisa a se fazer agora é formatá-lo e instalar novamente o sistema operacional. De qualquer forma segue o log do DDS: Grato Lelus DDS (Ver_10-03-17.01) - NTFSx86 Run by usuario at 9:03:00,45 on sex 05/11/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19 ============== Running Processes =============== C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\TASKMAN.EXE C:\Documents and Settings\usuario\Desktop\dds.scr C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k netsvcs ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe" mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\usuario\dadosd~1\mozilla\firefox\profiles\wkib6d0j.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1271420721&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1046&id=64855&mkt=pt-br FF - component: c:\documents and settings\usuario\dados de aplicativos\mozilla\firefox\profiles\wkib6d0j.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-já", "mozff"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R? GbpKm;Gbp KernelMode R? gupdate;Google Update Service (gupdate) S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? avgio;avgio S? avgntflt;avgntflt S? GbpSv;Gbp Service S? ZSMC302;VIMICRO USB PC Camera =============== Created Last 30 ================ ==================== Find3M ==================== 2010-11-05 10:56:12 48744 ----a-w- c:\windows\system32\perfc016.dat 2010-11-05 10:56:12 344724 ----a-w- c:\windows\system32\perfh016.dat 2010-04-09 01:39:47 4 ----a-w- c:\arquivos de programas\102218.dat 2010-04-13 01:26:45 3983392 --sha-w- c:\windows\system32\drivers\fidbox.dat ============= FINISH: 9:04:55,81 ===============
  2. Lelus
    Caro Renato Meu computador agora está apresentando novo problema. Após ligar o computador e o Windows XP terminar de carregar, aparece uma mensagem de erro dizendo: "O Explorer.exe encontrou um problema e precisa ser fechado." e abaixo as recomendações: "enviar" ou não para a Microsoft. Cliquei em detalhes para tentar entender o que está acontecendo e apareceu que o arquivo que está provocando o problema (pelo que consegui entender) é o gbieh.dll. Procurei este arquivo e vi que ele pertence ao GBplugin, que é um tipo de G-Buster Browser Defense - Service instalado provavelmente pelo módulo de segurança do BB como uma proteção maior para o próprio módulo. O problema é que em seguida ao carregamento do windows e quando começo a trabalhar normalmente, como abrir um página na internet, por exemplo, ou simplesmente ouvir música, o PC trava, congela a tela ou ela fica toda branca. Então reinicializo o computador e na tela da bios aparece fazendo 3 beeps curtos e apresentando as mensagens: "CMOS settings wrong" e "New CPU installed please enter setup configure iyour system", em seguida em clico em F2 para carregar as configurações default e o computador inicializa e novamente acontecem todos os problemas novamente. Procurei saber sobre o GBplugin e várias pessoas em variados fóruns dizem ter o mesmo problemas, porém nenhum apresenta solução. Liguei no banco, mas eles dizem que não é arquivo do banco. O antivirus não identifica nada. Mas às vezes é possível trabalhar nele normalmente sem que haja qualquer problema e às vezes não consigo realizar tarefas básicas no meu computador. Tenho muitos arquivos que preciso muito preservar, muitos são profissionais, dependo deles. Não acesso mais o site do banco pelo computador. Como devo proceder neste caso? isso pode ter relação com a contaminação da qual estamos tratando neste post? Muito Grato novamente Lelus
  3. Lelus
  4. Lelus
    Segue o log do GMER. Grato Lelus ps.: seria possível explicar o que exatamente está acontecendo com o meu computador? além da curiosidade, isso seria interessante para que eu saiba como tentar evitar que o problema ocorra novamente. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-04 00:06:35 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\usuario\CONFIG~1\Temp\awqiiaod.sys ---- System - GMER 1.0.15 ---- SSDT F8C33806 ZwCreateKey SSDT F8C337FC ZwCreateThread SSDT F8C3380B ZwDeleteKey SSDT F8C33815 ZwDeleteValueKey SSDT F8C3381A ZwLoadKey SSDT F8C337E8 ZwOpenProcess SSDT F8C337ED ZwOpenThread SSDT F8C33824 ZwReplaceKey SSDT F8C3381F ZwRestoreKey SSDT F8C33810 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2554 80501D8C 4 Bytes CALL FD48E0C8 init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8032F80] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1007E4D0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 1007E350 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 1007E1F0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 10058160 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 100801B0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!GetKeyState 7E379ED9 5 Bytes JMP 10058420 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!GetAsyncKeyState 7E37A78F 5 Bytes JMP 10058830 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!GetKeyboardState 7E37D226 5 Bytes JMP 10058620 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 100580E0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Documents and Settings\usuario\Desktop\gmer.exe[3528] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 100801E0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] gaisl <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@DisplayName Image Installer Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\gaisl@Description Fornece servi?os de convers?o de endere?os de rede, endere?amento e resolu??o de nomes e/ou preven??o de invas?o para uma rede dom?stica ou de pequena empresa. Reg HKLM\SYSTEM\ControlSet001\Services\gaisl\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gaisl\Parameters@ServiceDll C:\WINDOWS\system32\vygxqk.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@DisplayName Image Installer Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl@Description Fornece servi?os de convers?o de endere?os de rede, endere?amento e resolu??o de nomes e/ou preven??o de invas?o para uma rede dom?stica ou de pequena empresa. Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\gaisl\Parameters@ServiceDll C:\WINDOWS\system32\vygxqk.dll Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@DisplayName Image Installer Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\gaisl@Description Fornece servi?os de convers?o de endere?os de rede, endere?amento e resolu??o de nomes e/ou preven??o de invas?o para uma rede dom?stica ou de pequena empresa. Reg HKLM\SYSTEM\ControlSet003\Services\gaisl\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\gaisl\Parameters@ServiceDll C:\WINDOWS\system32\vygxqk.dll ---- EOF - GMER 1.0.15 ----
  5. Lelus
  6. Lelus
  7. Lelus
    Arquivo wygyc.exe recebido em 2010.04.19 13:01:01 (UTC) Andamento: terminado Resultado: 9/41 (21.96%) Modo compacto Imprimir resultados Antivírus Versão Última Atualização Resultado a-squared 4.5.0.50 2010.04.19 Trojan.Obfuscated!IK AhnLab-V3 5.0.0.2 2010.04.19 - AntiVir 7.10.6.120 2010.04.19 - Antiy-AVL 2.0.3.7 2010.04.19 - Authentium 5.2.0.5 2010.04.16 - Avast 4.8.1351.0 2010.04.19 Win32:Crypt-GCF Avast5 5.0.332.0 2010.04.19 Win32:Crypt-GCF AVG 9.0.0.787 2010.04.19 - BitDefender 7.2 2010.04.19 - CAT-QuickHeal 10.00 2010.04.19 - ClamAV 0.96.0.3-git 2010.04.19 - Comodo 4644 2010.04.19 - DrWeb 5.0.2.03300 2010.04.19 - eSafe 7.0.17.0 2010.04.18 - eTrust-Vet 35.2.7434 2010.04.19 Win32/Tnega.ATS F-Prot 4.5.1.85 2010.04.19 - F-Secure 9.0.15370.0 2010.04.19 - Fortinet 4.0.14.0 2010.04.18 - GData 19 2010.04.19 Win32:Crypt-GCF Ikarus T3.1.1.80.0 2010.04.19 Trojan.Obfuscated Jiangmin 13.0.900 2010.04.19 - Kaspersky 7.0.0.125 2010.04.19 - McAfee 5.400.0.1158 2010.04.19 - McAfee-GW-Edition 6.8.5 2010.04.19 - Microsoft 1.5605 2010.04.19 VirTool:Win32/Obfuscator.IZ NOD32 5041 2010.04.19 a variant of Win32/Injector.BGQ Norman 6.04.11 2010.04.16 - nProtect 2010-04-19.01 2010.04.19 - Panda 10.0.2.7 2010.04.18 - PCTools 7.0.3.5 2010.04.19 - Prevx 3.0 2010.04.19 Medium Risk Malware Downloader Rising 22.44.00.04 2010.04.19 - Sophos 4.52.0 2010.04.19 - Sunbelt 6195 2010.04.19 - Symantec 20091.2.0.41 2010.04.19 - TheHacker 6.5.2.0.264 2010.04.19 - TrendMicro 9.120.0.1004 2010.04.19 - TrendMicro-HouseCall 9.120.0.1004 2010.04.19 - VBA32 3.12.12.4 2010.04.19 - ViRobot 2010.4.19.2283 2010.04.19 - VirusBuster 5.0.27.0 2010.04.18 - Informações adicionais File size: 282624 bytes MD5...: f3c3a439551e5d3287055217a4943753 SHA1..: ced9d3ebbd5b131e70e771dd90803bc7946f003a SHA256: c58262580730abc98d9c6d5723aeaaa8017dba6978f57dc6b5c4cf5133ecf6fe ssdeep: 6144:0ZDzSIqWNrA8a+TwEc/bfdy5DU5jiZ3qrWC9DH+Vzsulq2sjT/Hf:Y2WRTw J/bly5pk9+pQfn PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x26c4 timedatestamp.....: 0x4bb64f08 (Fri Apr 02 20:09:44 2010) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1ea2 0x2000 6.12 62579175b228a008ce0a78d32266b993 .rdata 0x3000 0x402 0x600 3.70 e00bca67a0895d563921d9f72ea50114 .data 0x4000 0x41fda 0x41400 6.03 b51c50642309bc44a864534d16c960a6 .rsrc 0x46000 0xa88 0xc00 3.90 952a83c5a5b6c2c05f34bd27ee6464ff .reloc 0x47000 0x4ba 0x600 2.98 cfaedd45c4758dae29d4b450aa4495b8 ( 2 imports ) > kernel32.dll: CloseHandle, CreateEventA, CreateThread, EnterCriticalSection, ExitThread, FormatMessageA, GetCurrentProcess, GetDateFormatA, GetModuleFileNameA, GetStartupInfoA, GetTickCount, GlobalAlloc, InitializeCriticalSection, InterlockedExchange, LeaveCriticalSection, LoadLibraryA, MapViewOfFile, MoveFileW, MulDiv, ReadFile, SetCurrentDirectoryA, SetEvent, Sleep, WaitForSingleObject, WriteConsoleA, lstrcmpiA, lstrcpyA, lstrlenA > user32.dll: DestroyWindow, GetActiveWindow, GetClassInfoExW, GetForegroundWindow, PaintDesktop, RemovePropW, SetMenuDefaultItem, SetWindowPos, WindowFromPoint ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=D6B2274900DE9625503604E6DF32FB0074550952' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=D6B2274900DE9625503604E6DF32FB0074550952</a> Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99 sigcheck: publisher....: Four-F copyright....: Copyright © 2002-2005 Four-F product......: Kernel Mode Driver Manager description..: Kernel Mode Driver Manager original name: KmdManager.exe internal name: KmdManager file version.: 1.3.0.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
  8. Lelus
    Resolvi Postar o Log do AVIRA para que vocês analizem também. Além disso gostaria de saber do que se trata, o que pode acontecer e qual o grau de periculosidade do malware. Muito Grato! Avira AntiVir Personal Report file date: quinta-feira, 15 de abril de 2010 17:15 Scanning for 2001414 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USUARIO-DE237F7 Version information: BUILD.DAT : 10.0.0.561 32098 Bytes 18/3/2010 15:46:00 AVSCAN.EXE : 10.0.2.3 433832 Bytes 7/3/2010 20:57:10 AVSCAN.DLL : 10.0.2.2 45928 Bytes 2/3/2010 15:48:47 LUKE.DLL : 10.0.2.3 104296 Bytes 7/3/2010 21:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 11/2/2010 02:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 00:21:41 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 00:21:41 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 17:35:49 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 17:36:27 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 23:40:33 VBASE005.VDF : 7.10.4.204 2048 Bytes 5/3/2010 23:40:33 VBASE006.VDF : 7.10.4.205 2048 Bytes 5/3/2010 23:40:33 VBASE007.VDF : 7.10.4.206 2048 Bytes 5/3/2010 23:40:34 VBASE008.VDF : 7.10.4.207 2048 Bytes 5/3/2010 23:40:34 VBASE009.VDF : 7.10.4.208 2048 Bytes 5/3/2010 23:40:34 VBASE010.VDF : 7.10.4.209 2048 Bytes 5/3/2010 23:40:34 VBASE011.VDF : 7.10.4.210 2048 Bytes 5/3/2010 23:40:35 VBASE012.VDF : 7.10.4.211 2048 Bytes 5/3/2010 23:40:35 VBASE013.VDF : 7.10.4.242 153088 Bytes 8/3/2010 23:21:08 VBASE014.VDF : 7.10.5.17 99328 Bytes 10/3/2010 12:01:51 VBASE015.VDF : 7.10.5.44 107008 Bytes 11/3/2010 12:13:40 VBASE016.VDF : 7.10.5.69 92672 Bytes 12/3/2010 22:15:09 VBASE017.VDF : 7.10.5.91 119808 Bytes 15/3/2010 22:15:11 VBASE018.VDF : 7.10.5.121 112640 Bytes 18/3/2010 22:58:01 VBASE019.VDF : 7.10.5.138 139776 Bytes 18/3/2010 11:39:38 VBASE020.VDF : 7.10.5.164 113152 Bytes 22/3/2010 11:39:39 VBASE021.VDF : 7.10.5.182 108032 Bytes 23/3/2010 11:39:40 VBASE022.VDF : 7.10.5.199 123904 Bytes 24/3/2010 11:39:42 VBASE023.VDF : 7.10.5.217 279552 Bytes 25/3/2010 11:39:43 VBASE024.VDF : 7.10.5.234 202240 Bytes 26/3/2010 11:39:44 VBASE025.VDF : 7.10.5.254 187904 Bytes 30/3/2010 11:39:46 VBASE026.VDF : 7.10.6.18 130560 Bytes 1/4/2010 11:39:46 VBASE027.VDF : 7.10.6.34 136192 Bytes 6/4/2010 23:58:24 VBASE028.VDF : 7.10.6.44 232448 Bytes 7/4/2010 23:58:25 VBASE029.VDF : 7.10.6.60 124416 Bytes 12/4/2010 00:12:27 VBASE030.VDF : 7.10.6.74 116224 Bytes 14/4/2010 22:07:44 VBASE031.VDF : 7.10.6.77 67072 Bytes 14/4/2010 22:07:45 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 21/2/2010 17:39:58 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 5/4/2010 11:40:01 AESCN.DLL : 8.1.5.0 127347 Bytes 26/2/2010 00:09:08 AESBX.DLL : 8.1.2.1 254323 Bytes 17/3/2010 22:31:25 AERDL.DLL : 8.1.4.3 541043 Bytes 17/3/2010 22:30:58 AEPACK.DLL : 8.2.1.1 426358 Bytes 5/4/2010 11:39:59 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/3/2010 22:30:50 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 5/4/2010 11:39:57 AEHELP.DLL : 8.1.11.3 242039 Bytes 5/4/2010 11:39:52 AEGEN.DLL : 8.1.3.6 373108 Bytes 5/4/2010 11:39:51 AEEMU.DLL : 8.1.1.0 393587 Bytes 9/10/2009 01:04:14 AECORE.DLL : 8.1.13.1 188790 Bytes 5/4/2010 11:39:50 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2010 15:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/1/2010 15:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/2/2010 19:47:40 AVREG.DLL : 10.0.1.2 52072 Bytes 29/1/2010 14:47:41 AVSCPLR.DLL : 10.0.2.3 83304 Bytes 7/3/2010 21:02:30 AVARKT.DLL : 10.0.0.13 227176 Bytes 7/3/2010 20:48:41 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/1/2010 12:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2010 15:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2010 18:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2010 17:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 16:10:20 RCTEXT.DLL : 10.0.46.0 97128 Bytes 5/3/2010 13:09:41 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: quinta-feira, 15 de abril de 2010 17:15 Starting search for hidden objects. c:\windows\repair\backup\servicestate\configdirectory\internet.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\tempkey.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\appevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\secevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\sysevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsdata c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsreg c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\eventlogs c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. HKEY_LOCAL_MACHINE\Software\PCTools\Spyware Doctor\auxsvcstat [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'rsmsink.exe' - '30' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'dllhost.exe' - '63' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '68' Module(s) have been scanned Scan process 'firefox.exe' - '90' Module(s) have been scanned Scan process 'chrome.exe' - '56' Module(s) have been scanned Scan process 'chrome.exe' - '35' Module(s) have been scanned Scan process 'chrome.exe' - '35' Module(s) have been scanned Scan process 'chrome.exe' - '80' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'skypePM.exe' - '65' Module(s) have been scanned Scan process 'wdfmgr.exe' - '18' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'SMAgent.exe' - '17' Module(s) have been scanned Scan process 'pctsSvc.exe' - '144' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '36' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'jqs.exe' - '81' Module(s) have been scanned Scan process 'InCDsrv.exe' - '35' Module(s) have been scanned Scan process 'BDTUpdateService.exe' - '35' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'ApplicationUpdater.exe' - '21' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '31' Module(s) have been scanned Scan process 'soffice.bin' - '96' Module(s) have been scanned Scan process 'PSNGive.exe' - '44' Module(s) have been scanned Scan process 'soffice.exe' - '20' Module(s) have been scanned Scan process 'PsnLite.exe' - '45' Module(s) have been scanned Scan process 'ctfmon.exe' - '28' Module(s) have been scanned Scan process 'wygyc.exe' - '35' Module(s) have been scanned Scan process 'Skype.exe' - '97' Module(s) have been scanned Scan process 'pctsTray.exe' - '64' Module(s) have been scanned Scan process 'wygyc.exe' - '14' Module(s) have been scanned Scan process 'avgnt.exe' - '55' Module(s) have been scanned Scan process 'PDVDServ.exe' - '26' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'avguard.exe' - '56' Module(s) have been scanned Scan process 'sched.exe' - '44' Module(s) have been scanned Scan process 'spoolsv.exe' - '59' Module(s) have been scanned Scan process 'Explorer.EXE' - '109' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '167' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'GbpSv.exe' - '14' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '30' Module(s) have been scanned Scan process 'winlogon.exe' - '75' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1841' files ). Starting the file scan: Begin scan in 'C:\' C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\Internet Explorer\js.mui [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe.delme83 [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Arquivos de programas\QuickTime\qttask.exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Documents and Settings\Administrador\Dados de aplicativos\nisgw.exe [DETECTION] Is the TR/Inject.98816.BI Trojan C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\googleupdate.exe.delme145 [DETECTION] Is the TR/Click.Cycler.ozg Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\3709302.exe [DETECTION] Is the TR/Ag.nmc Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\408.exe [DETECTION] Is the TR/Gendal.26112.N Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\52097.exe [DETECTION] Is the TR/Ag.nmc Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\67525.exe [DETECTION] Is the TR/Ag.nmc Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\797911.exe [DETECTION] Is the TR/Ag.nmc Trojan C:\Documents and Settings\usuario\Configurações locais\Temp\9921949.exe [DETECTION] Is the TR/Ag.nmc Trojan Begin scan in 'E:\' <Documentos> Beginning disinfection: C:\Documents and Settings\usuario\Configurações locais\Temp\9921949.exe [DETECTION] Is the TR/Ag.nmc Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Temp\797911.exe [DETECTION] Is the TR/Ag.nmc Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Temp\67525.exe [DETECTION] Is the TR/Ag.nmc Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Temp\52097.exe [DETECTION] Is the TR/Ag.nmc Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Temp\408.exe [DETECTION] Is the TR/Gendal.26112.N Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Temp\3709302.exe [DETECTION] Is the TR/Ag.nmc Trojan [NOTE] The file was deleted! C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\googleupdate.exe.delme145 [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Documents and Settings\Administrador\Dados de aplicativos\nisgw.exe [DETECTION] Is the TR/Inject.98816.BI Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask.exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\QuickTime\qttask .exe.delme83 [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Internet Explorer\js.mui [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! C:\Arquivos de programas\Analog Devices\SoundMAX\smax4 .exe [DETECTION] Is the TR/Click.Cycler.ozg Trojan [NOTE] The file was deleted! End of the scan: quinta-feira, 15 de abril de 2010 21:23 Used time: 1:09:29 Hour(s) The scan has been done completely. 8332 Scanned directories 343768 Files were scanned 30 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 30 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 343738 Files not concerned 2819 Archives were scanned 0 Warnings 30 Notes 332520 Objects were scanned with rootkit scan 14 Hidden objects were found
  9. Lelus
    Caros moderadores. Não estou conseguindo remover o tr/click.cycler.ozg. O Avira avisa o tempo todo da contaminação, indica a remoção, clico em remover, mas logo em seguida há novos recados de contaminação. Ao que parece são sempre em arquivos diferentes. Além disso, uma página do Internet Explorer fica abrindo sozinha com propaganda de games. Tudo começou depois que usamos um pen drive, pelo visto, contaminado. Já usei o Spyware Doctor, o Malwarebytes e o Kaspery, mas nada, não resolve. No ínicio após cada aviso do Avira, o computador reiniciava. Agora não está reiniciando com frequência. Abaixo segue o meu log. Desde já, grato; Lelus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:15:35, on 14/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wygyc.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\3M\PSNLite\PsnLite.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\ARQUIV~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\system32\wygyc.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe C:\Arquivos de programas\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask .exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vozif] C:\WINDOWS\system32\wygyc.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: app_dll.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: ASF Agent (a8wmlynq) - Four-F - C:\WINDOWS\system32\voucommo.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10914 bytes
  10. Lelus
    Caro Moderador Grato pela ajuda. Acho que agora os problemas por que passei já foram resolvidos. Muito Obrigado. Lelus
  11. Lelus
    Caro Moderador Só uma dúvida. Eu uso o navegador Google Chrome e para que ele ficasse funcionando bem na maioria das paginas, eu precisei instalar algumas versões que ele recomendou do Java, que eram de fato 2 ou 3 versões mais antigas, para fazer rodar a maquina java nos sites que pediam isso. Bom, mesmo assim, ainda não é 100%. Alguns sites que envolvem segurança o java não responde corretamente. Neste caso, qual a recomendação? instalo mesmo assim a mais nova versão? Grato pela ajuda e no mais não tenho mais problemas para resolver com relação ao aos malwares. Lelus
  12. Lelus
    Caro Moderador Parece que não foi detectado nada. De qualquer forma, aguardo orientações. Segue abaixo o log. Desde já sou muito grato! Lelus Scan ---- Scanned: 177122 Detected: 0 Untreated: 0 Start time: 9/6/2009 13:16:17 Duration: 01:31:16 Finish time: 9/6/2009 14:47:33 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file007 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file008 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file009 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file010 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file011 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file013 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file014 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file015 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file016 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file017 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file018 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file019 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file020 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file021 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file022 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file023 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file024 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file025 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file026 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file027 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file028 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file029 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file030 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file031 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file032 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file033 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file034 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file035 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file036 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file037 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file038 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file039 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file040 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file041 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file042 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file043 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file044 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file045 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file046 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file047 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file048 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file049 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file050 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file051 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file052 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file053 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file054 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file055 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file056 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file057 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file058 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file059 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file060 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file061 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file062 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file063 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file064 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file065 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file066 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file067 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file068 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file069 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file070 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file071 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file072 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file073 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file074 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file075 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file076 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file077 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file078 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file079 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file080 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file081 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file082 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file083 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file084 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file085 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file086 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file087 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file088 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file089 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file090 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file091 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file092 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file093 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file094 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file095 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file096 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file097 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file098 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file099 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file100 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file101 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file102 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file103 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file104 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file105 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file106 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file107 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file108 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file109 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file110 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file111 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file112 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file113 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file114 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file115 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file116 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file117 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file118 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file119 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file120 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file121 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file122 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file123 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file124 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file125 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file126 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file127 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file128 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file129 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file130 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file131 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file132 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file133 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file134 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file135 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file136 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file137 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file138 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file139 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file140 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file141 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file142 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file143 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file144 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file145 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file146 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file147 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file148 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file149 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file150 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file151 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file152 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file153 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file154 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file155 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file156 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file157 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file158 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file159 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file160 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file161 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file162 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file163 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file164 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file165 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file166 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file167 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file168 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file169 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file170 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file171 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file172 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file173 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file174 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file175 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file176 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file177 password protected 9/6/2009 14:09:43 File: C:\Instaladores\klcodec475f.exe//file178 password protected 9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.000 password protected 9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.001 password protected 9/6/2009 14:17:14 File: C:\Lelo\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.PTD password protected 9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.000 password protected 9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.001 password protected 9/6/2009 14:22:04 File: C:\Lelo\Penis Drive\Esalq\Disciplinas\Topografia\Planilha1 sem nome.PTF/lanilha1 sem nome.PTD password protected Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 177122 0 0 0 0 3893 1312 177 6 System memory 2990 0 0 0 0 0 7 0 0 Startup objects 736 0 0 0 0 0 141 0 0 Disk boot sectors 2 0 0 0 0 0 0 0 0 Meu computador 173394 0 0 0 0 3893 1164 177 6 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ----
  13. Lelus
    Caro Moderador Fiz o que me recomendou. Segue abaixo os logs solicitados. Grato Lelus Malwarebytes' Anti-Malware 1.37 Versão do banco de dados: 2243 Windows 5.1.2600 Service Pack 3 7/6/2009 13:04:27 mbam-log-2009-06-07 (13-04-27).txt Tipo de Verificação: Rápida Objetos verificados: 79014 Tempo decorrido: 18 minute(s), 50 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 1 Ítens do Registro infectados: 1 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:48, on 7/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\Arquivos de programas\3M\PSNLite\PsnLite.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\ARQUIV~1\3M\PSNLite\PSNGive.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\WidgiToolbarIE.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [searchSettings] C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S45.tmp" /EF "HKCU" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://br.MSN.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate1c9ca696609c364) (gupdate1c9ca696609c364) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10033 bytes
  14. Lelus
    Caro Moderador Recentemente tive várias notificações de vírus em meu computador. Bom, eu usava o AVG 8, daí resolvi instalar também o Avira, que começou a localizar vários vírus em meu pc. As notificações diminuiram, mas o AVir sempre notifica a presença de alguns todas as vezes que peço para fazer o Scan. O que estou fazendo de errado? Grato pela atenção. Lelus Segue abaixo meus logs do hijackthis e do Avira AntiVir: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:38, on 3/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Documents and Settings\All Users\Dados de aplicativos\U3\U3Launcher\LaunchU3.exe C:\Arquivos de programas\3M\PSNLite\PsnLite.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\3M\PSNLite\PSNGive.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S45.tmp" /EF "HKCU" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://br.MSN.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate1c9ca696609c364) (gupdate1c9ca696609c364) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8935 bytes Antivirus Avira: Avira AntiVir Personal Report file date: quarta-feira, 3 de junho de 2009 14:27 Scanning for 1449151 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : FAM-989A41F5A80 Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 17/4/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 17/4/2009 12:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 00:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/5/2009 14:55:21 ANTIVIR3.VDF : 7.1.4.52 122368 Bytes 3/6/2009 15:04:22 Engineversion : 8.2.0.180 AEVDF.DLL : 8.1.1.1 106868 Bytes 1/6/2009 14:55:34 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 1/6/2009 14:55:33 AESCN.DLL : 8.1.2.3 127347 Bytes 1/6/2009 14:55:32 AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 1/6/2009 14:55:32 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/2/2009 00:01:56 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 1/6/2009 14:55:30 AEHELP.DLL : 8.1.2.2 119158 Bytes 27/2/2009 00:01:56 AEGEN.DLL : 8.1.1.44 348532 Bytes 1/6/2009 14:55:25 AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 18:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 1/6/2009 14:55:23 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 14:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 18:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/2/2009 15:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 14:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: quarta-feira, 3 de junho de 2009 14:27 Starting search for hidden objects. '33419' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'JustVoip.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned Scan process 'avgnsx.exe' - '1' Module(s) have been scanned Scan process 'avgrsx.exe' - '1' Module(s) have been scanned Scan process 'avgemc.exe' - '1' Module(s) have been scanned Scan process 'PSNGive.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'PsnLite.exe' - '1' Module(s) have been scanned Scan process 'LaunchU3.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgtray.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'gbpsv.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '56' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000095 [0] Archive type: RAR --> Flash_Disinfector.exe --> Flash_Disinfector.exe [1] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application C:\Instaladores\Flash_Disinfector_www.pplware.com.rar [0] Archive type: RAR --> Flash_Disinfector.exe --> Flash_Disinfector.exe [1] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application C:\Instaladores\Flash_Disinfector_www.pplware.com\Flash_Disinfector.exe [0] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application Beginning disinfection: C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000095 [NOTE] The file was moved to '4a56bd31.qua'! C:\Instaladores\Flash_Disinfector_www.pplware.com.rar [NOTE] The file was moved to '4a87bd3f.qua'! C:\Instaladores\Flash_Disinfector_www.pplware.com\Flash_Disinfector.exe [NOTE] The file was moved to '4bf10330.qua'! End of the scan: quarta-feira, 3 de junho de 2009 15:11 Used time: 38:23 Minute(s) The scan has been done completely. 3671 Scanned directories 158653 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 3 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 158648 Files not concerned 1397 Archives were scanned 2 Warnings 5 Notes 33419 Objects were scanned with rootkit scan 0 Hidden objects were found
  15. Lelus

    Problemas com meu Hard Disk

    pergunta respondeu ao Lelus de Lelus em Hardware

    Caro Moderador Vou tentar as opções que me indicou. Desde que alterei o jumper não houve mais o problema de reconhecimento pela Bios. Bom, de fato tive uma notificação sobre vírus hoje mesmo, mas já passei o antivirus e nada melhorou (uso o AVG 8.03 que se atualiza diariamente). Vou dar atenção maior a essa questão. Retorno assim que tiver novidades. Grato Abraço
  16. Lelus
    Olá a Todos! Tenho um PC Intel Pentium 4 CPU 2.67GHz com 512MB de RAM, Hard Disk da Sansung, modelo SP0411N de 40GB, placa mãe da Asus AI P5P800e vídeo NVIDIA GForce4MX440. Sei que o HD é de pequena capacidade, mas tem me servido bem para o que preciso usar. Porém, um dia desses o micro foi ficando lento e travou e tive que reiniciá-lo. Mas o HD não estava sendo reconhecido pelo PC. Reiniciei algumas vezes e desisti neste dia. No outro dia liguei o computador e ele funcionou normalmente. No dia seguinte, novamente o mesmo problema, porém desta vez passando dias sem reconhecer o HD. Depois resolvi olhar o HD e retirar o jumper que o faz ser reconhecido como Master. Então o PC o reconheceu, porém como Slave. Em seguida recoloquei o jumper e no mesmo lugar e o PC voltou a funcionar normalmente e desde então não apresentou o mesmo problema. Resolvi olhar melhor o HD e vi que estava muito cheio, sobrando apenas 6gb livres. Apaguei muitos arquivos chegando a ter 19GB livres. Para garantir, passei o CCleaner. O problema que enfrento agora é que o computador ainda está um tanto mais lento do que de costume e "agarra" a leitura de arquivos, com travamentos temporários e, no caso de arquivos de música, repetição de trechos (como disco riscado) e "agarramento" mesmo, dando a sensação de que está trepidando, porém sem o fazer de fato. Além disso, para a navegação da internet (que aqui é banda larga - 2MB) também ocorre o mesmo. Em especial quando me comunico pelo Skype, deixando a voz da pessoa tremida e ocasionando sucessivos momentos de silêncio ou ruídos. Não posso perder os dados deste HD, por isso estou fazendo backups, mas não tenho recurso para comprar uma nova por enquanto. Já tentei as ferramentas disponíveis pela página da Sansung, Checkdisk, JKDefrag 3.36 e Defrag e Scandisk do windows. Mas os problemas continuam. Gostaria de saber como devo proceder para resolver esses problemas! Desde já, grato pela ajuda. Lelus Segue abaixo os logs do HijackThis e do CrystalDiskInfo25 caso ajudem em alguma coisa... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:35, on 21/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\3M\PSNLite\PsnLite.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\ARQUIV~1\3M\PSNLite\PSNGive.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tod@s\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: msnmsgr.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://br.MSN.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223159322557 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8670 bytes Log of CrystalDiskInfo25: ---------------------------------------------------------------------------- CrystalDiskInfo 2.5.0 © 2008-2009 hiyohiyo Crystal Dew World : http://crystalmark.info/ ---------------------------------------------------------------------------- OS : Windows XP Professional SP3 [5.1 Build 2600] (x86) Date : 2009/03/21 18:59:09 -- Controller Map ---------------------------------------------------------- + Intel® 82801EB Ultra ATA Storage Controllers [ATA] + Canal IDE primário (0) - SAMSUNG SP0411N + Canal IDE secundário (1) - HL-DT-ST DVDRRW GWA-4161B -- Disk List --------------------------------------------------------------- (1) SAMSUNG SP0411N : 40.0 GB [0-0-0, pd1] ---------------------------------------------------------------------------- (1) SAMSUNG SP0411N ---------------------------------------------------------------------------- Model : SAMSUNG SP0411N Firmware : TW100-13 Serial Number : S01JJ30Y539017 Total Disk Size : 40.0 GB (8.4/40.0/40.0) Buffer Size : 2048 KB NV Cache Size : ---- Rotation Rate : Desconhecido Interface : Parallel ATA Version : ATA/ATAPI-7 Transfer Mode : Ultra DMA/100 Power On Hours : 3220 horas Power On Count : 2727 vezes Temparature : 29 C (84 F) Health Status : Saudável Features : S.M.A.R.T., AAM, 48bit LBA APM Level : ---- AAM Level : FE00h [OFF] -- S.M.A.R.T. -------------------------------------------------------------- ID Cur Wor Thr Raw Values Attribute Name 01 100 100 _51 000000000000 Read Error Rate 03 100 100 _25 000000001380 Spin-Up Time 04 _96 _96 __0 0000000011E2 Start/Stop Count 05 100 100 _11 000000000000 Reallocated Sectors Count 07 100 100 _51 000000000000 Seek Error Rate 08 100 100 _15 000000000000 Seek Time Performance 09 100 100 __0 00000005E5D3 Power-On Hours 0A 100 100 _51 000000000000 Spin Retry Count 0B 100 100 __0 000000000000 Recalibration Retries 0C _98 _98 __0 000000000AA7 Device Power Cycle Count C2 151 100 __0 00000000001D Temperature C3 100 100 __0 0000000E8A48 Hardware ECC recovered C4 100 100 __0 000000000000 Reallocation Event Count C5 100 100 __0 000000000000 Current Pending Sector Count C6 100 100 __0 000000000000 Uncorrectable Sector Count C7 200 200 __0 000000000000 UltraDMA CRC Error Count C8 100 100 _51 000000000000 Write Error Rate C9 100 100 _51 000000000000 Soft Read Error Rate -- IDENTIFY_DEVICE --------------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 5A 04 FF 3F 37 C8 10 00 56 88 2A 02 3F 00 FF FF 010: 00 00 00 00 30 53 4A 31 33 4A 59 30 33 35 30 39 020: 37 31 20 20 20 20 20 20 03 00 00 10 04 00 57 54 030: 30 31 2D 30 33 31 41 53 53 4D 4E 55 20 47 50 53 040: 34 30 31 31 20 4E 20 20 20 20 20 20 20 20 20 20 050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80 060: 00 00 00 2F 00 40 00 02 00 02 07 00 FF 3F 10 00 070: 3F 00 10 FC FB 00 10 01 A0 E4 A9 04 00 00 07 00 080: 03 00 78 00 78 00 F0 00 78 00 00 00 00 00 00 00 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A0: FE 00 1E 00 6B 34 01 7F 03 40 69 3C 01 7C 03 40 0B0: 3F 20 08 00 08 00 00 00 FE FF 0B 61 00 FE 00 00 0C0: 00 00 00 00 00 00 00 00 A0 E4 A9 04 00 00 00 00 0D0: 00 00 00 00 00 00 00 00 F0 50 00 00 00 00 00 00 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 100: 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 DE
  17. Lelus
    Poisé, isso não acontece comigo. Não aparece essa mensagem no início não. Bom, estou gostando muito do Google Chrome, pois é rápido e simples, sem frescuras. Mas é isso, vamos ter que esperar as correções! Valeu pessoal, gostei muito desse Script Brasil! Abraços
  18. Lelus

    Hotmail X Google Chrome

    um tópico no fórum postou Lelus Outros Assuntos

    Olá Pessoal! Sou novo por aqui e já estou gostando do fórum. Queria saber se alguém teve/tem algum problema com o Hotmail navegando pelo Google Chrome. Quando vou pedir para redigir uma nova mensagem ou responder alguma, no local onde se escreve a mensagem não aparece nada e não permite inserção de caracteres, pois o cursor nem aparece. Já vi outros problemas relatados pelo internet afora, porém este não. Portanto, gostaria de saber isso acontece com mais alguém, se eu preciso fazer algo para resolver ou se é um problema mesmo do Hotmail com o Google Chrome ou o contrário. Além disso, acontece outros problemas, como o menu ao lado esquerdo não carregar por completo ou ainda não aparecer a barra de rolagem do menu das "minhas pastas". Bom, desde já sou grato pelos comentários ou soluções! Abraços Lelo
×
×
  • Criar Novo...