[Resolvido] Não consigo tirar essa inhaca.

[Deeplink 0]

Ola amigo, desculpa te encher no feriado, mas é quando consigo mexer mais no micro.

Tentei fazer o scan de acordo com o link, porém ele não inicia, aparecem dois botões de erro sem mensagem nenhuma e volta para a tela do Agree!

 

Instalei o Nod32 e passei o scaner apareceram algumas coisas, pode ser esse antivirus pra te passar o log?

[DigRam 144]

Ola amigo, desculpa te encher no feriado, mas é quando consigo mexer mais no micro.

Tentei fazer o scan de acordo com o link, porém ele não inicia, aparecem dois botões de erro sem mensagem nenhuma e volta para a tela do Agree!

 

Instalei o Nod32 e passei o scaner apareceram algumas coisas, pode ser esse antivirus pra te passar o log?

___________________

 

Opa! Deeplink

Boa Tarde!

 

>@< Faça um scan on line em: < Kaspersky >

 

<!> Acesse o site, clique em: < >

 

>@< Na próxima página,clique em: I Accept

>@< Isto,para que se instale o controle ActiveX,e em seguida,atualize o banco de dados.

>@< Na próxima página,clique em: My Computer e faça o scan.

>@< Tenha paciência! Aguarde a atualização da base de dados,e do próprio exame,que é demorado.

>@< Terminando,salve e poste o relatório + HJT,atualizado.

 

Abraços!

[Deeplink 0]

Problemas amigão, ele detecta o meu navegador como unknown ou uma verão 4.0 do EI, porém eu acabei de reinstalar a versão 7.0.

[DigRam 144]

Problemas amigão, ele detecta o meu navegador como unknown ou uma verão 4.0 do EI, porém eu acabei de reinstalar a versão 7.0.

______________________

 

Opa! Deeplink

Boa Tarde!

 

>@< Que feijoada completa..heim!! ..rsrs..

______________________

 

>@< Se ao instalar o IE7,voçê escolher o Desktop,como diretório para o executável,poderemos ter esse erro.

>@< Procure instalar,o navegador,em Arquivos de Programas.

______________________

 

>@< Antes de tentar o escaneamento online,execute esta ferramenta: EliStarA

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan.

>@< Aceite,e dê prosseguimento,ao escaneamento exploratório.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste,na sua resposta: infoSat.txt + Log do HJT,atualizado.

 

Abraços!

[Deeplink 0]

Vamos la amigo, continuando a te dar trabalho.

 

Cancelei a primeira vez o Elisa porque tava passando ele sem o modo de segurança, tive que cancelar e voltar no modo de segurança por isso no log consta que ele foi terminado pelo usuário uma vez ok. Segue abaixo o relatório

 

Sun Mar 23 11:05:46 2008

EliStartPage v15.90 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

E:\DESKTOP.INI --> Eliminado (Fichero Complementario).

F:\DESKTOP.INI --> Eliminado (Fichero Complementario).

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Detectado AUTORUN.INF en la Unidad (I)

open=autorun.exe /R

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

Detectado AUTORUN.INF en la Unidad (K)

open=Autorun.exe

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

 

Sun Mar 23 11:06:42 2008

EliStartPage v15.90 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\MATLAB\PSTOOLBOX.HTML --> Eliminado, MalWare.Celular

C:\Arquivos de programas\BfSV\BFSV.EXE --> Eliminado, Spy.Delf (BHO)

C:\Arquivos de programas\Game Accelerator\GAMEROOM.EXE --> Eliminado, Spy-Agent.I

C:\Arquivos de programas\JetAudio\JFTTARD.DLL --> Eliminado, ISTBar

 

Nº Total de Directorios: 4960

Nº Total de Ficheros: 67289

Nº de Ficheros Analizados: 17873

Nº de Ficheros Infectados: 4

Nº de Ficheros Limpiados: 4

Exploración Detenida por el Usuario.

 

Sun Mar 23 11:15:49 2008

EliStartPage v15.90 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Sun Mar 23 11:15:54 2008

EliStartPage v15.90 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Rapidown\RAPIDOWN.EXE --> Eliminado, Slurk(dll)

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZ3A054.DLL --> Eliminado, MoviePass

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\HPZ3A054.DLL --> Eliminado, MoviePass

 

Nº Total de Directorios: 8695

Nº Total de Ficheros: 118512

Nº de Ficheros Analizados: 28576

Nº de Ficheros Infectados: 3

Nº de Ficheros Limpiados: 3

 

-________________________________________________________________________________

_________-

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:10, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Game Accelerator\gamexl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

E:\arquivos de programas\valve\steam\steam.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "e:\arquivos de programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Convert to PDF - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Convert to PDF using HTML2PDF Pilot... - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9595 bytes

[Deeplink 0]

Talves isso ajude um pouco, removi o IE7,0 e tentei entrar no windows update para realizar a atualização e ai ele não reconhece como sistema operacional windows dando a seguinte mensagem:

 

Agradecemos por seu interesse em obter as atualizações em nosso site.

 

Este site foi criado para funcionar apenas com os sistemas operacionais Microsoft Windows.

Para encontrar atualizações para os produtos Microsoft criados para sistemas operacionais Macintosh, visite http://www.microsoft.com/mac/.

[DigRam 144]

Bom Dia! Deeplink

 

Instalei o Nod32 e passei o scaner apareceram algumas coisas, pode ser esse antivirus pra te passar o log?

>@< Se puder me passar essas indicações, do Nod32,para avaliar-mos o caso....

>@< Voçê colocou em quarentena?

 

Abraços!

[Deeplink 0]

Ola Amigo, boa noite, segue abaixo o log do nod32.

 

Scan performed at: 21/3/2008 10:20:25

Scanning Log

NOD32 version 2966 (20080321) NT

Operating memory - is OK

 

Date: 21.3.2008 Time: 10:20:34

Anti-Stealth technology is enabled.

Scanned disks, folders and files: C:; D:; E:; F:

C:\pagefile.sys - error opening (File locked) [4]

C:\Arquivos de programas\inKline Global\PC Booster\PCBooster.exe - Win32/Bagle.NS worm - deleted

C:\Documents and Settings\Administrador\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\Administrador\NtUser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\Mateus e Maria\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\Mateus e Maria\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\Mateus e Maria\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\Mateus e Maria\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]

C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0220829.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0221830.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0222844.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0222979.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0222980.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0223005.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0223035.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0223178.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0223179.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0223218.dll - Win32/Spy.Banker.OQO trojan - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0224035.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0224174.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0224175.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0225035.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0225174.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0225175.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0226035.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0226175.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0226176.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0228034.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0229037.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0230035.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0231037.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0231178.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0231179.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0232035.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0232177.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0232178.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0233046.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0233174.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0233175.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234030.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234031.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234032.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234033.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234034.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234035.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234036.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234037.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234038.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234039.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234040.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234041.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234042.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234043.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP211\A0234044.exe - Win32/Bagle.NQ worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235249.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235268.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235269.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235273.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235274.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235277.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235279.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235289.exe - Win32/Bagle.LF worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235301.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235311.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP213\A0235318.exe - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP214\A0236664.reg - Win32/Spy.Bancos.AUM trojan - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP214\A0236670.exe - Win32/Spy.Banker.ORF trojan - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP215\A0238871.exe - Win32/Banwor.NAP worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP218\A0241429.sys - Win32/Bagle.NS worm - deleted

C:\System Volume Information\_restore{A333B7E9-6874-4B00-9500-200EDE113879}\RP223\A0246897.exe - Win32/Bagle.NS worm - deleted

C:\WINDOWS\SoftwareDistribution\EventCache\{9C3B3DB3-30F0-4078-9521-15A9BD15F4B5}.bin - error opening (File locked) [4]

C:\WINDOWS\system32\CatRoot2\edb.log - error opening (File locked) [4]

C:\WINDOWS\system32\CatRoot2\edbtmp.log - error opening (File locked) [4]

C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening (File locked) [4]

C:\WINDOWS\system32\config\default - error opening (File locked) [4]

C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]

C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]

C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\software - error opening (File locked) [4]

C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\config\system - error opening (File locked) [4]

C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]

C:\WINDOWS\system32\drivers\sptd.sys - error opening (File locked) [4]

Scanning interrupted by user!

Number of scanned files: 159801

Number of threats found: 63

Number of files cleaned: 63

Time of completion: 11:10:46 Total scanning time: 3012 sec (00:50:12)

 

Notes:

[4] File cannot be opened. It may be in use by another application or operating system.

 

 

Eu acho que ele deletou or arquivos infectados.

[DigRam 144]

Boa Noite! Deeplink

 

Eu acho que ele deletou or arquivos infectados

>@< Sim!Foram deletados.

_________________________

 

>@< Execute,novamente,o Nod32,em Modo de Segurança e poste o relatório.

 

Abraços!

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.