Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Musaxinho

[Resolvido!] Virus Não deixa instalar antvirus !

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Musaxinho    0

Musaxinho
Postado

Estou com um virus na rede de minha Lan House..

 

ele bloqueia o driver de som, o gerenciador de tarafas, o regedit e não me deixa instalar nenhum anti virus !!

tbem não consigo iniciar o meu PC em modo de segurança.

 

Segue o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:38:07, on 21/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\lan\CONFIG~1\Temp\ymwnqs.exe

C:\ALOK\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Kairus\Firebird 2.0\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4976 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Baixe o Norman Malware Cleaner e salve-o no desktop

*Renomei o arquivo para Norman_Malware_Cleaner.cmd

 

2.

*Baixe o arquivo repair.zip e salve-o no desktop

*Extraia o seu conteúdo para o desktop

 

3.

*Baixe o RestoreXP e salve-o no desktop

*Extraia o seu conteúdo para o desktop

 

4.

*Baixe o repair1 e salve-o no desktop

*Extraia o seu conteúdo para o desktop

 

5.

*Saia da Internet

*Caso use banda larga desconecte o cabo da internet

 

6.

*Desative a Restauração do Sistema

 

Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim

 

7.

*Clique com o botão direito do mouse em repair.inf e selecione "Instalar"

 

8.

*Duplo clique em Norman_Malware_Cleaner.cmd

*Instale o programa

*Para adicionar partições disponíveis do seu computador (C:\, D:\, E:\, etc...) clique em [Add]

*Clique em [start Scan] e aguarde o término

 

9.

*Clique com o botão direito do mouse em RestoreXP.reg e selecione "Mesclar"

*Clique OK

 

10.

*Clique com o botão direito do mouse em repair1.inf e selecione "Instalar"

 

11.

*Reinicie o PC e cole o relatório criado pelo Norman_Malware_Cleaner localizado no desktop

Compartilhar este post

Link para o post
Compartilhar em outros sites

Musaxinho    0

Musaxinho
Postado

QUando eu instalo os arquivos repair e repair1 meu gereciador de tarefas e meu regedit voltam a funcionar, apos alguns instantes eles ficam novamente bloqueados.

 

Segue o log:

 

Norman Malware Cleaner

Version 1.5.0.5

Copyright © 1990 - 2009, Norman ASA. Built 2009/11/20 22:25:51

 

Norman Scanner Engine Version: 6.03.02

Nvcbin.def Version: 6.03.00, Date: 2009/11/20 22:25:51, Variants: 4379934

 

Scan started: 22/11/2009 05:33:39

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: SEVIDOR\lan

 

Set registry value: HKCR\scrfile\shell\open\command\ = ""%1" %*" -> ""%1" /S"

Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

 

 

Scanning running processes and process memory...

 

C:\WINDOWS\system32\igfxtray.exe (Infected with W32/Sality.AN)

File marked for defered repair (reboot required)

 

C:\WINDOWS\system32\hkcmd.exe (Infected with W32/Sality.AN)

File marked for defered repair (reboot required)

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Infected with W32/Sality.AN)

File marked for defered repair (reboot required)

 

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Infected with W32/Sality.AN)

File marked for defered repair (reboot required)

 

C:\Documents and Settings\lan\Configurações locais\Temp\winuhhdi.exe (Infected with W32/Horst.gen33)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\lan\CONFIG~1\Temp\winuhhdi.exe = "C:\DOCUME~1\lan\CONFIG~1\Temp\winuhhdi.exe:*:Enabled:ipsec"

Deleted file

 

Number of processes/threads found: 2931

Number of processes/threads scanned: 2931

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 1

Total scanning time: 60s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\ALOK\HiJackThis.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\CoverDesigner\CoverDes.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\ImageDrive\ImageDrive.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\nero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\NeroCmd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\Uninstall\UNNero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\BackItUp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBR.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero SoundTrax\SoundTrax.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\CDSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\DriveSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\InfoTool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\DXEnum.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\WaveEdit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\WMPBurn\WMPBurn.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Ahead\Uninstall\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\EQUATION\EQNEDT32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\OINFOP12.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ACECNFLT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSE7.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLED.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFDIAG.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFLB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\Drivers\usblan_ifconfig.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\CheckLiveUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\LiveUpdateLauncher.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\RunAs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\Engine\LUKernel.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-LayoutPrint\CNELMAIN.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-PhotoPrint\BJEZPLUS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-PhotoPrint\BJEZPRN.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\IJ Manual\MP140 SERIES\uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\Maint.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpn31.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpncopy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpnscan.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CanonBJ\IJPrinter\Canon MP140 series\cnmvs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CCleaner\uninst.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javacpl.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaw.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaws.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jbroker.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jqsnotify.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jureg.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\keytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\kinit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\klist.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\ktab.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\orbd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\pack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\policytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmid.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmiregistry.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\servertool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\tnameserv.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\unpack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\fbguard.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\gbak.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\gfix.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\instsvc.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger\msmsgs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\Log Viewer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\MPTools.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\CLVIEW.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\CNFNOT32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\DRAT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\DSSM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\excelcnv.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GRAPH.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveClean.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMigrator.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Infected with W32/Sality.AN)

File already marked for defered repair (reboot required)

 

C:\Arquivos de programas\Microsoft Office\Office12\INFOPATH.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSACCESS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSOHTMED.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSPUB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSQRY32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSTORDB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSTORE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\OIS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\REGFORM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SCANOST.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SCANPST.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SELFCERT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SETLANG.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\VPREVIEW.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\1046\ONELEV.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\AMRCodec.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\AvqBTEnum.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\CCMCopy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\LiveUpdateLauncher.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MMCenter.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MOffice.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\mPhonetools.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MPT_TEST_Info.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\TMonitor.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\Venturi\Venturi.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\updater.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\Alcmtr.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\ChCfg.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\KB888111xpsp2.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\RtlUpd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\SoundMan.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\install.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\SAS.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Installer\wlarp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Installer\wloobe.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Infected with W32/Sality.AN)

File already marked for defered repair (reboot required)

 

C:\Arquivos de programas\Windows Live\Messenger\msvs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\3.0.195.33\Installer\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Desktop\p.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Desktop\por.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\ccsetup225.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\cdtomp3freeware.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\Firefox Setup 3.5.5.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\HiJackThis.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\KillBox.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\MsgPlusLive-483.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\TeamViewer_Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\wlsetup-custom.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\amor veradeiro caiana.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\anjo do mal claudinho e remix by dj jose (the best thing i ever heard).au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\bonde do sinistro mc barriga mtv chart #1 hit.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\deixa eu concertar rael da.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\desabafo marcelo d2 ao vivo new cool mix [favorite].au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\estilo samurai mc barriga.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\manga rosa ao vivo neto new remix.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\maracatu atomico nasao zumbi top billboard hits.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\o diabo e careta ventania new cool mix [favorite].au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\sorriso natiruts e claudia - the very best new song.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\tony conuntry mc felipe top #1 hit.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\trindade do deus me livre neto top #1 hit.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\tudo vai passar rael da rima new cover version.mp3 (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\Meus documentos\Meus arquivos recebidos\uan drop bob marley top billboard hits.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\Documents and Settings\lan\temp\TeamViewer\Version4\TeamViewer_.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\dwtrig20.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc11.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc24.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc25.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc26.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc30.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc31.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc45.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc56.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc58.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc59.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc6.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc60.mp3 (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc61.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\RECYCLER\S-1-5-21-1004336348-1844237615-1801674531-1003\Dc8.au (Infected with WMA/GetCodec.gen)

Deleted file

 

C:\WINDOWS\Alcmtr.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\WINDOWS\SoundMan.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\WINDOWS\system32\find.exe (Infected with Suspicious_Gen.PXH)

Deleted file

 

C:\WINDOWS\system32\hkcmd.exe (Infected with W32/Sality.AN)

File already marked for defered repair (reboot required)

 

C:\WINDOWS\system32\igfxtray.exe (Infected with W32/Sality.AN)

File already marked for defered repair (reboot required)

 

C:\WINDOWS\system32\NeroCheck.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\WINDOWS\system32\dllcache\find.exe (Infected with Suspicious_Gen.PXH)

Deleted file

 

Scanning: C:\System Volume Information\*.*

 

 

Running post-scan cleanup routine:

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

 

Number of files found: 22308

Number of archives unpacked: 0

Number of files scanned: 22288

Number of files not scanned: 20

Number of files skipped due to exclude list: 0

Number of infected files found: 195

Number of infected files repaired/deleted: 195

Number of infections removed: 195

Total scanning time: 15m 31s

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Delete o relatório do Norman_MalwareCleaner.

 

2.

*Baixe o RegUnlocker e salve-o no desktop

*Execute o programa

*Em A - Restricciones, selecione a opção:

1 - Eliminar restricciones del Sistema

*Em B - Reparadores, selecione a opção:

4 - Reparar el Modo Seguro (Modo a prueba de fallos)

 

*Clique em [Aplicar]

 

3.

*Repita o scan do Norman_Malware_Cleaner novamente e cole o relatório.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Musaxinho    0

Musaxinho
Postado

Novo log:

 

Norman Malware Cleaner

Version 1.5.0.5

Copyright © 1990 - 2009, Norman ASA. Built 2009/11/20 22:25:51

 

Norman Scanner Engine Version: 6.03.02

Nvcbin.def Version: 6.03.00, Date: 2009/11/20 22:25:51, Variants: 4379934

 

Scan started: 22/11/2009 12:09:34

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: SEVIDOR\lan

 

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

 

 

Scanning running processes and process memory...

 

C:\Documents and Settings\lan\Configurações locais\Temp\idpmy.exe (Infected with W32/Horst.gen33)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\lan\CONFIG~1\Temp\idpmy.exe = "C:\DOCUME~1\lan\CONFIG~1\Temp\idpmy.exe:*:Enabled:ipsec"

Deleted file

 

Number of processes/threads found: 3454

Number of processes/threads scanned: 3454

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 1

Total scanning time: 1m 22s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\ALOK\HiJackThis.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\CoverDesigner\CoverDes.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\ImageDrive\ImageDrive.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\nero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\NeroCmd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero\Uninstall\UNNero.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\BackItUp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero BackItUp\NBR.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero SoundTrax\SoundTrax.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\CDSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\DriveSpeed.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Toolkit\InfoTool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\DXEnum.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\Nero Wave Editor\WaveEdit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Ahead\WMPBurn\WMPBurn.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Ahead\Uninstall\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\EQUATION\EQNEDT32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\OINFOP12.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ACECNFLT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSE7.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLED.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFDIAG.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\OFFLB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\Drivers\usblan_ifconfig.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\CheckLiveUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\LiveUpdateLauncher.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\RunAs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Avanquest update\Engine\LUKernel.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-LayoutPrint\CNELMAIN.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-PhotoPrint\BJEZPLUS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\Easy-PhotoPrint\BJEZPRN.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\IJ Manual\MP140 SERIES\uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\Maint.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpn31.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpncopy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Canon\MP Navigator 3.1\mpnscan.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CanonBJ\IJPrinter\Canon MP140 series\cnmvs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\CCleaner\uninst.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java-rmi.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\java.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javacpl.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaw.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\javaws.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jbroker.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jqsnotify.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\jureg.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\keytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\kinit.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\klist.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\ktab.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\orbd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\pack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\policytool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmid.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\rmiregistry.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\servertool.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\tnameserv.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Java\jre6\bin\unpack200.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\fbguard.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\gbak.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\gfix.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\instsvc.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger\msmsgs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\Log Viewer.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\MPTools.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\CLVIEW.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\CNFNOT32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\DRAT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\DSSM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\excelcnv.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GRAPH.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveClean.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMigrator.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\INFOPATH.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSACCESS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSOHTMED.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSPUB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSQRY32.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSTORDB.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\MSTORE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\OIS.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\REGFORM.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SCANOST.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SCANPST.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SELFCERT.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\SETLANG.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\VPREVIEW.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\Office12\1046\ONELEV.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\AMRCodec.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\AvqBTEnum.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\CCMCopy.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\LiveUpdateLauncher.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MMCenter.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MOffice.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\mPhonetools.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\MPT_TEST_Info.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\TMonitor.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Motorola Phone Tools\Venturi\Venturi.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\updater.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\Alcmtr.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\ChCfg.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\KB888111xpsp2.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\RtlUpd.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Realtek\InstallShield\SoundMan.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\install.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\SAS.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\TeamViewer\Version4\uninstall.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Installer\wlarp.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Installer\wloobe.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\msvs.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\3.0.195.33\Installer\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Desktop\p.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Desktop\por.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Desktop\RegUnlocker.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\ccsetup225.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\Firefox Setup 3.5.5.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\HiJackThis.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\KillBox.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\MsgPlusLive-483.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\TeamViewer_Setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\Meus documentos\Downloads\wlsetup-custom.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\Documents and Settings\lan\temp\TeamViewer\Version4\TeamViewer_.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

 

C:\MSOCache\All Users\{90120000-006E-0416-0000-0000000FF1CE}-C\dwtrig20.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\WINDOWS\Alcmtr.exe (Infected with W32/Sality.AN)

Repaired file

 

C:\WINDOWS\system32\NeroCheck.exe (Infected with W32/Sality.AN)

Repaired file

 

Scanning: C:\System Volume Information\*.*

 

 

Running post-scan cleanup routine:

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

 

Number of files found: 23391

Number of archives unpacked: 0

Number of files scanned: 23373

Number of files not scanned: 18

Number of files skipped due to exclude list: 0

Number of infected files found: 159

Number of infected files repaired/deleted: 159

Number of infections removed: 159

Total scanning time: 16m 54s

Compartilhar este post

Link para o post
Compartilhar em outros sites

Musaxinho    0

Musaxinho
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:01:56, on 23/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Kairus\Firebird 2.0\bin\fbserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Kairus\KairusMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\DOCUME~1\lan\CONFIG~1\Temp\winfjgvdp.exe

C:\Arquivos de programas\Kairus\Odin 4\OdinServidor.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ALOK\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://globoesporte.globo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Kairus\Firebird 2.0\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 6026 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

O Sality ainda está ativo...

 

Este PC é o servidor da rede?

 

Caso positivo, desconecte todos os demais PC's. A contaminação pode estar vinda de compartilhamentos de arquivos.

 

Após desconectar todos os PC's, desconecte este PC da internet e refaça os procedimentos, tanto com o RegUnlocker como com o Norman.

 

Após os procedimentos, não conecte os demais PC's!!...cole o relatório do Norman e um log do hijack.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Musaxinho    0

Musaxinho
Postado

Cara obrigado pela ajuda + eu desisto, serio mesmo ja tentei de tudo e não consigo nenhum resultado.

 

Vou pegar um dia d emadrugada formatar tudo aqui de uma vez e vfer no que da.

 

Desculpa por ter usado do seu tempo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Não se preocupe com o uso do meu tempo. Estamos aqui para ajudar.

 

O seu caso, trata-se de um vírus que contamina arquivos .exe e .scr. Realmente ele é, em alguns casos, difícil de ser removido ainda mais no seu caso por ser uma rede.

 

Se pretende formatar todas as máquinas, evite salvar arquivos com as extensões citadas. Eles certamente estarão contaminados.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Antivírus é uma questão pessoal...mas, na minha opinião dos freewares gosto muito do AVIRA.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

CASO RESOLVIDO.

Caso o autor necessite o tópico poderá ser reaberto através de contato com um dos membros da moderação.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito