Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

victor.hml

[Arquivado] Tanatos.M e TIEV

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

victor.hml    0

victor.hml
Postado

Estou com um grave problema, tem um vírus no meu PC Tanatos.M, ele diz que todos meus programas exe são vírus, já usei quase todos antivírus e spyware, malware e nada e o pior eu formato minha maquina e o vírus continua, o que fazer? Um detalhe meu Regedit e o painel ta tudo desativado por causa desse vírus o que fazer?

 

E o pior meu Pen drive tem um exe TIEV, acho que é por causa desse exe que ele não formata diz que esta protegido.

 

Alguém me da uma luz, não tow conseguindo fazer nada no PC e nem formatar o pen.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-12-01.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/12/2009 13:01:25

System Uptime: 12/6/2009 12:06:08 (4254 hours ago)

 

Motherboard: PCWARE | | PW-945GCX

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | CPU 1 | 2394/200mhz

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | CPU 1 | 2394/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 39 GiB total, 18,135 GiB free.

D: is FIXED (NTFS) - 110 GiB total, 47,234 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP20: 5/12/2009 22:46:46 - Installed SUPERAntiSpyware Free Edition

RP21: 6/12/2009 17:05:46 - Installed HP USB Disk Storage Format Tool

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

7-Zip 4.57

Adobe Flash Player 10 Plugin

Arquivo do WinRAR

Assistente de Conexão do Windows Live

ATI - Utilitário de desinstalação de software

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

ATI Parental Control & Encoder

ATI Problem Report Wizard

AVI ReComp 1.5.0

AviSynth 2.5

BufferChm

Cabal Online Alma&Siena

Cards_Calendar_OrderGift_DoMorePlugout

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Conexão Oi Velox

Copy

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DJ_AIO_03_F4200_ProductContext

DJ_AIO_03_F4200_Software

DJ_AIO_03_F4200_Software_Min

ENLTV

eSupportQFolder

F4200

F4200_Help

Ferramenta de Carregamento do Windows Live

Foxit Reader

Fraps (remove only)

Free Download Manager 3.0

GPBaseService

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

HP Customer Participation Program 11.0

HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3

HP Imaging Device Functions 11.0

HP Photosmart Essential 2.5

HP Photosmart Essential 3.0

HP Smart Web Printing

HP Solution Center 11.0

HP Update

HP USB Disk Storage Format Tool

HPProductAssistant

HPSSupply

IDT Audio

InterVideo FilterSDK for 10moons

K-Lite Mega Codec Pack 5.4.4

LightModem 3.0

Malwarebytes' Anti-Malware

ManyCam 2.3 (remove only)

MarketResearch

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0)

MSVCRT

My Office Keyboard

Nero 6 Ultra Edition

Nero Digital

Panda USB Vaccine 1.0.0.50a

PPP over Ethernet Protocol 0.98

PSSWCORE

Scan

Segoe UI

Shop for HP Supplies

Skins

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware Free Edition

TeleText

Toolbox

TrayApp

USB PC Camera (SN9C102)

VideoToolkit01

VobSub 2.23

WebFldrs XP

WebReg

Windows Installer 3.1 (KB893803)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

 

==== End Of File ===========================

 

 

 

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by victor at 18:31:09,82 on dom 06/12/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.624 [GMT -2:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Arquivos de programas\ENLTV\RemoteService\RS.exe

C:\Arquivos de programas\IDT\1252009130725\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\DOCUME~1\victor\CONFIG~1\Temp\winxcoxf.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\victor\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://search.live.com

uInternet Connection Wizard,ShellNext = hxxp://www.oivelox.com.br/

mSearchAssistant = hxxp://search.live.com/sphome.aspx

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\arquivos de programas\free download manager\iefdm2.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

uPolicies-system: DisableRegistryTools = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\free download manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll

TCP: {1CDC5AF9-137C-4DC9-B6C5-A63AFE03EF83} = 200.165.132.155 200.165.132.148

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\victor\dadosd~1\mozilla\firefox\profiles\vj5gup6w.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\arquivos de programas\free download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2009-12-5 6656]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\sasdifsv.sys [2009-11-23 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-11-23 74480]

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-2-26 61440]

R2 nhksrv;Netropa NHK Server;c:\arquivos de programas\netropa\multimedia keyboard\nhksrv.exe [2009-12-5 28672]

R2 RemoteControlService;SuperTV Pro Remote Control Service;c:\arquivos de programas\enltv\remoteservice\RS.exe [2009-12-5 131072]

R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\isonmi.sys --> c:\windows\system32\drivers\isonmi.sys [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [2009-12-5 28864]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

R3 XDva315;XDva315;\??\c:\windows\system32\xdva315.sys --> c:\windows\system32\XDva315.sys [?]

S3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-11-23 7408]

 

=============== Created Last 30 ================

 

2009-12-06 19:07:14 0 d-----w- c:\arquivos de programas\Panda USB Vaccine

2009-12-06 19:05:47 0 d-----w- C:\DriveKey

2009-12-06 00:54:10 0 d-----w- c:\arquivos de programas\Trend Micro

2009-12-06 00:46:52 0 d-----w- c:\docume~1\alluse~1\dadosd~1\SUPERAntiSpyware.com

2009-12-06 00:46:48 0 d-----w- c:\docume~1\victor\dadosd~1\SUPERAntiSpyware.com

2009-12-06 00:46:48 0 d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-12-06 00:46:36 0 d-----w- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2009-12-06 00:43:49 0 d-s---w- c:\documents and settings\victor\UserData

2009-12-05 19:48:19 0 d-----w- c:\arquivos de programas\Microsoft

2009-12-05 19:29:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-05 19:29:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-05 19:29:37 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-05 19:07:03 0 d-----w- c:\windows\pss

2009-12-05 19:04:58 0 d-----w- c:\docume~1\victor\dadosd~1\AVI ReComp

2009-12-05 19:03:14 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2009-12-05 19:03:14 0 d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-12-05 19:02:21 0 d-----w- C:\Fraps

2009-12-05 18:59:44 0 d-----w- C:\Downloads

2009-12-05 18:32:20 0 d-----w- c:\docume~1\victor\dadosd~1\Malwarebytes

2009-12-05 18:32:12 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-12-05 18:16:57 0 d--h--r- C:\autorun.inf

2009-12-05 18:16:17 0 d-----w- C:\PenClean

2009-12-05 18:09:25 0 d--h--w- C:\$AVG

2009-12-05 18:09:02 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9

2009-12-05 18:09:02 0 d-----w- c:\arquivos de programas\AVG

2009-12-05 18:03:00 100 ----a-w- c:\documents and settings\victor\default.pls

2009-12-05 17:23:48 0 d-----w- c:\windows\SxsCaPendDel

2009-12-05 17:18:18 0 d-----w- c:\docume~1\victor\dadosd~1\Free Download Manager

2009-12-05 17:18:15 0 d-----w- c:\docume~1\alluse~1\dadosd~1\FreeDownloadManager.ORG

2009-12-05 17:18:14 0 d-----w- c:\arquivos de programas\Free Download Manager

2009-12-05 17:16:32 0 d-----w- c:\arquivos de programas\Gamemaxx

2009-12-05 16:14:09 0 d-----w- c:\docume~1\victor\dadosd~1\Lightcomm

2009-12-05 16:13:57 0 d-----w- c:\docume~1\victor\dadosd~1\MessengerDiscovery 2

2009-12-05 16:12:50 0 d-----w- c:\arquivos de programas\ManyCam 2.3

2009-12-05 16:12:22 0 d-----w- c:\documents and settings\victor\Tracing

2009-12-05 16:12:11 603136 ----a-w- c:\windows\luninstall.exe

2009-12-05 16:12:11 127 --sha-w- c:\windows\reg.xml

2009-12-05 16:12:10 1640960 ----a-w- c:\windows\lhelp.exe

2009-12-05 16:11:43 0 d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-12-05 16:10:17 0 d-----w- c:\arquivos de programas\arquivos comuns\Windows Live

2009-12-05 16:09:45 0 d-----w- c:\arquivos de programas\Oi Velox

2009-12-05 16:06:22 116 ----a-w- c:\windows\NeroDigital.ini

2009-12-05 16:05:26 0 d-----w- c:\arquivos de programas\AviSynth 2.5

2009-12-05 16:05:18 0 d-----w- c:\arquivos de programas\AVI ReComp

2009-12-05 15:55:41 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-12-05 15:51:37 0 d-----w- c:\windows\SHELLNEW

2009-12-05 15:48:32 145608 ------w- c:\windows\UNNeroVision.cfg

2009-12-05 15:48:30 2973696 ------w- c:\windows\UNNeroVision.exe

2009-12-05 15:48:30 24064 ------w- c:\windows\system32\msxml3a.dll

2009-12-05 15:48:08 364544 ------w- c:\windows\system32\TwnLib4.dll

2009-12-05 15:48:07 38912 ------w- c:\windows\system32\picn20.dll

2009-12-05 15:45:01 5504 ------w- c:\windows\system32\drivers\imagedrv.sys

2009-12-05 15:45:01 125184 ------w- c:\windows\system32\drivers\imagesrv.sys

2009-12-05 15:44:38 106496 ------w- c:\windows\system32\TwnLib20.dll

2009-12-05 15:44:36 476320 ------w- c:\windows\system32\ImagXpr7.dll

2009-12-05 15:44:36 471040 ------w- c:\windows\system32\ImagXRA7.dll

2009-12-05 15:44:36 262144 ------w- c:\windows\system32\ImagXR7.dll

2009-12-05 15:44:36 225280 ----a-w- c:\windows\system32\NeroCheck.exe

2009-12-05 15:44:36 1568768 ------w- c:\windows\system32\ImagX7.dll

2009-12-05 15:44:35 0 d-----w- c:\arquivos de programas\arquivos comuns\Ahead

2009-12-05 15:43:36 32 ----a-w- c:\windows\Setup_nero.INI

2009-12-05 15:42:11 0 d-----w- c:\windows\system32\LogFiles

2009-12-05 15:38:07 0 d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-12-05 15:37:32 0 d-----w- c:\arquivos de programas\Foxit Software

2009-12-05 15:35:04 0 d-----w- c:\docume~1\alluse~1\dadosd~1\WEBREG

2009-12-05 15:34:31 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2009-12-05 15:34:30 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2009-12-05 15:34:18 271704 ----a-r- c:\windows\system32\hpzids01.dll

2009-12-05 15:34:17 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll

2009-12-05 15:34:13 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2009-12-05 15:33:42 729088 ----a-r- c:\windows\system32\hpowiax7.dll

2009-12-05 15:33:42 581632 ----a-r- c:\windows\system32\hpotscl6.dll

2009-12-05 15:33:42 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2009-12-05 15:33:42 309760 ----a-r- c:\windows\system32\difxapi.dll

2009-12-05 15:33:42 303104 ----a-r- c:\windows\system32\hpovst15.dll

2009-12-05 15:33:41 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-05 15:33:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-05 15:31:43 0 d-----w- c:\arquivos de programas\arquivos comuns\HP

2009-12-05 15:31:38 0 d-----w- c:\arquivos de programas\arquivos comuns\Hewlett-Packard

2009-12-05 15:30:51 0 d-----w- c:\arquivos de programas\HP

2009-12-05 15:30:49 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-12-05 15:30:49 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-12-05 15:30:49 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-12-05 15:30:48 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-12-05 15:30:48 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-12-05 15:29:22 796 ------w- c:\windows\hpomdl28.dat

2009-12-05 15:29:22 176083 ----a-w- c:\windows\hpoins28.dat

2009-12-05 15:28:26 53248 ----a-w- c:\windows\amcap.exe

2009-12-05 15:28:22 53248 ----a-w- c:\windows\system32\dsnpstd.dll

2009-12-05 15:28:22 356352 ----a-w- c:\windows\vsnpstd.exe

2009-12-05 15:28:22 15541 ----a-w- c:\windows\snpstd.ini

2009-12-05 15:28:22 13023 ----a-w- c:\windows\snpstd.src

2009-12-05 15:28:20 387584 ----a-w- c:\windows\system32\drivers\snpstd.sys

2009-12-05 15:28:18 61440 ----a-w- c:\windows\system32\rsnpstd.dll

2009-12-05 15:28:18 61440 ----a-w- c:\windows\system32\csnpstd.dll

2009-12-05 15:28:18 36864 ----a-w- c:\windows\system32\vsnpstd.dll

2009-12-05 15:28:18 36864 ----a-w- c:\windows\system32\dsnpstd.ax

2009-12-05 15:28:18 20480 ----a-w- c:\windows\usnpstd.exe

2009-12-05 15:28:18 0 d-----w- c:\arquivos de programas\arquivos comuns\snpstd

2009-12-05 15:27:27 6656 ------w- c:\windows\system32\drivers\Msikbd2k.sys

2009-12-05 15:27:27 28672 ------w- c:\windows\system32\msiosd32.dll

2009-12-05 15:27:27 245 ----a-w- c:\windows\Msiosd.ini

2009-12-05 15:27:27 0 d-----w- c:\arquivos de programas\Netropa

2009-12-05 15:27:27 0 ----a-w- c:\windows\WININIT.INI

2009-12-05 15:25:55 69632 ----a-r- c:\windows\system32\34TvCtrl.dll

2009-12-05 15:24:00 0 d-----w- c:\arquivos de programas\Philips Semiconductors

2009-12-05 15:23:33 0 d-----w- C:\Program Files

2009-12-05 15:23:27 122880 ----a-w- c:\windows\system32\Snapshot.ax

2009-12-05 15:23:24 61440 ----a-w- c:\windows\system32\AVSwitch.ax

2009-12-05 15:23:24 425984 ----a-w- c:\windows\system32\xvid.dll

2009-12-05 15:23:24 131072 ----a-w- c:\windows\system32\Deinterlace.ax

2009-12-05 15:23:22 0 d-----w- c:\arquivos de programas\ENLTV

2009-12-05 15:18:16 0 ----a-w- c:\windows\ativpsrm.bin

2009-12-05 15:14:38 0 d-----w- c:\arquivos de programas\arquivos comuns\ATI Technologies

2009-12-05 15:11:47 593920 ------w- c:\windows\system32\ati2sgag.exe

2009-12-05 15:11:44 307200 ----a-r- c:\windows\system32\atiiiexx.dll

2009-12-05 15:11:44 12610 ----a-r- c:\windows\atiogl.xml

2009-12-05 15:11:41 7167 ----a-r- c:\windows\system32\atifglpf.xml

2009-12-05 15:11:41 397312 ----a-r- c:\windows\system32\ATIDEMGX.dll

2009-12-05 15:11:39 887724 ----a-r- c:\windows\system32\ativva6x.dat

2009-12-05 15:11:37 3107788 ----a-r- c:\windows\system32\ativva5x.dat

2009-12-05 15:11:36 3107788 ----a-r- c:\windows\system32\ativvaxx.dat

2009-12-05 15:11:36 168883 ----a-r- c:\windows\system32\atiicdxx.dat

2009-12-05 15:11:18 0 d-----w- c:\arquivos de programas\ATI Technologies

2009-12-05 15:07:02 0 d-----w- c:\arquivos de programas\IDT

2009-12-05 15:06:44 96896 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys

2009-12-05 15:05:06 0 d-----w- c:\windows\system32\ReinstallBackups

2009-12-05 15:05:03 0 d-----w- C:\Intel

2009-12-05 15:04:42 0 d-----w- c:\windows\system32\Tools

2009-12-05 15:04:35 0 d-----w- c:\arquivos de programas\arquivos comuns\InstallShield

2009-12-05 15:04:04 4864 ----a-r- c:\windows\system32\drivers\PortIo.sys

2009-12-05 15:00:59 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2009-12-05 14:59:15 0 d-sh--w- c:\documents and settings\all users\DRM

2009-12-05 14:59:03 0 d--h--w- c:\arquivos de programas\WindowsUpdate

2009-12-05 14:59:00 0 d-----w- c:\arquivos de programas\Serviços on-line

2009-12-05 14:58:27 0 d-----w- c:\arquivos de programas\arquivos comuns\Serviços

2009-12-05 14:58:25 0 d-----w- c:\arquivos de programas\arquivos comuns\MSSoap

2009-12-05 14:57:23 0 d-----w- c:\arquivos de programas\Messenger

2009-12-05 14:57:20 0 d-----w- c:\arquivos de programas\MSN Gaming Zone

2009-12-05 14:57:01 0 d-----w- c:\arquivos de programas\Windows NT

2009-12-05 12:54:21 0 d-----w- c:\arquivos de programas\arquivos comuns\ODBC

2009-12-05 12:54:19 0 d-----w- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-12-05 12:54:02 0 d--h--w- c:\documents and settings\all users\Modelos

2009-12-05 12:54:02 0 d-----w- c:\documents and settings\all users\Favoritos

2009-12-05 12:54:02 0 d-----r- c:\documents and settings\all users\Menu Iniciar

2009-12-05 12:54:02 0 d-----r- c:\documents and settings\all users\Documentos

2009-12-05 12:53:48 0 d--h--r- c:\documents and settings\all users\Dados de aplicativos

 

==================== Find3M ====================

 

2009-12-05 15:33:36 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-12-05 15:33:36 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-12-05 14:57:44 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-09 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

 

============= FINISH: 18:31:21,48 ===============

 

 

Malwarebytes' Anti-Malware 1.42

Versão do banco de dados: 3289

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

6/12/2009 19:26:42

mbam-log-2009-12-06 (19-26-42).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 101415

Tempo decorrido: 2 minute(s), 21 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Boa noite victor.hml

 

 

1.

*Baixe o Norman Malware Cleaner e salve-o no desktop

*Renomei o arquivo para Norman_Malware_Cleaner.cmd

*Duplo clique em Norman_Malware_Cleaner.cmd

*Instale o programa

*Para adicionar unidades fixas e removíveis de seu computador clique em [Add]

*Clique em [start Scan] e aguarde o término

*Cole o relatório criado no desktop

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Pelo log do DDS parece ser Sality...vamos torcer para que seja uma variante fácil de remoção.

 

1.

*Baixe o SalityKiller e salve-o no desktop

*Extraia o seu conteúdo para C:\

 

*Desative a Restauração do Sistema

*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > digite: C:\salitykiller.exe -m

*Clique [OK]

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique em [iniciar] > [Executar] > digite: C:\salitykiller.exe -y -x -j -l sality.txt -v

*Clique [OK]

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

*Cole o relatório criado em C:\sality.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

victor.hml    0

victor.hml
Postado

olha nao abre 2 programas, só abriu um no dos, ele tipo escaniou e disse mostrou que todos meus arquivos exe estava enfectado e ele limpou alguns mais, teve alguns que ele nao curou, e nao em arquivo TXT pra postar aki. fiz algo de errado. obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Bom dia victor.hml

 

 

1.

*Acesse o link abaixo:

http://securityresponse.symantec.com/avcenter/UnHookExec.inf

*Clique com o botão direito do mouse na página e selecione "Salvar como"...

*Salve no desktop

*Dê um clique com o botão direito do mouse no arquivo UnHookExec.inf e selecione "Instalar".

 

 

Veja se agora consegue executar o Norman Malware Cleaner conforme descrito anteriormente.

Compartilhar este post

Link para o post
Compartilhar em outros sites

victor.hml    0

victor.hml
Postado

pow cara eu vi agora que o SalityKiller resolveu meu problema, só que apagou muitos programas meu, mas apagou esse maldito, agor vou formatar e ter a certeza que ele nunca mais voltara vlw mesmo.

 

muito obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

pow cara eu vi agora que o SalityKiller resolveu meu problema, só que apagou muitos programas meu, mas apagou esse maldito, agor vou formatar e ter a certeza que ele nunca mais voltara vlw mesmo.

 

muito obrigado.

 

 

Se alguns programas foram apagados é porque estavam bastante corrompidos pelo Sality. Basta desinstalar os programas, baixar e instalar novamente.

 

Preste atenção!!!...a fonte de sua contaminação pode ser o Pendrive ou algum programa (crack) que você usou. Recomendo não executar nenhum programa deste tipo, assim como programas localizados no Pendrive.

 

Não há necessidade de formatar.

 

1.

*Baixe o sality_regkeys e salve-o no desktop

*Extraia o conteúdo de Sality_RegKeys.zip para o desktop

*Na pasta SalityRegKeys dê duplo clique no arquivo SafeBootWinXP.reg e aceite a entrada no registro

 

2.

*Baixe o HijackThis e salve-o em Meus Documentos

*Instale-o

*Execute-o através do ícone criado no desktop

*Clique em [Do a system scan and save a logfile].

*Cole o relatório aqui no fórum

Compartilhar este post

Link para o post
Compartilhar em outros sites

victor.hml    0

victor.hml
Postado

tow com uma grande duvida, meu pen pode estar infectado o que eu faço, pois ele nao formata diz que ta protegido contra gravação deve ser o virus? sera que você poderia me ajudar.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Baixe o programa do link e salve-o no desktop

http://h50178.www5.hp.com/local_drivers/17550/SP27608.exe

 

 

Abra o Windows Explorer

 

Mantenha a tecla [shift] apertada enquanto espeta o Pendrive no PC. Mantenha a tecla apertada até o momento do Pendrive ser reconhecido.

 

Execute o programa que você baixou e formate o Pendrive utilizando este programa.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Baixe o HijackThis e salve-o em Meus Documentos

*Instale-o

*Execute-o através do ícone criado no desktop

*Clique em [Do a system scan and save a logfile].

*Cole o relatório aqui no fórum

Compartilhar este post

Link para o post
Compartilhar em outros sites

victor.hml    0

victor.hml
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:48, on 9/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ENLTV\RemoteService\RS.exe

C:\Arquivos de programas\IDT\1272009105241\STacSV.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Gamemaxx\Cabal Online\Xtrap\XTrap.xt

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7FD89F3-154E-4496-9A41-B46064E05C1F}: NameServer = 200.165.132.155 200.165.132.148

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Arquivos de programas\ENLTV\RemoteService\RS.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\1272009105241\STacSV.exe

 

--

End of file - 8308 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Boa noite victor.hml

 

 

O log está limpo.

 

Como está a máquina?

 

1.

*Faça o download e instale o CCleaner

*Abra o programa e na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

2. Sugiro que faça um scan com o programa abaixo.

 

*Baixe o Norman Malware Cleaner e salve-o no desktop

*Desative seu antivírus temporariamente

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Renomei o arquivo para Norman_Malware_Cleaner.cmd

*Duplo clique em Norman_Malware_Cleaner.cmd

*Instale o programa

*Para adicionar unidades (partições) fixas do seu computador clique em [Add]

*Clique em [start Scan] e aguarde o término

*Cole o relatório criado no desktop

 

3.

*Ative novamente seu antivírus.

 

4.

*Delete a pasta Sality_RegKeys, os arquivos Sality_RegKeys.zip, UnHookExec.inf, C:\salitykiller.exe e C:\sality.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito