[Arquivado] Virus muito chato

[numero-170o 0]

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 14:20 on 01/07/2010 by Familia (Administrator - Elevation successful)

 

========== file ==========

 

D:\Temp\Vdg.exe - Unable to find/read file.

 

-=End Of File=-

 

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>SSDT State

==============================================

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x89B61A00 [4] System

0x88FB3020 [268] D:\WINDOWS.0\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x89258DA0 [624] D:\WINDOWS.0\system32\smss.exe (Microsoft Corporation, Gerenciador de Sessão do Windows NT)

0x89302BA0 [680] D:\WINDOWS.0\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x891CD6A0 [704] D:\WINDOWS.0\system32\winlogon.exe (Microsoft Corporation, Aplicativo de logon do Windows NT)

0x891E7320 [748] D:\WINDOWS.0\system32\services.exe (Microsoft Corporation, Aplicativo de serviços e controle)

0x891E4020 [760] D:\WINDOWS.0\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))

0x891A3CD0 [924] D:\WINDOWS.0\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x89180DA0 [992] D:\WINDOWS.0\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x8916B020 [1088] D:\WINDOWS.0\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x89158020 [1260] D:\WINDOWS.0\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x88EFBCE0 [1324] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x8915B680 [1480] D:\WINDOWS.0\explorer.exe (Microsoft Corporation, Windows Explorer)

0x89135DA0 [1604] D:\WINDOWS.0\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)

0x8912BDA0 [1620] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)

0x8912B608 [1628] D:\Arquivos de programas\Internet Download Manager\IDMan.exe (Tonec Inc., Internet Download Manager (IDM))

0x890EEDA0 [1728] D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation, Machine Debug Manager)

0x890FB598 [1732] D:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)

0x890E1968 [1952] D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp., Microsoft SeaPort Search Enhancement Broker)

0x883B1DA0 [2216] D:\Documents and Settings\Familia\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)

0x88B43AA8 [2684] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x88D743A8 [2696] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x8838EC38 [3396] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x88BEDDA0 [3596] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x890A0960 [3908] D:\Arquivos de programas\portables\googleChrome\Chrome\chrome.exe (Google Inc., Google Chrome)

0x883BA020 [4012] D:\WINDOWS.0\system32\notepad.exe (Microsoft Corporation, Bloco de notas)

==============================================

>Drivers

==============================================

0xA8D29000 D:\WINDOWS.0\system32\DRIVERS\54982931.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)

0xA94CD000 D:\WINDOWS.0\system32\drivers\RtkHDAud.sys 4874240 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x804D7000 D:\WINDOWS.0\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Núcleo e sistema do NT)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1863680 bytes

0xBF800000 D:\WINDOWS.0\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Driver Win32 multiusuário)

0xB9C62000 D:\WINDOWS.0\system32\DRIVERS\ialmnt5.sys 1400832 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF07C000 D:\WINDOWS.0\System32\ialmdd5.DLL 978944 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xB9E47000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA9249000 D:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB9AD3000 D:\WINDOWS.0\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA937C000 D:\WINDOWS.0\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA86F7000 D:\WINDOWS.0\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xA9408000 D:\WINDOWS.0\system32\DRIVERS\5498293.sys 331776 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wnet_x86])

0xBFFA0000 D:\WINDOWS.0\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA836E000 D:\WINDOWS.0\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF043000 D:\WINDOWS.0\System32\ialmdev5.DLL 233472 bytes (Intel Corporation, Component GHAL Driver)

0xB9B59000 D:\WINDOWS.0\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9E1A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA818B000 D:\WINDOWS.0\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA92B9000 D:\WINDOWS.0\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB9C26000 D:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA932C000 D:\WINDOWS.0\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA9306000 D:\WINDOWS.0\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xA9481000 D:\WINDOWS.0\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB9BE8000 D:\WINDOWS.0\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB9BB1000 D:\WINDOWS.0\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA92E4000 D:\WINDOWS.0\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xBF021000 D:\WINDOWS.0\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 D:\WINDOWS.0\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver de disco com tolerância a falhas)

0xB9E00000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9C0C000 D:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB9ED4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB9B9A000 D:\WINDOWS.0\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA89F4000 D:\WINDOWS.0\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB9BD4000 D:\WINDOWS.0\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver de porta paralela)

0xB9C4E000 D:\WINDOWS.0\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA93D5000 D:\WINDOWS.0\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 D:\WINDOWS.0\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, Enumerador NT Plug and Play PCI)

0xB9B89000 D:\WINDOWS.0\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA278000 D:\WINDOWS.0\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA178000 D:\WINDOWS.0\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA148000 D:\WINDOWS.0\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver de dispositivo serial)

0xBA1F8000 D:\WINDOWS.0\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBF012000 D:\WINDOWS.0\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)

0xBA188000 D:\WINDOWS.0\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xA8B59000 D:\WINDOWS.0\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA208000 D:\WINDOWS.0\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA158000 D:\WINDOWS.0\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver de porta i8042)

0xBA0A8000 54982932.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)

0xBA0F8000 D:\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA198000 D:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Driver de cópia de sombra de volume)

0xBA1B8000 D:\WINDOWS.0\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA238000 D:\WINDOWS.0\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA168000 D:\WINDOWS.0\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0C8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA1A8000 D:\WINDOWS.0\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA138000 D:\WINDOWS.0\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver de dispositivo de processador)

0xBA0B8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA1D8000 D:\WINDOWS.0\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA268000 D:\WINDOWS.0\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA1C8000 D:\WINDOWS.0\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA228000 D:\WINDOWS.0\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8CC1000 D:\WINDOWS.0\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA218000 D:\WINDOWS.0\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA468000 D:\WINDOWS.0\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA390000 D:\WINDOWS.0\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA488000 D:\WINDOWS.0\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA3A0000 D:\WINDOWS.0\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver de classe teclado)

0xBA328000 D:\WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA440000 D:\WINDOWS.0\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver de classe modem)

0xBA388000 D:\WINDOWS.0\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA448000 D:\WINDOWS.0\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA458000 D:\WINDOWS.0\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA3D8000 D:\WINDOWS.0\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA3E8000 D:\WINDOWS.0\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA3C8000 D:\WINDOWS.0\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA4A8000 D:\WINDOWS.0\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xA8ABD000 D:\WINDOWS.0\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)

0xBA578000 D:\WINDOWS.0\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA540000 D:\WINDOWS.0\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xBA4B8000 D:\WINDOWS.0\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA9465000 D:\WINDOWS.0\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA94B5000 D:\WINDOWS.0\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xA94A9000 D:\WINDOWS.0\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA554000 D:\WINDOWS.0\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB9B49000 D:\WINDOWS.0\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA588000 D:\Arquivos de programas\System\CPL Bonus\Vcdrom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)

0xBA5CA000 D:\WINDOWS.0\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA5C6000 D:\WINDOWS.0\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 D:\WINDOWS.0\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA61E000 D:\WINDOWS.0\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Driver paralelo VDM)

0xBA5CE000 D:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5B6000 D:\WINDOWS.0\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5BE000 D:\WINDOWS.0\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 D:\WINDOWS.0\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA761000 D:\WINDOWS.0\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA702000 D:\WINDOWS.0\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA7B5000 D:\WINDOWS.0\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

!-->[Hidden] D:\Documents and Settings\Familia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session::$DATA

!-->[Hidden] D:\Documents and Settings\Familia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Visited Links::$DATA

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]

[1480]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll]

[1480]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E510B4-->00000000 [shimeng.dll]

[1480]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1480]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[1480]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]

[1480]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3FA514B0-->00000000 [shimeng.dll]

[1480]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A7109C-->00000000 [shimeng.dll]

[wings 22]

1.

*Delete o Rootkit Unhook LE e seu relatório

 

2.

*Delete o SystemLook e seu relatório

 

3.

*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start

*A tela principal do Kaspersky será aberta novamente

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete o arquivo setup do Kaspersky e os logs salvos no desktop

 

4.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

 

O4 - HKCU\..\Run: [QNB2EB90WX] D:\Temp\Vdg.exe

*Feche o hijack

 

5.

*Delete os os arquivos C:\SalityKiller.exe e C:\sality.txt

 

6.

*Baixe o taskmanagerfix e salve-o no desktop

http://www.taskmanagerfix.com/dl/download.php?id=1

*Execute o programa e clique em [Fix Task Manager]

 

7.

*Acesse a página abaixo

http://www.kellys-korner-xp.com/regs_edits/mmc.reg

*Clique com o botão direito do mouse nela e selecione "Salvar como..."

*Salve no desktop

*Duplo clique em mmc.reg e aceite a entrada no registro

 

8.

*Baixe o sality_regkeys e salve-o no desktop

*Extraia o conteúdo para o desktop

*Na pasta SalityRegKeys execute o arquivo SafeBootWinXP.reg e aceite a entrada no registro

*Reinicie o PC

 

9.

*O PROCEDIMENTO ABAIXO SÓ PODERÁ SER FEITO USANDO O INTERNET EXPLORER

*Faça um scan online com o BitDefender seguindo este tutorial:

http://dicasetutoriaisparapc.blogspot.com/2009/04/tutorial-do-antivirus-bitdefender.html

*Ao término cole o resultado criado em C:\Windows\BDOSCAN8\bdoscan.log

[numero-170o 0]

BitDefender Online Scanner

Scan report generated at: Thu, Jul 01, 2010 - 17:58:44

Scan path: C:\;D:\;E:\;

 

Statistics:

Time:00:43:35

Files:218036

Folders :8035

Boot Sectors:0

Archives:1839

Packed Files:7281

 

Results

Identified Viruses:5

Infected Files:6

Suspect Files:0

Warnings:0

Disinfected:0

Deleted Files:2

Engines Info

Virus Definitions:6357267

Engine build

AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)

Scan plugins:17

Archive plugins:44

Unpack plugins:10

E-mail plugins:6

System plugins:4

 

Scan Settings

First Action:Disinfect

Second Action:Delete

Heuristics:Yes

Enable Warnings:Yes

Scanned Extensions:*;

Exclude Extensions:

Scan Emails:Yes

Scan Archives:Yes

Scan Packed:Yes

Scan Files:Yes

Scan BooT:Yes

 

Scanned File:

Status

D:\Arquivos de programas\portables\JkDefragGUI\Programs\JkDefrag.exe

Infected with: Gen:Win32.Sality.Dam

D:\Arquivos de programas\portables\JkDefragGUI\Programs\JkDefrag.exe

Disinfection failed

D:\Arquivos de programas\portables\JkDefragGUI\Programs\JkDefrag.exe

Deleted

D:\Documents and Settings\Familia\Desktop\kalebe\l2phx34182english.rar=>l2pbx.exe

Infected with: Trojan.Generic.3895234

D:\Documents and Settings\Familia\Desktop\kalebe\l2phx34182english.rar=>l2pbx.exe

Disinfection failed

D:\Documents and Settings\Familia\Desktop\kalebe\l2phx34182english.rar=>inject.dll

Infected with: Trojan.Generic.1542779

D:\Documents and Settings\Familia\Desktop\kalebe\l2phx34182english.rar=>inject.dll

Disinfection failed

D:\Documents and Settings\Familia\Desktop\kalebe\Metin2 Live v4.rar=>Metin2 Live v4\mc.exe

Infected with: Backdoor.Generic.323183

D:\Documents and Settings\Familia\Desktop\kalebe\Metin2 Live v4.rar=>Metin2 Live v4\mc.exe

Disinfection failed

D:\Documents and Settings\Familia\Meus documentos\Downloads\mt2live_patch_atualizacao (1).rar=>mc.exe

Infected with: Backdoor.Generic.323183

D:\Documents and Settings\Familia\Meus documentos\Downloads\mt2live_patch_atualizacao (1).rar=>mc.exe

Disinfection failed

D:\Temp\sshnas21.dll

Infected with: Trojan.FakeAV.LAZ

D:\Temp\sshnas21.dll

Deleted

[wings 22]

Eu havia colocado mais procedimentos...

 

Dê uma olhada.

 

Caso tenha feito todos, verifique se gpedit e o gerenciador podem ser abertos.

[numero-170o 0]

sim todos os procedimentos feitos mas o gpedit ainda nao ta funcionando

ta ae a imagem do erro:

[numero-170o 0]

perdao imagem errada e nao consigo editar acima

aqui esse erro

[wings 22]

Qual a versão do seu Windows XP?

 

Professional ou Home?

[numero-170o 0]

profissional

[wings 22]

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.