Cadastre-se ou faça login para poder responder a este tópico! - Voltar

Grupo Membros
Mensagens: 26
Desde:: 18/01/09
Membro n° 293
Nova iguacu / RJ

Sality AA

Olá Diego Quanto tempo...
Como Vai?

Bem estou com um problemão...
Sou professora de informática de um curso.
O servidor aqui não pode para pois é nele que roda todas as aulas dos alunos.
Estamos sem anti-virus(sei que é loucura, mais servidor é chato para anti-virus e estamos aqui meio quebrados para pagar um agora) baixei o virus removal TOOL do Kaspersky que acusa todos os arquivos exe do sistema incluindo arquivos de sistema dos nossos curso e etc...
Aparece assim:
"virus.win32.sality.aa

acredito que seja ele o motivo do gerenciador de tarefas não esta funcionado mais...

por favor veja meu log e me ajude....


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:37:45, on 29/7/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\dns.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\mysql\bin\mysqld-nt.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\windows\system32\tcpsvcs.exe
C:\windows\System32\svchost.exe
C:\windows\System32\wins.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\XP-B0E0D7C9.EXE
C:\Arquivos de programas\messenge\Aswebsrv.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\ARQUIV~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\windows\system32\ctfmon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIFDL.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\PREPARAHardlock\PREPARAHardLock.exe
C:\PREPARAServidor\PREPARAServidor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
E:\mysql\bin\winmysqladmin.exe
C:\Documents and Settings\Administrador\Desktop\Virus Removal Tool\setup_9.0.0.722_16.06.2010_17-39\setup_9.0.0.722_16.06.2010_17-39.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\windows\system32\VV5408B6.EXE
C:\windows\system32\Z5AFA669.EXE
C:\windows\TEMP\winheud.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sifvw.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\odkqrl.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\xanucl.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winpelrq.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\vkdjj.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\jdaf.exe
C:\Arquivos de programas\NasSoft\NSM\School8.exe
C:\windows\TEMP\w789ee.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w93b76.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w9577a.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w95836.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w965d2.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\windotjw.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winicsv.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winsfbsgp.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ppuq.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w2958d6.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w298b9e.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w29dd1a.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w2a1cc3.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\vvhm.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\sgifgg.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\mhimty.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\amhr.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w4a1073.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w4a8380.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w4a9c57.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w4af005.exe
C:\Arquivos de programas\PREPARA\Gerenciador PREPARA\Gerenciador PREPARA 2.7 Beta.exe
C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe
C:\windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wininnet] C:\commonfiles\wininnet.cpl
O4 - HKLM\..\Run: [WinSystem] c:\commonfiles\xhostl.cpl
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [XP-B0E0D7C9] C:\WINDOWS\system32\XP-B0E0D7C9.EXE
O4 - HKLM\..\Run: [Modulo_Ad_Autorizador] C:\Arquivos de programas\messenge\Nvsvc32.exe
O4 - HKLM\..\Run: [Modulo_administrativo] C:\Arquivos de programas\messenge\Asdiph.exe
O4 - HKLM\..\Run: [Modulo_Ad_bne] C:\Arquivos de programas\messenge\Aswebsrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\ARQUIV~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [\\RECEP\EPSON TX210 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIFDL.EXE /FU "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\E_S3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: patchnilopolis.exe
O4 - Startup: PREPARAHardlock.lnk = C:\PREPARAHardlock\PREPARAHardLock.exe
O4 - Startup: PREPARAHotfix.exe
O4 - Startup: PREPARAServidor.lnk = C:\PREPARAServidor\PREPARAServidor.exe
O4 - Startup: setup_9.0.0.722_16.06.2010_17-39.lnk = C:\Documents and Settings\Administrador\Desktop\Virus Removal Tool\setup_9.0.0.722_16.06.2010_17-39\startup.exe
O4 - Startup: WinMySQLadmin.lnk = E:\mysql\bin\winmysqladmin.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-B0E0D7C9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://s0.2mdn.net
O15 - ESC Trusted Zone: http://*.ad2games.com
O15 - ESC Trusted Zone: http://s7.addthis.com
O15 - ESC Trusted Zone: http://dnserros.oi.com.br
O15 - ESC Trusted Zone: http://www.corel.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.dindo-web.com.br
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://s1.gamevicio.com.br
O15 - ESC Trusted Zone: http://www.gamevicio.com.br
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://www.google.com.br
O15 - ESC Trusted Zone: http://ad.harrenmedianetwork.com
O15 - ESC Trusted Zone: http://ads5309.hotwords.com.br
O15 - ESC Trusted Zone: http://zone110.hotwords.com.br
O15 - ESC Trusted Zone: http://zone56.hotwords.com.br
O15 - ESC Trusted Zone: http://*.ibexpert.net
O15 - ESC Trusted Zone: http://br.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://download3.showmypc.com
O15 - ESC Trusted Zone: http://hrads.valuead.com
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.www.ggogle
O15 - ESC Trusted Zone: http://ad.xtendmedia.com
O15 - ESC Trusted Zone: http://ad.yieldmanager.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD7B0EB-2B77-42F3-AE66-D81521CC1CBB}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: manual - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MSIA.tmp.exe (file missing)
O23 - Service: MySql - Unknown owner - E:/mysql/bin/mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

--
End of file - 13262 bytes

Aguardo sua resposta com urgencia...
Tenho que resolver isso para poder instalar um anti-virus...
Lenbrando que não posso formatar esse servidor, apesar de ter backup de tudo pois aqui não pode para...

Abraços!!!!

---