Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Chxiscrete

[Resolvido] &nbspNao consigo instalar nehum ant virus ou algo do tipo

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Chxiscrete    0

Chxiscrete
Postado

Ola estou com 1 grande probleminha peguei algum virus q nao deixa eu instalar nehum ant virus ou ant malware ou algo do tipo

 

Segue abaixo o log no hijack this

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:18:03, on 10/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\Explorer.EXE

C:\Windows\IntelMon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

C:\WINDOWS\system32\B2544B\A967BE.EXE

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winuefqj.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\asvpr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\BECAF3\QV818D31.EXE

C:\WINDOWS\system32\BECAF3\ZW788C750.EXE

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w8140d.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijacks\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: 188.165.201.54 www.bb.com.br

O1 - Hosts: 188.165.201.54 bb.com.br

O1 - Hosts: 188.165.201.54 bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 bancobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [intelMonitor] C:\Windows\IntelMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [A967BE] C:\WINDOWS\system32\B2544B\A967BE.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\B2544B\A967BE.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {A68C2B32-789F-486B-85DA-8CF36DE2743E} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9925 bytes

 

Obs: ele tambem bloqueou o gerenciador de tarefas eo regedit

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:) Olá Chxiscrete!

 

:seta: Para evitar que os virus voltem, desative a restauração do sistema e mantenha ela desativada até que todos os problemas estejam resolvidos. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

___________________________

 

:seta: Baixe o Dr. Web CureIt (o qual troquei o nome dele para Golden.cmd e upei ele no site abaixo para que os virus não bloqueiem o download dele):

http://www.4shared.com/file/apvCRqif/golden.html

 

Obs: Quando acessar o site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

 

E aí depois de baixá-lo é só seguir as dicas deste tutorial dele abaixo para executá-lo corretamente:

 

Tutorial do Dr. Web CureIt

 

Depois é só postar aqui no seu tópico o log do Dr. Web Cureit juntamente com um novo log do Hijackthis e nos diga como está seu PC depois disto.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Chxiscrete    0

Chxiscrete
Postado

Obrigado Antonio

bom parece me q esta tudo normalizado vou postar os logs q você pedil

 

do Drweb (nao sei se é esse msm oq você qer)

 

wintofc.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp Trojan.DownLoader1.18855 Eliminado.

winsyixlw.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp Trojan.DownLoad.64240 Eliminado.

winrtnqq.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp Trojan.DownLoader1.18855 Eliminado.

w82592.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp BackDoor.Siggen.26423 Incurável.Movido.

uninstall.exe D:\Meus arquivos recebidos\Magebot Win32.Sector.21 Desinfectado.

unins000.exe D:\Meus arquivos recebidos\ElfBot NG 8.40.12 Win32.Sector.21 Desinfectado.

ts2_client_rc2_2032.exe D:\Downloads Win32.Sector.21 Desinfectado.

tibia860.exe D:\Downloads Win32.Sector.21 Desinfectado.

TeamSpeak3-Client-win32-3.0.0-beta22.exe D:\Downloads Win32.Sector.21 Desinfectado.

speedyitunes_setup.exe D:\Downloads\Programs Win32.Sector.21 Desinfectado.

setup.exe D:\Battlefield2 Win32.Sector.21 Desinfectado.

setup-4.5.9.exe D:\Meus arquivos recebidos Win32.Sector.21 Desinfectado.

server.exe D:\Meus arquivos recebidos\Magebot Win32.Sector.21 Desinfectado.

reader_sl.exe c:\arquivos de programas\adobe\reader 9.0\reader Win32.Sector.21 Desinfectado.

qbvfse.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp Trojan.DownLoad.64240 Eliminado.

Patch 5.xx (2009-01-22).exe D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-UnREaL Win32.Sector.21 Desinfectado.

nerocheck.exe c:\arquivos de programas\arquivos comuns\ahead\lib Win32.Sector.21 Desinfectado.

navserv.exe D:\Meus arquivos recebidos\ElfBot NG 8.40.12 Win32.Sector.21 Desinfectado.

MsgPlusLive-484.exe D:\Downloads Win32.Sector.21 Desinfectado.

MagebotSetupvT860.exe D:\Downloads Win32.Sector.21 Desinfectado.

LimeWireWin.exe D:\Downloads Win32.Sector.21 Desinfectado.

limewire.exe c:\arquivos de programas\limewire Win32.Sector.21 Desinfectado.

language.exe c:\arquivos de programas\cyberlink\powerdvd\language Win32.Sector.21 Desinfectado.

Internet.Download.Manager.5.X.X.Buld.X.X-Patch.exe D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-Love Pascal Win32.Sector.21 Desinfectado.

igfxtray.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

igfxtray.exe c:\windows\system32 Win32.Sector.21 Desinfectado.

igfxpers.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

igfxpers.exe c:\windows\system32 Win32.Sector.21 Desinfectado.

hkcmd.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

hkcmd.exe c:\windows\system32 Win32.Sector.21 Desinfectado.

EReg.exe D:\Battlefield2\Support Win32.Sector.21 Desinfectado.

ElfBot NG Cracker.exe D:\Meus arquivos recebidos\ElfBot NG 8.40.12 Win32.Sector.21 Desinfectado.

eauninstall.exe D:\Need for Speed Underground 2 Win32.Sector.21 Desinfectado.

EasyInfo.exe D:\Battlefield2\Support Win32.Sector.21 Desinfectado.

dxsetup.exe D:\Battlefield2\directx Win32.Sector.21 Desinfectado.

ComboFix.exe D:\Downloads\Programs Win32.Sector.21 Desinfectado.

CheatEngine561.exe D:\Downloads\Programs Win32.Sector.21 Desinfectado.

BFMC.exe D:\Battlefield2\BFMC Win32.Sector.21 Desinfectado.

BF2.exe D:\Battlefield2\RELOADED\Crack Win32.Sector.21 Desinfectado.

Battlefield 2_code.exe D:\Battlefield2\Support Win32.Sector.21 Desinfectado.

axcmd.exe c:\arquivos de programas\alcohol soft\alcohol 120 Win32.Sector.21 Desinfectado.

Autorun.exe D:\Battlefield2 Win32.Sector.21 Desinfectado.

ArcadeInstallBATTLEFIELD2_20.EXE D:\Battlefield2\Redist Win32.Sector.21 Desinfectado.

77.30_winxp_international.exe D:\Battlefield2\nvidia_driver Win32.Sector.21 Desinfectado.

upx.exe C:\Arquivos de programas\Adobe Win32.Sector.21 Desinfectado.

Photoshop.exe C:\Arquivos de programas\Adobe\Adobe Photoshop CS3 Win32.Sector.21 Desinfectado.

Droplet Template.exe C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Required Win32.Sector.21 Desinfectado.

AcroTextExtractor.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader Win32.Sector.21 Desinfectado.

Eula.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader Win32.Sector.21 Desinfectado.

LogTransport2.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader Win32.Sector.21 Desinfectado.

ACID.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120 Win32.Sector.21 Desinfectado.

Alcohol.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120 Win32.Sector.21 Desinfectado.

uninst.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120 Win32.Sector.21 Desinfectado.

_alcohol.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120 Win32.Sector.21 Desinfectado.

AxSrvUACHlper.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Plugins\Helper Win32.Sector.21 Desinfectado.

UACHlper.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Plugins\Helper Win32.Sector.21 Desinfectado.

NeroCheck.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib Win32.Sector.21 Desinfectado.

NeroScoutOptions.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib Win32.Sector.21 Desinfectado.

NeroUpgrade.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib Win32.Sector.21 Desinfectado.

NMFirstStart.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib Win32.Sector.21 Desinfectado.

NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib Win32.Sector.21 Desinfectado.

SetupX.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web Win32.Sector.21 Desinfectado.

AdminTool.exe C:\Arquivos de programas\Arquivos comuns\Akamai Win32.Sector.21 Desinfectado.

rswinui.exe C:\Arquivos de programas\Arquivos comuns\Akamai Win32.Sector.21 Desinfectado.

uninstall.exe C:\Arquivos de programas\Arquivos comuns\Akamai Win32.Sector.21 Desinfectado.

vcredist_x86.exe C:\Arquivos de programas\Arquivos comuns\Akamai Win32.Sector.21 Desinfectado.

IKernel.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32 Win32.Sector.21 Desinfectado.

jucheck.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update Win32.Sector.21 Desinfectado.

ACECNFLT.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12 Win32.Sector.21 Desinfectado.

WLLoginProxy.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live Win32.Sector.21 Desinfectado.

Ip Changer Updater.exe C:\Arquivos de programas\Asprate\Tibia Multi IP Changer Win32.Sector.21 Desinfectado.

Tibia MULTI-ip changer.exe C:\Arquivos de programas\Asprate\Tibia Multi IP Changer Win32.Sector.21 Desinfectado.

UNinstaller.exe C:\Arquivos de programas\Asprate\Tibia Multi IP Changer Win32.Sector.21 Desinfectado.

AWLAutorun.exe C:\Arquivos de programas\Aspyr\Guitar Hero III Win32.Sector.21 Desinfectado.

AWLMediaCenter.exe C:\Arquivos de programas\Aspyr\Guitar Hero III Win32.Sector.21 Desinfectado.

GH3.exe C:\Arquivos de programas\Aspyr\Guitar Hero III Win32.Sector.21 Desinfectado.

hatred.exe C:\Arquivos de programas\Aspyr\Guitar Hero III Win32.Sector.21 Desinfectado.

CCleaner.exe C:\Arquivos de programas\CCleaner Win32.Sector.21 Desinfectado.

uninst.exe C:\Arquivos de programas\CCleaner Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Cheat Engine Win32.Sector.21 Desinfectado.

CDSVersion.exe C:\Arquivos de programas\CyberLink\CDS Win32.Sector.21 Desinfectado.

CLDMA.exe C:\Arquivos de programas\CyberLink\PowerDVD Win32.Sector.21 Desinfectado.

cltest.exe C:\Arquivos de programas\CyberLink\PowerDVD Win32.Sector.21 Desinfectado.

ddtester.exe C:\Arquivos de programas\CyberLink\PowerDVD Win32.Sector.21 Desinfectado.

dvdrgn.exe C:\Arquivos de programas\CyberLink\PowerDVD Win32.Sector.21 Desinfectado.

PowerDVD.exe C:\Arquivos de programas\CyberLink\PowerDVD Win32.Sector.21 Desinfectado.

Language.exe C:\Arquivos de programas\CyberLink\PowerDVD\Language Win32.Sector.21 Desinfectado.

richvideoinstall.exe C:\Arquivos de programas\CyberLink\Shared Files Win32.Sector.21 Desinfectado.

richvideouninstall.exe C:\Arquivos de programas\CyberLink\Shared Files Win32.Sector.21 Desinfectado.

BF2.exe C:\Arquivos de programas\EA GAMES\Battlefield 2 Win32.Sector.21 Desinfectado.

BF2ServerLauncher.exe C:\Arquivos de programas\EA GAMES\Battlefield 2 Win32.Sector.21 Desinfectado.

BF2VoiceSetup.exe C:\Arquivos de programas\EA GAMES\Battlefield 2 Win32.Sector.21 Desinfectado.

BF2VoipServer.exe C:\Arquivos de programas\EA GAMES\Battlefield 2 Win32.Sector.21 Desinfectado.

BF2VoipServer_w32ded.exe C:\Arquivos de programas\EA GAMES\Battlefield 2 Win32.Sector.21 Desinfectado.

remoteconsole.exe C:\Arquivos de programas\EA GAMES\Battlefield 2\AdminUtils\rcon Win32.Sector.21 Desinfectado.

BFMC.exe C:\Arquivos de programas\EA GAMES\Battlefield 2\BFMC Win32.Sector.21 Desinfectado.

ArcadeInstallBATTLEFIELD2_20.EXE C:\Arquivos de programas\EA GAMES\Battlefield 2\Redist Win32.Sector.21 Desinfectado.

Battlefield 2_code.exe C:\Arquivos de programas\EA GAMES\Battlefield 2\Support Win32.Sector.21 Desinfectado.

EasyInfo.exe C:\Arquivos de programas\EA GAMES\Battlefield 2\Support Win32.Sector.21 Desinfectado.

EReg.exe C:\Arquivos de programas\EA GAMES\Battlefield 2\Support Win32.Sector.21 Desinfectado.

navserv.exe C:\Arquivos de programas\ElfBot NG Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\ElfBot NG Win32.Sector.21 Desinfectado.

Atualizador.exe C:\Arquivos de programas\GameVicio\Need for Speed Most Wanted Win32.Sector.21 Desinfectado.

Desinstalar.exe C:\Arquivos de programas\GameVicio\Need for Speed Most Wanted Win32.Sector.21 Desinfectado.

Barcsrv.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

Converse.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

Dexport.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

Dimport.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

Dsetup.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

Laconv.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

TrnsUtil.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

VerViewer.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

WT32p.exe C:\Arquivos de programas\Globalink Power Translator Pro Win32.Sector.21 Desinfectado.

GMHB.exe C:\Arquivos de programas\Gmhb Win32.Sector.21 Desinfectado.

Patch.exe C:\Arquivos de programas\Gmhb Win32.Sector.21 Desinfectado.

Tibia.exe C:\Arquivos de programas\Gmhb Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Gmhb Win32.Sector.21 Desinfectado.

moviethumb.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

Picasa3.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

PicasaPhotoViewer.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

PicasaUpdater.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

setup.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

Uninstall.exe C:\Arquivos de programas\Google\Picasa3 Win32.Sector.21 Desinfectado.

PicasaCD.exe C:\Arquivos de programas\Google\Picasa3\cdautorun Win32.Sector.21 Desinfectado.

PicasaRestore.exe C:\Arquivos de programas\Google\Picasa3\cdautorun Win32.Sector.21 Desinfectado.

setup.exe C:\Arquivos de programas\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B} Win32.Sector.21 Desinfectado.

Setup.exe C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} Win32.Sector.21 Desinfectado.

Setup.exe C:\Arquivos de programas\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1} Win32.Sector.21 Desinfectado.

setup.exe C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} Win32.Sector.21 Desinfectado.

IDMGrHlp.exe C:\Arquivos de programas\Internet Download Manager Win32.Sector.21 Desinfectado.

IEMonitor.exe C:\Arquivos de programas\Internet Download Manager Win32.Sector.21 Desinfectado.

Uninstall.exe C:\Arquivos de programas\Internet Download Manager Win32.Sector.21 Desinfectado.

java-rmi.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

java.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

javacpl.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

javaw.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

javaws.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

jbroker.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

jp2launcher.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

jqs.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

jqsnotify.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

keytool.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

kinit.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

klist.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

ktab.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

orbd.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

pack200.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

policytool.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

rmid.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

rmiregistry.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

servertool.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

ssvagent.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

tnameserv.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

unpack200.exe C:\Arquivos de programas\Java\jre6\bin Win32.Sector.21 Desinfectado.

CodecTweakTool.exe C:\Arquivos de programas\K-Lite Codec Pack\Tools Win32.Sector.21 Desinfectado.

graphstudio.exe C:\Arquivos de programas\K-Lite Codec Pack\Tools Win32.Sector.21 Desinfectado.

mediainfo.exe C:\Arquivos de programas\K-Lite Codec Pack\Tools Win32.Sector.21 Desinfectado.

StatsReader.exe C:\Arquivos de programas\K-Lite Codec Pack\Tools Win32.Sector.21 Desinfectado.

VobSubStrip.exe C:\Arquivos de programas\K-Lite Codec Pack\Tools Win32.Sector.21 Desinfectado.

everest.exe C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition Win32.Sector.21 Desinfectado.

execNoWindow.exe C:\Arquivos de programas\LimeWire Win32.Sector.21 Desinfectado.

LimeWire.exe C:\Arquivos de programas\LimeWire Win32.Sector.21 Desinfectado.

uninstall.exe C:\Arquivos de programas\LimeWire Win32.Sector.21 Desinfectado.

server.exe C:\Arquivos de programas\Magebot Win32.Sector.21 Desinfectado.

uninstall.exe C:\Arquivos de programas\Magebot Win32.Sector.21 Desinfectado.

megacubo.exe C:\Arquivos de programas\Megacubo Win32.Sector.21 Desinfectado.

aacplus.exe C:\Arquivos de programas\Megacubo\components\bin Win32.Sector.21 Desinfectado.

pv.exe C:\Arquivos de programas\Megacubo\components\bin Win32.Sector.21 Desinfectado.

Log Viewer.exe C:\Arquivos de programas\Messenger Plus! Live Win32.Sector.21 Desinfectado.

MPTools.exe C:\Arquivos de programas\Messenger Plus! Live Win32.Sector.21 Desinfectado.

Uninstall.exe C:\Arquivos de programas\Messenger Plus! Live Win32.Sector.21 Desinfectado.

helper.exe C:\Arquivos de programas\Mozilla Firefox\uninstall Win32.Sector.21 Desinfectado.

nero.exe C:\Arquivos de programas\Nero\Nero 7\Core Win32.Sector.21 Desinfectado.

NeroCmd.exe C:\Arquivos de programas\Nero\Nero 7\Core Win32.Sector.21 Desinfectado.

UNNERO.exe C:\Arquivos de programas\Nero\Nero 7\Nero\Uninstall Win32.Sector.21 Desinfectado.

WMPBurn.exe C:\Arquivos de programas\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in Win32.Sector.21 Desinfectado.

ImageDrive.exe C:\Arquivos de programas\Nero\Nero 7\Nero ImageDrive Win32.Sector.21 Desinfectado.

SoundTrax.exe C:\Arquivos de programas\Nero\Nero 7\Nero SoundTrax Win32.Sector.21 Desinfectado.

NeroStartSmart.exe C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart Win32.Sector.21 Desinfectado.

CDSpeed.exe C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit Win32.Sector.21 Desinfectado.

DriveSpeed.exe C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit Win32.Sector.21 Desinfectado.

InfoTool.exe C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit Win32.Sector.21 Desinfectado.

NeroBurnRights.exe C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit Win32.Sector.21 Desinfectado.

DXEnum.exe C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor Win32.Sector.21 Desinfectado.

waveedit.exe C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Orban\AAC-aacPlus Plugin Win32.Sector.21 Desinfectado.

game.exe C:\Arquivos de programas\Priston Tale Brasil Win32.Sector.21 Desinfectado.

PsTale.exe C:\Arquivos de programas\Priston Tale Brasil Win32.Sector.21 Desinfectado.

psupdate.exe C:\Arquivos de programas\Priston Tale Brasil Win32.Sector.21 Desinfectado.

psupdate.patch.exe C:\Arquivos de programas\Priston Tale Brasil Win32.Sector.21 Desinfectado.

uninstall.exe C:\Arquivos de programas\Priston Tale Brasil Win32.Sector.21 Desinfectado.

Dart.exe C:\Arquivos de programas\PTMAI Win32.Sector.21 Desinfectado.

Dart.exe C:\Arquivos de programas\PTMAI Win32.HLLW.Shepher.2 Eliminado.

game.exe C:\Arquivos de programas\PTMAI Win32.HLLW.Shepher.21 Eliminado.

Launcher.exe C:\Arquivos de programas\PTMAI Win32.Sector.21 Desinfectado.

Launcher_utilizar_esse.exe C:\Arquivos de programas\PTMAI Win32.Sector.21 Desinfectado.

Mitril.exe C:\Arquivos de programas\PTMAI Win32.Sector.21 Desinfectado.

Mitril.exe C:\Arquivos de programas\PTMAI Win32.HLLW.Shepher.2 Eliminado.

PTMAIS.EXE C:\Arquivos de programas\PTMAI Win32.HLLW.Shepher.21 Eliminado.

bmp.exe C:\Arquivos de programas\PTMAI\char\tmABCD Win32.Sector.21 Desinfectado.

lostpt.exe C:\Arquivos de programas\PTMAI\char\tmABCD Win32.HLLW.Shepher.2 Eliminado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\char\tmABCD Win32.Sector.21 Desinfectado.

GAME.EXE C:\Arquivos de programas\PTMAI\image\Sinimage\indishop Win32.HLLW.Shepher.21 Eliminado.

SMD Unblock.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Event Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\Premium Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle Win32.Sector.21 Desinfectado.

game.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale Win32.HLLW.Shepher.21 Eliminado.

Launcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest Win32.Sector.21 Desinfectado.

Priston Tale BMP Patcher.exe C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium Win32.Sector.21 Desinfectado.

Alcmtr.exe C:\Arquivos de programas\Realtek\Audio\InstallShield Win32.Sector.21 Desinfectado.

ChCfg.exe C:\Arquivos de programas\Realtek\Audio\InstallShield Win32.Sector.21 Desinfectado.

RtlUpd.exe C:\Arquivos de programas\Realtek\Audio\InstallShield Win32.Sector.21 Desinfectado.

SkyTel.exe C:\Arquivos de programas\Realtek\Audio\InstallShield Win32.Sector.21 Desinfectado.

SoundMan.exe C:\Arquivos de programas\Realtek\Audio\InstallShield Win32.Sector.21 Desinfectado.

Skype.exe C:\Arquivos de programas\Skype\Phone Win32.Sector.21 Desinfectado.

vegas80.exe C:\Arquivos de programas\Sony\Vegas Pro 8.0 Win32.Sector.21 Desinfectado.

vidcap60.exe C:\Arquivos de programas\Sony\Vegas Pro 8.0 Win32.Sector.21 Desinfectado.

Setup.exe C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0 Win32.Sector.21 Desinfectado.

vcredist_x86.exe C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0 Win32.Sector.21 Desinfectado.

uninstall.exe C:\Arquivos de programas\SpeedyiTunes Win32.Sector.21 Desinfectado.

ffmpeg.exe C:\Arquivos de programas\SpeedyiTunes\convertor Win32.Sector.21 Desinfectado.

ClearHist.exe C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer Win32.Sector.21 Desinfectado.

mgHelperApp.exe C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer Win32.Sector.21 Desinfectado.

Uninstall.exe C:\Arquivos de programas\TeamSpeak 3 Client Win32.Sector.21 Desinfectado.

update.exe C:\Arquivos de programas\TeamSpeak 3 Client Win32.Sector.21 Desinfectado.

TeamSpeak.exe C:\Arquivos de programas\Teamspeak2_RC2 Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Teamspeak2_RC2 Win32.Sector.21 Desinfectado.

Patch.exe C:\Arquivos de programas\Tibia Win32.Sector.21 Desinfectado.

Tibia.exe C:\Arquivos de programas\Tibia Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\Tibia Win32.Sector.21 Desinfectado.

unins000.exe C:\Arquivos de programas\VSO\ConvertX\3 Win32.Sector.21 Desinfectado.

msvs.exe C:\Arquivos de programas\Windows Live\Messenger Win32.Sector.21 Desinfectado.

hypertrm.exe C:\Arquivos de programas\Windows NT Win32.Sector.21 Desinfectado.

Rar.exe C:\Arquivos de programas\WinRAR Win32.Sector.21 Desinfectado.

Uninstall.exe C:\Arquivos de programas\WinRAR Win32.Sector.21 Desinfectado.

UnRAR.exe C:\Arquivos de programas\WinRAR Win32.Sector.21 Desinfectado.

WinRAR.exe C:\Arquivos de programas\WinRAR Win32.Sector.21 Desinfectado.

lsass.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos Win32.Virut.5 Eliminado.

services.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos Win32.Virut.5 Eliminado.

winlogon.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos Win32.Virut.5 Eliminado.

swmi.exe C:\Documents and Settings\Administrador\Configurações locais\temp Trojan.DownLoad.64240 Eliminado.

w2e667a.exe C:\Documents and Settings\Administrador\Configurações locais\temp BackDoor.Siggen.26423 Incurável.Movido.

winjeynqc.exe C:\Documents and Settings\Administrador\Configurações locais\temp Trojan.DownLoader1.18855 Eliminado.

inst.exe C:\Documents and Settings\Administrador\Dados de aplicativos Win32.Sector.21 Desinfectado.

idmupdt.exe C:\Documents and Settings\Administrador\Dados de aplicativos\IDM Win32.Sector.21 Desinfectado.

PristonTale4142.exe C:\Documents and Settings\Administrador\Dados de aplicativos\IDM\DwnlData\Administrador\PristonTale4142_283 Win32.Sector.21 Desinfectado.

crashreporter.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

updater.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xpcshell.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xpicleanup.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xpidl.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xpt_dump.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xpt_link.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xulrunner-stub.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

xulrunner.exe C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner Win32.Sector.21 Desinfectado.

ctfmon.exe C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall\aurelio\400000600002i BackDoor.IRC.Sdbot.5679 Incurável.Movido.

Setup.exe C:\Documents and Settings\Administrador\Desktop\Jogos\gh3 Win32.Sector.21 Desinfectado.

DXSETUP.exe C:\Documents and Settings\Administrador\Desktop\Jogos\gh3\directx9 Win32.Sector.21 Desinfectado.

gh3.exe C:\Documents and Settings\Administrador\Desktop\Jogos\gh3\HATRED Win32.Sector.21 Desinfectado.

hatred.exe C:\Documents and Settings\Administrador\Desktop\Jogos\gh3\HATRED Win32.Sector.21 Desinfectado.

Klick0r.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-10(2007-10)\v4-10(2007-10) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-10(2007-10)\v4-10a(2007-10a Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-11(2007-11)\v4-11(2007-11) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-11(2007-11)\v4-11a(2007-11a Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-12(2007-12)\v4-12(2007-12) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-12(2007-12)\v4-12a(2007-12a Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-13(2008-01) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-14(2008-02) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-22 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-23 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-25 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-27 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-28 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-29 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-06-30 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-02 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-04 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-06 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-07 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-11 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-7dailies\2007-07-12 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-8(2007-08) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v4-9(2007-09) Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v5-0 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v5-1 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v5-2 Win32.Sector.21 Desinfectado.

Xpadder.exe C:\Documents and Settings\Administrador\Desktop\Jogos\Programas\xpadder_gamepad_profiler\history\v5-3Final Win32.Sector.21 Desinfectado.

setup.exe C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Brazilian Win32.Sector.21 Desinfectado.

HiJackThis.exe C:\Hijacks Win32.Sector.21 Desinfectado.

AutoRun.exe C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

DIAG.EXE C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

eauninstall.exe C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

safemode_inst.exe C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

shell_inst.exe C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

speed.exe C:\Neeeeeeeeed Win32.Sector.21 Desinfectado.

speed.exe C:\Neeeeeeeeed\Crack Win32.Sector.21 Desinfectado.

DXSETUP.exe C:\Neeeeeeeeed\DirectX Win32.Sector.21 Desinfectado.

EasyInfo.exe C:\Neeeeeeeeed\Support Win32.Sector.21 Desinfectado.

EReg.exe C:\Neeeeeeeeed\Support Win32.Sector.21 Desinfectado.

Need for Speed Most Wanted_code.exe C:\Neeeeeeeeed\Support Win32.Sector.21 Desinfectado.

Need for Speed Most Wanted_uninst.exe C:\Neeeeeeeeed\Support Win32.Sector.21 Desinfectado.

gosyma.pif.vir C:\Qoobox\Quarantine\C Win32.Sector.21 Desinfectado.

oiimv.pif.vir C:\Qoobox\Quarantine\C Win32.Sector.21 Desinfectado.

vbteyw.pif.vir C:\Qoobox\Quarantine\C Win32.Sector.21 Desinfectado.

imagen1.exe.vir C:\Qoobox\Quarantine\C\Documents and Settings\Administrador Trojan.DownLoad1.39525 Eliminado.

Brengkolang.com.vir C:\Qoobox\Quarantine\C\Documents and Settings\Administrador\Modelos Win32.Virut.5 Eliminado.

Imagen7.exe.vir C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos Trojan.PWS.Banker.51855 Eliminado.

Windwnx32.exe.vir C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos Trojan.DownLoad1.39525 Eliminado.

ALCMTR.EXE.vir C:\Qoobox\Quarantine\C\WINDOWS Win32.Sector.21 Desinfectado.

Administrador's Setting.scr.vir C:\Qoobox\Quarantine\C\WINDOWS\system32 Win32.Virut.5 Eliminado.

ssyxnu.pif.vir C:\Qoobox\Quarantine\D Win32.Sector.21 Desinfectado.

xtstnv.pif.vir C:\Qoobox\Quarantine\D Win32.Sector.21 Desinfectado.

hkcmd.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

igfxpers.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

igfxtray.exe C:\WINDOWS\system32 Win32.Sector.21 Desinfectado.

EasyInfo.exe D:\Need for Speed Underground 2\Support Win32.Sector.21 Desinfectado.

EReg.exe D:\Need for Speed Underground 2\Support Win32.Sector.21 Desinfectado.

Need for Speed Underground 2_code.exe D:\Need for Speed Underground 2\Support Win32.Sector.21 Desinfectado.

Need for Speed Underground 2_uninst.exe D:\Need for Speed Underground 2\Support Win32.Sector.21 Desinfectado.

 

 

 

 

 

 

aki o do hijacks

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:52:58, on 11/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\swmi.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winjeynqc.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\w2e667a.exe

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE

C:\Hijacks\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\B2544B\A967BE.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {A68C2B32-789F-486B-85DA-8CF36DE2743E} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9403 bytes

 

 

 

 

Axei q estava tudo normalizado + o gerenciador de tarefas eo regedit continuao bloqueados

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:) Vários problemas foram removidos, mas ainda há outros problemas.

_____________________________

 

:seta: Siga também estas dicas:

 

Tutorial do Kaspersky Virus Removal Tool

 

Tutorial do Norman Malware Cleaner

______________________________

 

:seta: Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e o log do Kaspersky Virus Removal Tool e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Chxiscrete    0

Chxiscrete
Postado

Ola Antonio Vieira Sobrinho

 

BOm passei todos eles demoro bastente kk + parece q nao teve diferença o gerenciador de tarefas eo regedit continao bloqueados Bom vo manda os logs

 

 

Hijackthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:24:59, on 11/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijacks\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: 188.165.201.54 www.bb.com.br

O1 - Hosts: 188.165.201.54 bb.com.br

O1 - Hosts: 188.165.201.54 bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 bancobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\B2544B\A967BE.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {A68C2B32-789F-486B-85DA-8CF36DE2743E} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9422 bytes

 

 

 

 

 

 

 

 

 

 

 

 

NorMan Malware

 

Norman Malware Cleaner

Version 1.8.2

Copyright © 1990 - 2010, Norman ASA. Built 2010/10/10 22:25:48

 

Norman Scanner Engine Version: 6.06.07

Nvcbin.def Version: 6.06.00, Date: 2010/10/10 22:25:48, Variants: 7658657

 

Scan started: 2010/10/11 16:07:27

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: USER\Administrador

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000

 

Scanning kernel...

 

Kernel scan complete

 

 

 

 

 

 

 

Kapersky

 

Autoscan: completed 2 minutes ago (events: 281, objects: 299105, time: 00:32:52)

11/10/2010 19:21:54 Task started

11/10/2010 19:21:56 Detected: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe

11/10/2010 19:21:56 Untreated: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe Postponed

11/10/2010 19:27:15 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe

11/10/2010 19:27:15 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Postponed

11/10/2010 19:43:00 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll

11/10/2010 19:43:00 Untreated: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll Postponed

11/10/2010 19:43:54 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem\SMD Unblock.exe

11/10/2010 19:43:54 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem\SMD Unblock.exe Postponed

11/10/2010 19:44:07 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 19:44:07 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:44:09 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 19:44:09 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:44:17 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 19:44:17 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:44:38 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 19:44:38 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Premium\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:44:39 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle\Priston Tale BMP Patcher.exe

11/10/2010 19:44:39 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:44:46 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe

11/10/2010 19:44:46 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe Postponed

11/10/2010 19:46:28 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe

11/10/2010 19:46:28 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:46:57 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe

11/10/2010 19:46:57 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:46:57 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 19:46:57 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:46:57 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 19:46:57 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:46:57 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 19:46:57 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:46:58 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 19:46:58 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium\Priston Tale BMP Patcher.exe Postponed

11/10/2010 19:47:36 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe

11/10/2010 19:47:36 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe Postponed

11/10/2010 19:47:37 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe

11/10/2010 19:47:37 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe Postponed

11/10/2010 19:47:47 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe

11/10/2010 19:47:47 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe Postponed

11/10/2010 19:47:48 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe

11/10/2010 19:47:48 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe Postponed

11/10/2010 19:48:23 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony\Vegas Pro 8.0\vidcap60.exe

11/10/2010 19:48:23 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony\Vegas Pro 8.0\vidcap60.exe Postponed

11/10/2010 19:49:20 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\vcredist_x86.exe

11/10/2010 19:49:20 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\vcredist_x86.exe Postponed

11/10/2010 19:49:52 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\uninstall.exe

11/10/2010 19:49:52 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\uninstall.exe Postponed

11/10/2010 19:49:53 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\convertor\ffmpeg.exe

11/10/2010 19:49:53 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\convertor\ffmpeg.exe Postponed

11/10/2010 19:50:00 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

11/10/2010 19:50:00 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\ClearHist.exe Postponed

11/10/2010 19:50:08 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe

11/10/2010 19:50:08 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe Postponed

11/10/2010 19:50:08 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\update.exe

11/10/2010 19:50:08 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\update.exe Postponed

11/10/2010 19:50:25 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe

11/10/2010 19:50:25 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe Postponed

11/10/2010 19:50:28 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\Patch.exe

11/10/2010 19:50:28 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\Patch.exe Postponed

11/10/2010 19:50:29 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\unins000.exe

11/10/2010 19:50:29 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\unins000.exe Postponed

11/10/2010 19:50:32 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe

11/10/2010 19:50:32 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe Postponed

11/10/2010 19:50:41 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows Live\Messenger\msvs.exe

11/10/2010 19:50:41 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows Live\Messenger\msvs.exe Postponed

11/10/2010 19:50:50 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe

11/10/2010 19:50:50 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe Postponed

11/10/2010 19:51:02 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\Uninstall.exe

11/10/2010 19:51:02 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\Uninstall.exe Postponed

11/10/2010 19:51:03 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\UnRAR.exe

11/10/2010 19:51:03 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\UnRAR.exe Postponed

11/10/2010 19:51:16 Detected: HEUR:Trojan.Win32.Generic C:\ComboFix\CF4356.cfxxe

11/10/2010 19:51:16 Untreated: HEUR:Trojan.Win32.Generic C:\ComboFix\CF4356.cfxxe Postponed

11/10/2010 19:52:16 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll

11/10/2010 19:52:16 Untreated: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll Postponed

11/10/2010 19:52:51 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

11/10/2010 19:52:51 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe Postponed

11/10/2010 19:53:03 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\crashreporter.exe

11/10/2010 19:53:03 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\crashreporter.exe Postponed

11/10/2010 19:53:04 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpcshell.exe

11/10/2010 19:53:04 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpcshell.exe Postponed

11/10/2010 19:53:04 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpicleanup.exe

11/10/2010 19:53:04 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpicleanup.exe Postponed

11/10/2010 19:53:05 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_dump.exe

11/10/2010 19:53:05 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_dump.exe Postponed

11/10/2010 19:53:05 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpidl.exe

11/10/2010 19:53:05 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpidl.exe Postponed

11/10/2010 19:53:07 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_link.exe

11/10/2010 19:53:07 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_link.exe Postponed

11/10/2010 19:53:07 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xulrunner-stub.exe

11/10/2010 19:53:07 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xulrunner-stub.exe Postponed

11/10/2010 20:07:00 Detected: HEUR:Trojan.Win32.Generic D:\utjhbt.exe

11/10/2010 20:07:00 Untreated: HEUR:Trojan.Win32.Generic D:\utjhbt.exe Postponed

11/10/2010 20:07:30 Detected: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe

11/10/2010 20:07:30 Untreated: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe Postponed

11/10/2010 20:10:55 Detected: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe

11/10/2010 20:10:55 Untreated: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe Postponed

11/10/2010 20:11:14 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe

11/10/2010 20:11:14 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe Postponed

11/10/2010 20:14:03 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe

11/10/2010 20:14:03 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Postponed

11/10/2010 20:46:51 Task stopped

11/10/2010 20:46:55 Task started

11/10/2010 20:47:09 Detected: HEUR:Trojan.Win32.Generic D:\utjhbt.exe

11/10/2010 20:47:09 Untreated: HEUR:Trojan.Win32.Generic D:\utjhbt.exe Postponed

11/10/2010 20:47:19 Detected: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe

11/10/2010 20:47:19 Untreated: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe Postponed

11/10/2010 20:48:27 Detected: HEUR:Trojan.Win32.Generic c:\arquivos de programas\windows nt\hypertrm.exe

11/10/2010 20:48:27 Untreated: HEUR:Trojan.Win32.Generic c:\arquivos de programas\windows nt\hypertrm.exe Postponed

11/10/2010 20:48:28 Detected: HEUR:Trojan.Win32.Generic c:\yfiiwl.exe

11/10/2010 20:48:28 Untreated: HEUR:Trojan.Win32.Generic c:\yfiiwl.exe Postponed

11/10/2010 20:48:36 Detected: HEUR:Trojan.Win32.Generic c:\arquivos de programas\Nero\Nero 7\nero toolkit\neroburnrights.exe

11/10/2010 20:48:36 Untreated: HEUR:Trojan.Win32.Generic c:\arquivos de programas\Nero\Nero 7\nero toolkit\neroburnrights.exe Postponed

11/10/2010 20:48:38 Detected: HEUR:Trojan.Win32.Generic c:\yfiiwl.exe

11/10/2010 20:48:38 Untreated: HEUR:Trojan.Win32.Generic c:\yfiiwl.exe Postponed

11/10/2010 20:51:16 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe

11/10/2010 20:51:16 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Postponed

11/10/2010 20:55:01 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Priston Tale Brasil\XTrap\XTrap.xt

11/10/2010 20:55:01 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Priston Tale Brasil\XTrap\XTrap.xt Postponed

11/10/2010 20:55:24 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll

11/10/2010 20:55:24 Untreated: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll Postponed

11/10/2010 20:57:53 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll

11/10/2010 20:57:53 Untreated: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll Postponed

11/10/2010 20:58:25 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem\SMD Unblock.exe

11/10/2010 20:58:25 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem\SMD Unblock.exe Postponed

11/10/2010 20:58:26 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 20:58:26 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:58:27 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 20:58:27 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:58:28 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 20:58:28 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:58:32 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 20:58:32 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Premium\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:58:36 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle\Priston Tale BMP Patcher.exe

11/10/2010 20:58:36 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:58:40 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe

11/10/2010 20:58:40 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe Postponed

11/10/2010 20:58:58 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe

11/10/2010 20:58:58 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:24 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe

11/10/2010 20:59:24 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:24 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 20:59:24 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:25 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 20:59:25 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:26 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 20:59:26 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:27 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 20:59:27 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium\Priston Tale BMP Patcher.exe Postponed

11/10/2010 20:59:59 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe

11/10/2010 20:59:59 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe Postponed

11/10/2010 20:59:59 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe

11/10/2010 20:59:59 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe Postponed

11/10/2010 21:00:00 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe

11/10/2010 21:00:00 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe Postponed

11/10/2010 21:00:01 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe

11/10/2010 21:00:01 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe Postponed

11/10/2010 21:00:03 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony\Vegas Pro 8.0\vidcap60.exe

11/10/2010 21:00:03 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony\Vegas Pro 8.0\vidcap60.exe Postponed

11/10/2010 21:00:06 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\uninstall.exe

11/10/2010 21:00:06 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\uninstall.exe Postponed

11/10/2010 21:00:06 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\convertor\ffmpeg.exe

11/10/2010 21:00:06 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\convertor\ffmpeg.exe Postponed

11/10/2010 21:00:07 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

11/10/2010 21:00:07 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\ClearHist.exe Postponed

11/10/2010 21:00:08 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe

11/10/2010 21:00:08 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe Postponed

11/10/2010 21:00:09 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\update.exe

11/10/2010 21:00:09 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\update.exe Postponed

11/10/2010 21:00:11 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe

11/10/2010 21:00:11 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe Postponed

11/10/2010 21:00:14 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\Patch.exe

11/10/2010 21:00:14 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\Patch.exe Postponed

11/10/2010 21:00:15 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\unins000.exe

11/10/2010 21:00:15 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\unins000.exe Postponed

11/10/2010 21:00:16 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe

11/10/2010 21:00:16 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe Postponed

11/10/2010 21:00:19 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows Live\Messenger\msvs.exe

11/10/2010 21:00:19 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows Live\Messenger\msvs.exe Postponed

11/10/2010 21:00:20 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe

11/10/2010 21:00:20 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe Postponed

11/10/2010 21:00:21 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\Uninstall.exe

11/10/2010 21:00:21 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\Uninstall.exe Postponed

11/10/2010 21:00:21 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\UnRAR.exe

11/10/2010 21:00:21 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\UnRAR.exe Postponed

11/10/2010 21:00:23 Detected: HEUR:Trojan.Win32.Generic C:\ComboFix\CF4356.cfxxe

11/10/2010 21:00:23 Untreated: HEUR:Trojan.Win32.Generic C:\ComboFix\CF4356.cfxxe Postponed

11/10/2010 21:00:31 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\vcredist_x86.exe

11/10/2010 21:00:31 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\vcredist_x86.exe Postponed

11/10/2010 21:01:05 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

11/10/2010 21:01:05 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe Postponed

11/10/2010 21:01:29 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\crashreporter.exe

11/10/2010 21:01:29 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\crashreporter.exe Postponed

11/10/2010 21:01:29 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpcshell.exe

11/10/2010 21:01:29 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpcshell.exe Postponed

11/10/2010 21:01:31 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpicleanup.exe

11/10/2010 21:01:31 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpicleanup.exe Postponed

11/10/2010 21:01:31 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpidl.exe

11/10/2010 21:01:31 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpidl.exe Postponed

11/10/2010 21:01:32 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_link.exe

11/10/2010 21:01:32 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_link.exe Postponed

11/10/2010 21:01:33 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_dump.exe

11/10/2010 21:01:33 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_dump.exe Postponed

11/10/2010 21:01:34 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xulrunner-stub.exe

11/10/2010 21:01:34 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xulrunner-stub.exe Postponed

11/10/2010 21:11:26 Detected: HEUR:Trojan.Win32.Generic D:\othca.pif

11/10/2010 21:11:26 Untreated: HEUR:Trojan.Win32.Generic D:\othca.pif Postponed

11/10/2010 21:11:26 Detected: HEUR:Trojan.Win32.Generic D:\utjhbt.exe

11/10/2010 21:11:26 Untreated: HEUR:Trojan.Win32.Generic D:\utjhbt.exe Postponed

11/10/2010 21:11:39 Detected: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe

11/10/2010 21:11:39 Untreated: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe Postponed

11/10/2010 21:12:41 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe

11/10/2010 21:15:39 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe

11/10/2010 21:16:19 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\Launcher.exe Skipped by user

11/10/2010 21:16:20 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe

11/10/2010 21:16:23 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\char\tmABCD\Priston Tale BMP Patcher.exe Skipped by user

11/10/2010 21:16:23 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe

11/10/2010 21:16:25 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Event\Priston Tale BMP Patcher.exe Skipped by user

11/10/2010 21:16:25 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 21:16:26 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe Skipped by user

11/10/2010 21:16:27 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 21:16:28 Untreated: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe Skipped by user

11/10/2010 21:16:28 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 21:16:32 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\Mirrors Priston Tale\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 21:16:34 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\DropItem\SMD Unblock.exe

11/10/2010 21:16:56 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Make\Priston Tale BMP Patcher.exe

11/10/2010 21:17:02 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Potion\Priston Tale BMP Patcher.exe

11/10/2010 21:17:04 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Items\Quest\Priston Tale BMP Patcher.exe

11/10/2010 21:17:05 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\Premium\Priston Tale BMP Patcher.exe

11/10/2010 21:17:07 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\PTMAI\image\Sinimage\skill\Archer\JobTitle\Priston Tale BMP Patcher.exe

11/10/2010 21:17:08 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll

11/10/2010 21:17:20 Deleted: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\image\XTrapVa.dll

11/10/2010 21:17:28 Detected: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll

11/10/2010 21:17:36 Untreated: Backdoor.Win32.Shark.hnv C:\Arquivos de programas\PTMAI\patch_completo_10-11-2009.rar/image/XTrapVa.dll Write not supported

11/10/2010 21:17:37 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Priston Tale Brasil\XTrap\XTrap.xt

11/10/2010 21:17:44 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe

11/10/2010 21:17:48 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe

11/10/2010 21:18:09 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe

11/10/2010 21:18:15 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe

11/10/2010 21:18:16 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\vcredist_x86.exe

11/10/2010 21:18:17 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Sony\Vegas Pro 8.0\vidcap60.exe

11/10/2010 21:18:18 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\convertor\ffmpeg.exe

11/10/2010 21:18:18 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SpeedyiTunes\uninstall.exe

11/10/2010 21:18:18 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

11/10/2010 21:18:19 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe

11/10/2010 21:18:19 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\TeamSpeak 3 Client\update.exe

11/10/2010 21:18:19 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe

11/10/2010 21:18:20 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\Patch.exe

11/10/2010 21:18:20 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Tibia\unins000.exe

11/10/2010 21:18:21 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe

11/10/2010 21:18:21 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\UnRAR.exe

11/10/2010 21:18:21 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\WinRAR\Uninstall.exe

11/10/2010 21:18:22 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows Live\Messenger\msvs.exe

11/10/2010 21:18:22 Detected: HEUR:Trojan.Win32.Generic C:\Arquivos de programas\Windows NT\hypertrm.exe

11/10/2010 21:18:42 Detected: HEUR:Trojan.Win32.Generic C:\ComboFix\CF4356.cfxxe

11/10/2010 21:18:43 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\crashreporter.exe

11/10/2010 21:18:43 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpcshell.exe

11/10/2010 21:18:43 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpicleanup.exe

11/10/2010 21:18:44 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpidl.exe

11/10/2010 21:18:44 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_dump.exe

11/10/2010 21:18:44 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xpt_link.exe

11/10/2010 21:18:45 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\xulrunner-stub.exe

11/10/2010 21:18:45 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

11/10/2010 21:18:46 Detected: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe

11/10/2010 21:18:59 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\opeN

11/10/2010 21:18:59 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\ExpLoRE\CommAND

11/10/2010 21:18:59 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\OPen\comMaNd

11/10/2010 21:18:59 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\AutoPlay\Command

11/10/2010 21:19:05 Detected: HEUR:Trojan.Win32.Generic D:\Battlefield2\BFMC\BFMC.exe

11/10/2010 21:19:10 Detected: HEUR:Trojan.Win32.Generic D:\othca.pif

11/10/2010 21:19:22 Disinfected: HEUR:Trojan.Win32.Generic D:\autorun.inf\AutoRun\OpeN

11/10/2010 21:19:22 Disinfected: HEUR:Trojan.Win32.Generic D:\autorun.inf\AutoRun\shelL\explORe\coMMand

11/10/2010 21:19:22 Disinfected: HEUR:Trojan.Win32.Generic D:\autorun.inf\AutoRun\shelL\oPeN\COmmAnd

11/10/2010 21:19:22 Disinfected: HEUR:Trojan.Win32.Generic D:\autorun.inf\AutoRun\shelL\AUtOplAy\cOMManD

11/10/2010 21:19:28 Detected: HEUR:Trojan.Win32.Generic D:\utjhbt.exe

11/10/2010 21:19:29 Detected: HEUR:Trojan.Win32.Generic C:\yfiiwl.exe

11/10/2010 21:19:42 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\opeN

11/10/2010 21:19:42 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\ExpLoRE\CommAND

11/10/2010 21:19:42 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\OPen\comMaNd

11/10/2010 21:19:42 Disinfected: HEUR:Trojan.Win32.Generic C:\autorun.inf\AutoRun\ShElL\AutoPlay\Command

11/10/2010 21:19:47 Task completed

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: No seu log do Kaspersky estão constando vários problemas encontrados por ele e muitos destes problemas não foram removidos, se você ainda está com a tela aberta dele aberta seria muito importante excluí-los conforme está sendo mostrado no tutorial dele que te passei.

_________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga se mais algum problema foi removido pelo Kaspersky e como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Chxiscrete    0

Chxiscrete
Postado

Antonio Parece me q ta tudo normal ein pelo - n tem + nada bloqueado tipo o gerenciador de tarefas eo regedit vou postar os logs

 

Hijacks

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:37:31, on 11/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Hijacks\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: 188.165.201.54 www.bb.com.br

O1 - Hosts: 188.165.201.54 bb.com.br

O1 - Hosts: 188.165.201.54 bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 bancobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {A68C2B32-789F-486B-85DA-8CF36DE2743E} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9314 bytes

 

 

 

 

Malwarebytes

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4796

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

11/10/2010 22:26:05

mbam-log-2010-10-11 (22-26-05).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 169533

Tempo decorrido: 12 minuto(s), 40 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 2

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 5

Pastas Infectadas: 1

Arquivos Infectados: 8

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

C:\Documents and Settings\Administrador\Configurações locais\temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\autorun.inf (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\yfiiwl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Shfolder.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Megacubo\components\bin\liqen\bin\justintv viwer.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

D:\othca.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\temp\E_4\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)

 

O9 - Extra button: FreshDownload - {A68C2B32-789F-486B-85DA-8CF36DE2743E} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe (file missing)

______________________________

 

:seta: Faça o download do HostsXpert.zip:

http://www.funkytoad.com/download/HostsXpert.zip

• Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)

• Duplo clique em HostsXpert.exe para executar o programa.

• Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).

• Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".

• Clique no X para sair do programa

______________________________

 

:seta: Siga também estas dicas:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/04/tutorial-do-antivirus-bitdefender.html"]Tutorial do antivírus BitDefender Online

__________________________

 

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis e o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Chxiscrete    0

Chxiscrete
Postado

Os logs ;D

 

Bitdefender

 

 

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 12:10:2010

Time = 00:17:32

Scan Path = C:\;D:\;E:\;F:\;G:\;H:\;I:\;

 

[Engines Info]

Virus Definitions = 6312387

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.42 (Aug 31 2010)"

Scan plugins = 18

Archive plugins = 44

Unpack plugins = 10

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 4875

Files = 190655

Archives = 2253

Packed files = 8814

Identified viruses = 53

Infected files = 63

Warnings = 0

Suspect files = 0

Disinfected files = 11

Deleted files = 48

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 86

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000176 = "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe Infected with: Win32.Sality.3"

Line00000175 = "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe Disinfected"

Line00000174 = "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Alcohol.exe Infected with: Gen:Malware.Heur.zG0@b0ay7xj"

Line00000173 = "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Alcohol.exe Disinfection failed"

Line00000172 = "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Alcohol.exe Deleted"

Line00000171 = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroScoutOptions.exe Infected with: Gen:Malware.Heur.sq0@b0SImDpi"

Line00000170 = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroScoutOptions.exe Disinfection failed"

Line00000169 = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroScoutOptions.exe Deleted"

Line00000168 = "C:\Arquivos de programas\Arquivos comuns\Akamai\AdminTool.exe Infected with: Win32.Sality.3"

Line00000167 = "C:\Arquivos de programas\Arquivos comuns\Akamai\AdminTool.exe Disinfected"

Line00000166 = "C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe Infected with: Gen:Malware.Heur.Lq0@bWQP54fi"

Line00000165 = "C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe Disinfection failed"

Line00000164 = "C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe Deleted"

Line00000163 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Infected with: Gen:Malware.Heur.um0@byBb0Bai"

Line00000162 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Disinfection failed"

Line00000161 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Deleted"

Line00000160 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\UNinstaller.exe Infected with: Gen:Malware.Heur.dm0@byRBQJhi"

Line00000159 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\UNinstaller.exe Disinfection failed"

Line00000158 = "C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\UNinstaller.exe Deleted"

Line00000157 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe Infected with: Gen:Malware.Heur.dm0@bqTgcXni"

Line00000156 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe Disinfection failed"

Line00000155 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe Delete failed"

Line00000154 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Infected with: Gen:Malware.Heur.um0@biQuvRci"

Line00000153 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Disinfection failed"

Line00000152 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Delete failed"

Line00000151 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\UNinstaller.exe Infected with: Gen:Malware.Heur.cm0@byf8@hmi"

Line00000150 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\UNinstaller.exe Disinfection failed"

Line00000149 = "C:\Arquivos de programas\Asprate.rar=>Asprate\Tibia Multi IP Changer\UNinstaller.exe Delete failed"

Line00000148 = "C:\Arquivos de programas\Aspyr\Guitar Hero III\AWLMediaCenter.exe Infected with: Gen:Malware.Heur.cq0@bi@kLMdi"

Line00000147 = "C:\Arquivos de programas\Aspyr\Guitar Hero III\AWLMediaCenter.exe Disinfection failed"

Line00000146 = "C:\Arquivos de programas\Aspyr\Guitar Hero III\AWLMediaCenter.exe Deleted"

Line00000145 = "C:\Arquivos de programas\Cheat Engine\unins000.exe Infected with: Gen:Malware.Heur.RG0@bezHuCbi"

Line00000144 = "C:\Arquivos de programas\Cheat Engine\unins000.exe Disinfection failed"

Line00000143 = "C:\Arquivos de programas\Cheat Engine\unins000.exe Deleted"

Line00000142 = "C:\Arquivos de programas\CyberLink\CDS\CDSVersion.exe Infected with: Gen:Malware.Heur.bq0@baaea7fj"

Line00000141 = "C:\Arquivos de programas\CyberLink\CDS\CDSVersion.exe Disinfection failed"

Line00000140 = "C:\Arquivos de programas\CyberLink\CDS\CDSVersion.exe Deleted"

Line00000139 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideoinstall.exe Infected with: Gen:Malware.Heur.dq0@bWFuGOkb"

Line00000138 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideoinstall.exe Disinfection failed"

Line00000137 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideoinstall.exe Deleted"

Line00000136 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideouninstall.exe Infected with: Gen:Malware.Heur.dq0@b0kREmib"

Line00000135 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideouninstall.exe Disinfection failed"

Line00000134 = "C:\Arquivos de programas\CyberLink\Shared Files\richvideouninstall.exe Deleted"

Line00000133 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\AdminUtils\rcon\remoteconsole.exe Infected with: Gen:Malware.Heur.bqW@becEvml"

Line00000132 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\AdminUtils\rcon\remoteconsole.exe Disinfection failed"

Line00000131 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\AdminUtils\rcon\remoteconsole.exe Deleted"

Line00000130 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Infected with: Gen:Malware.Heur.bq0@bykVF@ji"

Line00000129 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Disinfection failed"

Line00000128 = "C:\Arquivos de programas\EA GAMES\Battlefield 2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Deleted"

Line00000127 = "C:\Arquivos de programas\ElfBot NG\unins000.exe Infected with: Gen:Malware.Heur.QG0@bGgUh2li"

Line00000126 = "C:\Arquivos de programas\ElfBot NG\unins000.exe Disinfection failed"

Line00000125 = "C:\Arquivos de programas\ElfBot NG\unins000.exe Deleted"

Line00000124 = "C:\Arquivos de programas\GameVicio\Need for Speed Most Wanted\Atualizador.exe Infected with: Gen:Malware.Heur.eu0@baGSgRgO"

Line00000123 = "C:\Arquivos de programas\GameVicio\Need for Speed Most Wanted\Atualizador.exe Disinfection failed"

Line00000122 = "C:\Arquivos de programas\GameVicio\Need for Speed Most Wanted\Atualizador.exe Deleted"

Line00000121 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dimport.exe Infected with: Gen:Malware.Heur.irW@b4utv3fi"

Line00000120 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dimport.exe Disinfection failed"

Line00000119 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dimport.exe Deleted"

Line00000118 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dsetup.exe Infected with: Gen:Malware.Heur.IqW@bOH8tYli"

Line00000117 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dsetup.exe Disinfection failed"

Line00000116 = "C:\Arquivos de programas\Globalink Power Translator Pro\Dsetup.exe Deleted"

Line00000115 = "C:\Arquivos de programas\Globalink Power Translator Pro\TrnsUtil.exe Infected with: Gen:Malware.Heur.hq0@bC7ymhoi"

Line00000114 = "C:\Arquivos de programas\Globalink Power Translator Pro\TrnsUtil.exe Disinfection failed"

Line00000113 = "C:\Arquivos de programas\Globalink Power Translator Pro\TrnsUtil.exe Deleted"

Line00000112 = "C:\Arquivos de programas\Globalink Power Translator Pro\WT32p.exe Infected with: Gen:Malware.Heur.wq0@bqNgaPji"

Line00000111 = "C:\Arquivos de programas\Globalink Power Translator Pro\WT32p.exe Disinfection failed"

Line00000110 = "C:\Arquivos de programas\Globalink Power Translator Pro\WT32p.exe Deleted"

Line00000109 = "C:\Arquivos de programas\Gmhb\GMHB.exe Infected with: Gen:Malware.Heur.qs0@bOWrAhti"

Line00000108 = "C:\Arquivos de programas\Gmhb\GMHB.exe Disinfection failed"

Line00000107 = "C:\Arquivos de programas\Gmhb\GMHB.exe Deleted"

Line00000106 = "C:\Arquivos de programas\Gmhb\Patch.exe Infected with: Gen:Malware.Heur.hqW@bWQwhSei"

Line00000105 = "C:\Arquivos de programas\Gmhb\Patch.exe Disinfection failed"

Line00000104 = "C:\Arquivos de programas\Gmhb\Patch.exe Deleted"

Line00000103 = "C:\Arquivos de programas\Gmhb\Tibia.exe Infected with: Gen:Malware.Heur.qs0@burwMzyi"

Line00000102 = "C:\Arquivos de programas\Gmhb\Tibia.exe Disinfection failed"

Line00000101 = "C:\Arquivos de programas\Gmhb\Tibia.exe Deleted"

Line00000100 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Infected with: Gen:Malware.Heur.tq0@bGLx7CiO"

Line00000099 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Disinfection failed"

Line00000098 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe Deleted"

Line00000097 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Infected with: Gen:Malware.Heur.ir0@b4tRx7jO"

Line00000096 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Disinfection failed"

Line00000095 = "C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe Deleted"

Line00000094 = "C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe Infected with: Gen:Malware.Heur.QG0@bu@KIOni"

Line00000093 = "C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe Disinfection failed"

Line00000092 = "C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe Deleted"

Line00000091 = "C:\Arquivos de programas\Megacubo\megacubo.exe Infected with: Gen:Malware.Heur.@t0@b81l5Jm"

Line00000090 = "C:\Arquivos de programas\Megacubo\megacubo.exe Disinfection failed"

Line00000089 = "C:\Arquivos de programas\Megacubo\megacubo.exe Deleted"

Line00000088 = "C:\Arquivos de programas\Nero\Nero 7\Core\NeroCmd.exe Infected with: Gen:Malware.Heur.iq0@bSaH5Kpi"

Line00000087 = "C:\Arquivos de programas\Nero\Nero 7\Core\NeroCmd.exe Disinfection failed"

Line00000086 = "C:\Arquivos de programas\Nero\Nero 7\Core\NeroCmd.exe Deleted"

Line00000085 = "C:\Arquivos de programas\Nero\Nero 7\Nero\Uninstall\UNNERO.exe Infected with: Gen:Malware.Heur.oq0@bq6C!wni"

Line00000084 = "C:\Arquivos de programas\Nero\Nero 7\Nero\Uninstall\UNNERO.exe Disinfection failed"

Line00000083 = "C:\Arquivos de programas\Nero\Nero 7\Nero\Uninstall\UNNERO.exe Deleted"

Line00000082 = "C:\Arquivos de programas\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Infected with: Gen:Malware.Heur.Dq0@bi0pEcti"

Line00000081 = "C:\Arquivos de programas\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Disinfection failed"

Line00000080 = "C:\Arquivos de programas\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Deleted"

Line00000079 = "C:\Arquivos de programas\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Infected with: Gen:Malware.Heur.2r0@byp@JMki"

Line00000078 = "C:\Arquivos de programas\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Disinfection failed"

Line00000077 = "C:\Arquivos de programas\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Deleted"

Line00000076 = "C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe Infected with: Gen:Malware.Heur.@t0@bqWbXCsi"

Line00000075 = "C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe Disinfection failed"

Line00000074 = "C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe Deleted"

Line00000073 = "C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\InfoTool.exe Infected with: Gen:Malware.Heur.Yq0@b0ZEPJhO"

Line00000072 = "C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\InfoTool.exe Disinfection failed"

Line00000071 = "C:\Arquivos de programas\Nero\Nero 7\Nero Toolkit\InfoTool.exe Deleted"

Line00000070 = "C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Infected with: Gen:Malware.Heur.iq0@biBA!wei"

Line00000069 = "C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Disinfection failed"

Line00000068 = "C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Deleted"

Line00000067 = "C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\waveedit.exe Infected with: Win32.Sality.3"

Line00000066 = "C:\Arquivos de programas\Nero\Nero 7\Nero WaveEditor\waveedit.exe Disinfected"

Line00000065 = "C:\Arquivos de programas\Orban\AAC-aacPlus Plugin\unins000.exe Infected with: Gen:Malware.Heur.QG0@bu67fYmi"

Line00000064 = "C:\Arquivos de programas\Orban\AAC-aacPlus Plugin\unins000.exe Disinfection failed"

Line00000063 = "C:\Arquivos de programas\Orban\AAC-aacPlus Plugin\unins000.exe Deleted"

Line00000062 = "C:\Arquivos de programas\Skype\Phone\Skype.exe Infected with: Win32.Sality.3"

Line00000061 = "C:\Arquivos de programas\Skype\Phone\Skype.exe Disinfected"

Line00000060 = "C:\Arquivos de programas\Sony\Vegas Pro 8.0\vegas80.exe Infected with: Win32.Sality.3"

Line00000059 = "C:\Arquivos de programas\Sony\Vegas Pro 8.0\vegas80.exe Disinfected"

Line00000058 = "C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\Setup.exe Infected with: Win32.Sality.3"

Line00000057 = "C:\Arquivos de programas\Sony Setup\Vegas Pro 8.0\Setup.exe Disinfected"

Line00000056 = "C:\Arquivos de programas\Tibia\Tibia.exe Infected with: Gen:Malware.Heur.vs0@bi2sJgqi"

Line00000055 = "C:\Arquivos de programas\Tibia\Tibia.exe Disinfection failed"

Line00000054 = "C:\Arquivos de programas\Tibia\Tibia.exe Deleted"

Line00000053 = "C:\Arquivos de programas\WinRAR\Rar.exe Infected with: Win32.Sality.3"

Line00000052 = "C:\Arquivos de programas\WinRAR\Rar.exe Disinfected"

Line00000051 = "C:\Arquivos de programas\WinRAR\WinRAR.exe Infected with: Gen:Malware.Heur.4C0@bGhGABfc"

Line00000050 = "C:\Arquivos de programas\WinRAR\WinRAR.exe Disinfection failed"

Line00000049 = "C:\Arquivos de programas\WinRAR\WinRAR.exe Deleted"

Line00000048 = "C:\Documents and Settings\Administrador\Configurações locais\temp\FCF75505-9F86A695-4B8811BB-AE701E57\2f8e2_xp.exe Infected with: Win32.Sality.3"

Line00000047 = "C:\Documents and Settings\Administrador\Configurações locais\temp\FCF75505-9F86A695-4B8811BB-AE701E57\2f8e2_xp.exe Disinfected"

Line00000046 = "C:\Documents and Settings\Administrador\Configurações locais\temp\FCF75505-9F86A695-4B8811BB-AE701E57\f59b32.exe Infected with: Win32.Sality.3"

Line00000045 = "C:\Documents and Settings\Administrador\Configurações locais\temp\FCF75505-9F86A695-4B8811BB-AE701E57\f59b32.exe Disinfected"

Line00000044 = "C:\Documents and Settings\Administrador\Dados de aplicativos\IDM\DwnlData\Administrador\PristonTale4142_283\PristonTale4142.exe Infected with: Win32.Sality.3"

Line00000043 = "C:\Documents and Settings\Administrador\Dados de aplicativos\IDM\DwnlData\Administrador\PristonTale4142_283\PristonTale4142.exe Disinfected"

Line00000042 = "C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\updater.exe Infected with: Win32.Sality.3"

Line00000041 = "C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire\browser\xulrunner\updater.exe Disinfected"

Line00000040 = "C:\WINDOWS\system32\drivers\ActUsb.sys Infected with: Rootkit.40333"

Line00000039 = "C:\WINDOWS\system32\drivers\ActUsb.sys Deleted"

Line00000038 = "D:\Battlefield2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Infected with: Gen:Malware.Heur.bq0@bi7aRwgi"

Line00000037 = "D:\Battlefield2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Disinfection failed"

Line00000036 = "D:\Battlefield2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE Deleted"

Line00000035 = "D:\Battlefield2\Support\EReg.exe Infected with: Gen:Malware.Heur.Mq0@bO7RTZAT"

Line00000034 = "D:\Battlefield2\Support\EReg.exe Disinfection failed"

Line00000033 = "D:\Battlefield2\Support\EReg.exe Deleted"

Line00000032 = "D:\Downloads\MagebotSetupvT860.exe Infected with: Gen:Malware.Heur.cuW@bSlsFFpi"

Line00000031 = "D:\Downloads\MagebotSetupvT860.exe Disinfection failed"

Line00000030 = "D:\Downloads\MagebotSetupvT860.exe Deleted"

Line00000029 = "D:\Downloads\Programs\CheatEngine561.exe Infected with: Gen:Malware.Heur.dG0@bqpob7lO"

Line00000028 = "D:\Downloads\Programs\CheatEngine561.exe Disinfection failed"

Line00000027 = "D:\Downloads\Programs\CheatEngine561.exe Deleted"

Line00000026 = "D:\Downloads\Programs\speedyitunes_setup.exe Infected with: Gen:Malware.Heur.eu0@bugDtjai"

Line00000025 = "D:\Downloads\Programs\speedyitunes_setup.exe Disinfection failed"

Line00000024 = "D:\Downloads\Programs\speedyitunes_setup.exe Deleted"

Line00000023 = "D:\Downloads\tibia860.exe Infected with: Gen:Malware.Heur.dG0@bSVUb9mO"

Line00000022 = "D:\Downloads\tibia860.exe Disinfection failed"

Line00000021 = "D:\Downloads\tibia860.exe Deleted"

Line00000020 = "D:\Downloads\tibia860.rar=>tibia860.exe Infected with: Gen:Malware.Heur.dG0@bi4HMLnO"

Line00000019 = "D:\Downloads\tibia860.rar=>tibia860.exe Disinfection failed"

Line00000018 = "D:\Downloads\tibia860.rar=>tibia860.exe Delete failed"

Line00000017 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-Love Pascal\Internet.Download.Manager.5.X.X.Buld.X.X-Patch.exe Infected with: Gen:Malware.Heur.cqW@b8Q1NGhi"

Line00000016 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-Love Pascal\Internet.Download.Manager.5.X.X.Buld.X.X-Patch.exe Disinfection failed"

Line00000015 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-Love Pascal\Internet.Download.Manager.5.X.X.Buld.X.X-Patch.exe Deleted"

Line00000014 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-UnREaL\Patch 5.xx (2009-01-22).exe Infected with: Gen:Malware.Heur.jqW@bqniuqci"

Line00000013 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-UnREaL\Patch 5.xx (2009-01-22).exe Disinfection failed"

Line00000012 = "D:\Meus arquivos recebidos\internet download manager 5.15.6.full + crack + patch + serial\Patch-UnREaL\Patch 5.xx (2009-01-22).exe Deleted"

Line00000011 = "D:\Minhas imagens\about.Brontok.A.html Infected with: Worm.Brontok.HTML.A"

Line00000010 = "D:\Minhas imagens\about.Brontok.A.html Disinfection failed"

Line00000009 = "D:\Minhas imagens\about.Brontok.A.html Deleted"

Line00000008 = "D:\Need for Speed Underground 2\eauninstall.exe Infected with: Gen:Malware.Heur.uq0@bKj5iQqP"

Line00000007 = "D:\Need for Speed Underground 2\eauninstall.exe Disinfection failed"

Line00000006 = "D:\Need for Speed Underground 2\eauninstall.exe Deleted"

Line00000005 = "D:\Need for Speed Underground 2\Support\EReg.exe Infected with: Gen:Malware.Heur.Mq0@bONketuT"

Line00000004 = "D:\Need for Speed Underground 2\Support\EReg.exe Disinfection failed"

Line00000003 = "D:\Need for Speed Underground 2\Support\EReg.exe Deleted"

Line00000002 = "D:\Need for Speed Underground 2\Support\Need for Speed Underground 2_uninst.exe Infected with: Gen:Malware.Heur.eq0@bu1ezdbi"

Line00000001 = "D:\Need for Speed Underground 2\Support\Need for Speed Underground 2_uninst.exe Disinfection failed"

Line00000000 = "D:\Need for Speed Underground 2\Support\Need for Speed Underground 2_uninst.exe Deleted"

 

 

 

 

 

 

 

 

 

 

Ad- r

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 13/06/10 at 20:40

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:09:48 on 11/10/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Administrador, USER ( )

 

============== ACTION(S) ==============

 

 

0,Folder deleted: C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,File deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\g7ahhlbq.default\searchplugins\askcom.xml

0,File deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\g7ahhlbq.default\searchplugins\sweetim.xml

0,Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\g7ahhlbq.default\SweetIMToolbarData

0,Folder deleted: C:\Arquivos de programas\Ask.com

0,Folder deleted: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AskToolbar

0,Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM

0,Folder deleted: C:\Arquivos de programas\SweetIM

3,File deleted: C:\WINDOWS\Installer\59be91.msi

3,File deleted: C:\WINDOWS\Installer\59be97.msi

3,File deleted: C:\WINDOWS\Installer\6fbb7a.msi

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\g7ahhlbq.default\Prefs.js --

Line deleted: user_pref("browser.search.defaultengine", "Ask.com");

Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");

Line deleted: user_pref("browser.search.order.1", "Ask.com");

Line deleted: user_pref("extensions.asktb.cbid", "OH");

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&o={o}&l={l}&...

Line deleted: user_pref("extensions.asktb.dtid", "VIN005YYBR");

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1279902600487");

Line deleted: user_pref("extensions.asktb.locale", "pt_BR");

Line deleted: user_pref("extensions.asktb.o", "16058");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "3");

Line deleted: user_pref("extensions.asktb.to", "16107");

Line deleted: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

Line deleted: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Line deleted: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Line deleted: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Line deleted: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Line deleted: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Line deleted: user_pref("sweetim.toolbar.mode.debug", "false");

Line deleted: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&so...

Line deleted: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin...

Line deleted: user_pref("sweetim.toolbar.search.history.capacity", "10");

Line deleted: user_pref("sweetim.toolbar.simapp_id", "{C8A7B0C0-D42F-416D-A6F7-FCEB35CC4E90}");

Line deleted: user_pref("sweetim.toolbar.version", "1.0.0.10");

-- File closed --

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key deleted: HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

1,Key deleted: HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}

1,Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key deleted: HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

1,Key deleted: HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

1,Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

1,Key deleted: HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

1,Key deleted: HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key deleted: HKLM\Software\Classes\MediaPlayer.GraphicsUtils

0,Key deleted: HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1

0,Key deleted: HKLM\Software\Classes\MgMediaPlayer.GifAnimator

0,Key deleted: HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1

0,Key deleted: HKLM\Software\Classes\SWEETIE.IEToolbar

0,Key deleted: HKLM\Software\Classes\SWEETIE.IEToolbar.1

0,Key deleted: HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook

0,Key deleted: HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1

0,Key deleted: HKLM\Software\Classes\Toolbar3.SWEETIE

0,Key deleted: HKLM\Software\Classes\Toolbar3.SWEETIE.1

0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key deleted: HKLM\Software\SweetIM

0,Key deleted: HKCU\Software\Ask.com

0,Key deleted: HKCU\Software\AskToolbar

0,Key deleted: HKCU\Software\SweetIM

0,Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

 

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Sweetim

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.10 (pt-BR)] **

 

-- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\g7ahhlbq.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\Administrador\\Desktop

browser.search.selectedEngine, Google

browser.startup.homepage, www.google.com

browser.startup.homepage_override.mstone, rv:1.9.2.10

 

========================================

 

** Internet Explorer Version [7.0.5730.11] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 166 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 11/10/2010 (1478 Byte(s))

 

End at: 23:14:45, 11/10/2010

 

============== E.O.F ==============

 

 

 

 

 

 

 

 

 

 

Hijacks

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:24:04, on 12/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Hijacks\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - Default URLSearchHook is missing

O1 - Hosts: 188.165.201.54 www.bb.com.br

O1 - Hosts: 188.165.201.54 bb.com.br

O1 - Hosts: 188.165.201.54 bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancodobrasil.com.br

O1 - Hosts: 188.165.201.54 bancobrasil.com.br

O1 - Hosts: 188.165.201.54 www.bancobrasil.com.br

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de conteúdo de vídeo FLV usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8369 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:) Muitos outros problemas foram removidos.

_____________________________

 

:seta: Você executou este procedimento abaixo com o Hostxpert? Mesmo que já tenha executado, execute-o novamente por gentileza:

 

Faça o download do HostsXpert.zip:

http://www.funkytoad.com/download/HostsXpert.zip

• Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)

• Duplo clique em HostsXpert.exe para executar o programa.

• Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).

• Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".

• Clique no X para sair do programa

__________________________________

 

:seta: Crie uma nova pasta, baixe os três arquivos a seguir ( '>http://download.avgfree.com/filedir/util/avg_rem_sup.dir/rmsality/rmsality.exe"]rmsality.exe, '>http://download.avgfree.com/filedir/util/avg_rem_sup.dir/rmsality/rmsality.nt"]rmsality.nt, '>http://download.avgfree.com/filedir/util/avg_rem_sup.dir/rmsality/rmsality.dos"]rmsality.dos), salve-os nesta mesma pasta, e execute o arquivo rmsality.exe.

 

Observação:

Para que o removedor seja executado com sucesso, é preciso ter direitos de administrador. Para a funcionalidade apropriada do arquivo de remoção, é necessário salvar rmsality.nt e rmsality.dos na mesma pasta que rmsality.exe.

__________________________________

 

:seta: *Baixe o programa '>http://support.kaspersky.com/downloads/utils/sality_off.zip"]Sality_off e salve-o no desktop (área de trabalho):

*Extraia o conteúdo de sality_off.zip para C:\

 

sality1.jpg

 

*Desative seu antivírus temporariamente

 

*Clique em Iniciar > Executar > digite: C:\Sality_off.exe -m

 

sality.jpg

 

*Clique OK

 

*Mantenha o programa rodando. Não feche esta janela!!... se desejar, minimize-a.

 

sality3.jpg

 

Entendendo o motivo:

 

Mantendo o referido programa com esta função ( -m ), ele permanecerá monitorando a pasta C:\system32, evitando assim futuras contaminações pelo Sality.

 

2.

*Agora, dê duplo clique no arquivo C:\Sality_off.exe e aguarde. Ao receber a mensagem "Pressione qualquer tecla para continuar...", tecle [ENTER]

*O programa será fechado automaticamente.

 

sality5.jpg

 

*Agora feche a janela do monitoramento da memória.

_________________________________

 

:seta: *Baixe o SalityKiller'>http://support.kaspersky.com/downloads/utils/salitykiller.zip"]SalityKiller e salve-o no desktop (área de trabalho)

*Extraia o seu conteúdo para C:\

 

*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m

*Clique [OK]

 

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -k -j -l sality.txt -v

 

*Clique [OK]

*Caso não consiga rodar a segunda janela, repita o procedimento com os comandos:

C:\salitykiller.exe -y -x -j -l sality.txt -v

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

____________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis, o log que estará em C:\sality.txt, e nos diga se os os outros programas indicados acima funcionaram corretamente e como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

obrigado por tudo antonio + vou formatar o pc

Ok, amigo. Só tome cuidado para não fazer backups de arquivos executáveis para evitar que os virus e malwares retornem para o seu PC pelo backup. Porque este tipo de malware é um file infector.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

ok obrigado novamente irei formatar do 0 kk irei salvar nda dos 2 hd

Sim, isto é o melhor a fazer neste caso. Felicidades!

 

Problema resolvido com a formatação.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito