[Arquivado] &nbspNao consigor instalar anti-virus

[Arthur_free 0]

Nao consigor instalar anti-virus clico e depois de 5 sec. ele fecha sozinho. meu regedit e gerenciador de tarefas estão desativados me ajudem ai.

 

log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:50:05, on 10/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\DOCUME~1\Arthur\CONFIG~1\Temp\winmkvr.exe

C:\DOCUME~1\Arthur\CONFIG~1\Temp\ptkmkp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Arthur\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{056D8452-54C2-4F60-AF91-359970469E0E}: NameServer = 10.201.100.1,8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{056D8452-54C2-4F60-AF91-359970469E0E}: NameServer = 10.201.100.1,8.8.8.8

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

 

--

End of file - 3526 bytes

[Power Max 54]

:) Olá Arthur!

 

:seta: Para evitar que os virus voltem, desative a restauração do sistema para evitar que os problemas voltem depois, e mantenha a restauração do sistema desativada até que o problema tenha sido completamente resolvido. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________

 

:seta: Depois disto, faça , por gentileza, o download do Norman Malware Cleaner no endereço abaixo (coloquei o nome dele como Jovem Campeão para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/FkoYOYgJ/jovem_campeo.html?

 

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

 

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[Arthur_free 0]

log HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:35:46, on 10/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\Arthur\CONFIG~1\Temp\winbppkf.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\DOCUME~1\Arthur\CONFIG~1\Temp\winhwspid.exe

C:\DOCUME~1\Arthur\CONFIG~1\Temp\wcktk.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Arthur\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{056D8452-54C2-4F60-AF91-359970469E0E}: NameServer = 10.201.100.1,8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{056D8452-54C2-4F60-AF91-359970469E0E}: NameServer = 10.201.100.1,8.8.8.8

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 3826 bytes

 

log Norman Malware Cleaner

 

Norman Malware Cleaner

Version 1.8.3

Copyright © 1990 - 2010, Norman ASA. Built 2011/01/08 21:59:32

 

Norman Scanner Engine Version: 6.06.12

Nvcbin.def Version: 6.06.00, Date: 2011/01/08 21:59:32, Variants: 8932013

 

Scan started: 2011/01/10 16:26:38

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: NEUMANNM\Arthur

 

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000

 

Scanning kernel...

 

Kernel scan complete

 

 

Scanning bootsectors...

 

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 32ms

 

 

Scanning running processes and process memory...

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\winmkvr.exe (Infected with W32/Suspicious!api.A)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\Arthur\CONFIG~1\Temp\winmkvr.exe = "C:\DOCUME~1\Arthur\CONFIG~1\Temp\winmkvr.exe:*:Enabled:ipsec"

Deleted file

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\ptkmkp.exe (Infected with W32/Malware.PYPA)

Terminated process

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\Arthur\CONFIG~1\Temp\ptkmkp.exe = "C:\DOCUME~1\Arthur\CONFIG~1\Temp\ptkmkp.exe:*:Enabled:ipsec"

Deleted file

 

Number of processes/threads found: 3032

Number of processes/threads scanned: 3032

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 2

Total scanning time: 1m 42s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Infected with W32/Sality.BD)

Repaired file

 

C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Infected with W32/Sality.AQ)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\OFFICE11\INFOPATH.EXE (Infected with W32/Sality.BD)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\OFFICE11\MSPUB.EXE (Infected with W32/Sality.AQ)

Repaired file

 

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE (Infected with W32/Sality.BD)

Repaired file

 

C:\Arquivos de programas\WinRAR\WinRAR.exe (Infected with W32/Sality.AQ)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32-64_hdmiaudio\Bin\ATISetup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32-64_hdmiaudio\Bin\InstallManagerApp.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32-64_hdmiaudio\Bin\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32-64_hdmiaudio\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32_dd_ccc_ocl\Bin\ATISetup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32_dd_ccc_ocl\Bin\InstallManagerApp.exe (Infected with W32/Sality.AQ)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32_dd_ccc_ocl\Bin\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\10-12_xp32_dd_ccc_ocl\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\AtiCimUn.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\CCC\setup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\CheckVer.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\Driver\Setup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\GARTnt\ATIGART.EXE (Infected with W32/Sality.AQ)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\GARTnt\setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\issetup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\SBDrv\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\Setup.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\vc8\setup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\vc8\vcredist_x86.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\vc8\vcredist_x86.exe/noname.cab/vcredis1.cab/FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\ATI\SUPPORT\7-7-igp_xp32_dd_ccc_wdm_sb_gart_enu_49709\Driver\WDM_ALL\Setup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\Blizzard Installer Temporary Data - 72fb5200\vcredist_x86.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\Blizzard Installer Temporary Data - 72fb5200\vcredist_x86.exe/noname.cab/vcredis1.cab/FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\daemon\install.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\Documents and Settings\Arthur\Configurações locais\Temp\daemon\setup.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\Documents and Settings\Arthur\Configurações locais\Temporary Internet Files\Content.IE5\FNV7VD5I\systemfiles[1].htm (Infected with PHP/Backdoor.F)

Deleted file

 

C:\Documents and Settings\Arthur\Configurações locais\Temporary Internet Files\Content.IE5\Y4TMA6MX\HiJackThis[1].exe (Infected with W32/Sality.BM)

Repaired file

 

C:\Documents and Settings\Arthur\Desktop\HiJackThis.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\Documents and Settings\Arthur\Meus documentos\Max Payne\maxpayne.exe.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\rpvcxy.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\WINDOWS\Alcmtr.exe (Infected with W32/Sality.BD)

Repaired file

 

C:\WINDOWS\SkyTel.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\WINDOWS\SoundMan.exe (Infected with W32/Sality.BM)

Repaired file

 

C:\WINDOWS\system32\Ati2mdxx.exe (Infected with W32/Sality.BD)

Repaired file

 

Scanning: E:\*.*

 

E:\backup\jogos\Nova pasta\ChuzzleSetup-en.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\Nova pasta\Chuzzle_Keymaker.rar/Keymaker.exe (Infected with W32/Obfuscated.AI!genr)

Deleted file

 

E:\backup\jogos\Nova pasta\diablo_2_lord_dest_br[www.gamevicio.com.br].exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\Nova pasta\Dynomite_Deluxe_v2.71_(full_game).rar/Dynomite Deluxe v2.71 (full game)\crk\CrAcK.exe (Infected with Suspicious_Gen2.XZBW)

Deleted file

 

E:\backup\jogos\Nova pasta\GameHouse_Universal_Crack.rar/GH_PATCH_1.4.exe (Infected with W32/Suspicious_Gen2.DIGX)

Deleted file

 

E:\backup\jogos\Nova pasta\GameHouse_Universal_Crack.rar/GH_UNI_PATCH_v1.5.exe (Infected with W32/Suspicious_Gen2.DIGX)

Deleted file

 

E:\backup\jogos\Nova pasta\GameHouse_Universal_Crack.rar/GH_UNI_PATCH_v1.6.exe (Infected with W32/Suspicious_Gen2.DIGX)

Deleted file

 

E:\backup\jogos\Nova pasta\Luxor 4 - Quest for the Afterlife Crack.exe (Infected with W32/Packed_Krunchy.B)

Deleted file

 

E:\backup\jogos\Nova pasta\luxor2download.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\Nova pasta\luxordownload.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\Nova pasta\Luxor_3_Crackeado_By_Ph.zip/crack.exe (Infected with W32/Suspicious_Gen2.ABPSF)

Deleted file

 

E:\backup\jogos\pokemon\nintendo ds\desmume.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\pokemon\nintendo ds\desmume_dev.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\pokemon\nintendo ds\desmume_nosse.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\jogos\pokemon\nintendo ds\no$gba\NO$GBA.EXE (Infected with W32/Sality.BD)

Repaired file

 

E:\backup\jogos\pokemon\nintendo ds\no$gba\NO$GBA.EXE (Infected with W32/Refroso.B!genr)

Deleted file

 

E:\backup\jogos\pokemon\VisualBoyAdvance.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\backup\programas\10-12_xp32_dd_ccc_ocl_634285509036925000.zip/10-12_xp32_dd_ccc_ocl.exe/noname.nsis/file152 (Error whilst scanning file: I/O Error (0x00220005))

 

E:\backup\programas\10-12_xp32_dd_ccc_ocl_634285509036925000.zip/10-12_xp32_dd_ccc_ocl.exe/noname.nsis/file152/Data1.cab (Error whilst scanning file: I/O Error (0x00220005))

 

E:\backup\programas\10-12_xp32_dd_ccc_ocl_634285509036925000.zip/10-12_xp32_dd_ccc_ocl.exe/noname.nsis/file178 (Error whilst scanning file: I/O Error (0x00220005))

 

E:\backup\programas\catalyst_10_634285389129893750.12_windows7_vista.zip/catalyst_10.12_windows7_vista.exe/noname.nsis/file181 (Error whilst scanning file: I/O Error (0x00220005))

 

E:\backup\programas\catalyst_10_634285389129893750.12_windows7_vista.zip/catalyst_10.12_windows7_vista.exe/noname.nsis/file296 (Error whilst scanning file: I/O Error (0x00220005))

 

E:\backup\programas\ChromeSetup.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\backup\programas\daemon341.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\programas\fdm35inst.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\backup\programas\FLVPlayerSetup (1).exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\programas\IE8-WindowsXP-x86-PTB.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\programas\SoftonicDownloader_para_service-pack-3-para-windows-xp.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\programas\ultra_rmconverter.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\backup\programas\winrar\WinRar Crack.zip/WinRar Crack/crack.exe (Infected with Suspicious_F.gen)

Deleted file

 

E:\backup\programas\winrar\wrar371br.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\backup\programas\wrar393br.exe (Infected with W32/Sality.BD)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Crack\sc2_copy.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Crack\StarCraft II Wings of Liberty-RELOADED Crack Only\StarCraft II.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Crack\StarCraft II Wings of Liberty-RELOADED Crack Only\Support\Blizzard Updater.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Crack\StarCraft II Wings of Liberty-RELOADED Crack Only\Support\BlizzardDownloader.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Crack\StarCraft II Wings of Liberty-RELOADED Crack Only\Support\Repair.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\StarCraft.II.Wings.of.Liberty.PT.BR-ZMG\Installer.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\tkcye.pif (Infected with W32/Sality.BD)

Repaired file

 

E:\TUROK\autoplay.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\TUROK\CRAQUEADOR\ALTERNATIVO\TurokGame.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\TUROK\CRAQUEADOR\CRAQUEADOR.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\TUROK\CRAQUEADOR\TurokGame.exe (Infected with W32/Sality.AQ)

Repaired file

 

E:\TUROK\setup\DirectX\DXSETUP.exe (Infected with W32/Sality.BD)

Repaired file

 

E:\TUROK\setup\eReg\DSN1.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\TUROK\setup\PhysX\PhysX_8.01.18_SystemSoftware.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\TUROK\setup\setup.exe (Infected with W32/Sality.BM)

Repaired file

 

E:\TUROK\setup\TurokGame.exe (Infected with W32/Sality.BM)

Repaired file

 

Scanning: C:\System Volume Information\*.*

 

Scanning: E:\System Volume Information\*.*

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000001

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000

 

Number of files found: 125044

Number of archives unpacked: 1391

Number of files scanned: 125036

Number of files not scanned: 8

Number of files skipped due to exclude list: 0

Number of infected files found: 82

Number of infected files repaired/deleted: 82

Number of infections removed: 83

Total scanning time: 1h 2m 17s

 

nao mudou nada o gerenciador nao entra e agora nao consigo acesar a unidade e:

[Power Max 54]

:) Vários arquivos foram desinfectados pelo Norman Malware Cleaner.

_____________________

 

:seta: Faça , por gentileza, o download do Dr. Web CureIt no endereço abaixo (coloquei o nome dele como Rei para que o download dele não seja bloqueado pelos malwares):

http://www.4shared.com/file/WoTf4hk3/rei.html?

 

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

 

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

 

Tutorial do Dr. Web CureIt

 

Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.