[Arquivado] &nbspVirus

Bruno Carazato · Janeiro 15, 2011

Eu fui baixar o Hijhackthis n deu , o virus bloqueia páginas de internet e está danificando programas comoo Ccleaner

não consigo instalar o msn nem entrar no site damicrosoft nem do virustotal e nem baixar ant virus

Oq devo fazer?

Power Max · Janeiro 15, 2011

:) Olá!

:seta: Para evitar que os virus voltem, desative a restauração do sistema para evitar que os problemas voltem depois, e mantenha a restauração do sistema desativada até que o problema tenha sido completamente resolvido. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________

:seta: Depois disto, faça , por gentileza, o download do Norman Malware Cleaner no endereço abaixo (coloquei o nome dele como Jovem Campeão para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/FkoYOYgJ/jovem_campeo.html?

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Norman Malware Cleaner

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

Ficamos na espera.

Bruno Carazato · Janeiro 15, 2011

Norman Malware Cleaner

Version 1.8.3

Norman Scanner Engine Version: 6.06.12

Nvcbin.def Version: 6.06.00, Date: 2011/01/08 21:59:32, Variants: 8932013

Scan started: 2011/01/15 14:05:30

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3

Logged on user: NOME-8CEEEB90E9\Gabriel Athayde

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF

Started service "wuauserv"

Changed service configuration for "BITS" from 0x00000004 and 0x00000001 to 0x00000003 and 0xFFFFFFFF

Started service "BITS"

Scanning kernel...

Kernel scan complete

Scanning bootsectors...

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 187ms

Scanning running processes and process memory...

C:\WINDOWS\system32\hkcmd.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\WINDOWS\system32\igfxpers.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\LG Software\LG Magnifier\MagnifyingGlass.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\System Control Manager\MGSysCtrl.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Infected with W32/Sality.AN)

Failed to repair file

Number of processes/threads found: 4464

Number of processes/threads scanned: 4464

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 8m 46s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32\IKernel.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DW20.EXE (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BitTorrent\uninst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\gengal.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\msfontextract.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\nsplugin.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\python-core-2.3.4\lib\distutils\command\wininst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\senddoc.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\setofficelang.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\stclient_wrapper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\Basis\program\testtool.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\program\crashrep.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\program\python.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\BrOffice.org 3\program\unoinfo.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\program\unopkg.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\URE\bin\regcomp.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\URE\bin\regmerge.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\URE\bin\regview.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\BrOffice.org 3\URE\bin\uno.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\ConduitEngine\ConduitEngineHelper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\ConduitEngine\ConduitEngineUninstall.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\Shared files\EffectExtractor.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\BigBang\CLUpdater.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\Language\youcam-tutorial.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\OLRSubmission\OLRStateCheck.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\CyberLink\YouCam\YouCam.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\DAEMON Tools Lite\DTHelper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\DAEMON Tools Lite\DTShellHlp.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\DAEMON Tools Lite\uninst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Dealio Toolbar\WidgiHelper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\6.0.472.63\chrome_launcher.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\6.0.472.63\Installer\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\chrome_frame_helper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\chrome_launcher.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\Installer\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Chrome Frame\Application\chrome.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Update\1.2.183.39\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{2B3ADDDE-6841-4D5B-A655-CFB6C832430B}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{7F7AE0A7-D2DF-44A0-BD20-33C53710FBAF}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{81717D01-32F6-449C-85E1-41AFD678E545}\Setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\data.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{D10CB652-9332-4242-B7A9-2D61570144F7}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali\gdsmux.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\K-Lite Codec Pack\Tools\StatsReader.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\LG Software\IP Operator\InstDrv32.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\LG Software\LG Magnifier\MagnifyingGlass.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\lg_swupdate\autoname.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\Getlang.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\Gilautouc.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\Giljabi.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\kill_exe.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\pnp.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\tmcheck.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\lg_swupdate\totsetup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Mozilla Firefox\crashreporter.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Norton AntiVirus\SupportSoft\wificfg.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Pando Networks\Media Booster\BsSndRpt.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Pando Networks\Media Booster\uninst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Realtek\Audio\InstallShield\Alcmtr.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Realtek\Audio\InstallShield\ChCfg.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Realtek\Audio\InstallShield\RtlUpd.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Realtek\Audio\InstallShield\SkyTel.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Realtek\Audio\InstallShield\SoundMan.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Search Settings\SearchSettings.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\SupportInfo\cdrom_mon.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\SupportInfo\EXETimer.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\SupportInfo\KillProcess.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\SupportInfo\Setup\data.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\InstNT.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\InstNT.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\SynMood.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\SynTPEnh.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\SynZMetr.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Media\Tutorial.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\SynMood.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Synaptics\SynTP\SynZMetr.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Synaptics\SynTP\Tutorial.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\System Control Manager\LGSystemInfoXP.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\System Control Manager\MGSysCtrl.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\AS.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\As0.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\AutoAns.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\AutoOn.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\BTSecurityExport.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\BTSeting.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\COMReConnect.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\InstDev.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\ITSecSettings.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\OemBtAcpiAPI.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\SetupDiU.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TbpSetup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\tbpwiz.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\Tools\HfpTester.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\Tools\TbpCheck.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtDiag.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtInit.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng_D.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtRefresh.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosCps.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\UsrGuide.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\USB 2.0 Card Reader\MassStorage\revcon.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Valve\valve\hl.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Valve\valve\hl.exe (Infected with W32/Suspicious_Gen2.ANCXW)

Deleted file

C:\Arquivos de programas\Valve\valve\hlds.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Valve\valve\hltv.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Valve\valve\Steam.dll (Infected with W32/Malware.EZUM)

Deleted file

C:\Arquivos de programas\Vivo 3G\CMUpdater.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Vivo 3G\ejectdisk.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Vivo 3G\UpdateVersion.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Vivo 3G\USBDriverInstaller_x86.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\Device Manager\dpinst.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\Device Manager\msgrdvmn.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\livecall.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\msvs.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmdbexport.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmlaunch.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmpenc.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmpshare.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Smalltroj.YWRV)

Deleted file

C:\Arquivos de programas\WinRAR\Rar.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\WinRAR\RarExtLoader.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\WinRAR\Uninstall.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\WinRAR\UnRAR.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\WinRAR\WinRAR.exe (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\XfireXO\UNWISE.EXE (Infected with W32/Sality.AN)

Repaired file

C:\Arquivos de programas\XfireXO\XfireXOToolbarHelper.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\All Users\Documentos\Meus vídeos\Meus vídeos.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\microsoft\IdentityCRL\Meus vídeos.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\microsoft\IdentityCRL\production\desktop.ini.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\microsoft\Meus vídeos.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\production.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas imagens\My photos.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Amostra de música\Amostra de música.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Minhas imagens.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\My Playlists\production.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sample Playlists\00086E43\Photoalbum.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sample Playlists\Desktop.ini.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\7F308\Sample Playlists.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\Inverno.jpg.lnk (Infected with LNK/CplLnk.A)

Deleted file

C:\Documents and Settings\All Users\Documentos\z27cbf6.tmp (Infected with W32/Malware.NTLS)

Deleted file

C:\Documents and Settings\All Users\Documentos\z3f9f98.tmp (Infected with W32/Suspicious_Gen2.EJEWS)

Deleted file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Dados de aplicativos\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\51.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\GLB180.tmp/file2 (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\GLB22.tmp/WISE0001.DLL (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\Set15.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\Set1D.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\Set33.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\Set3B.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\Set8.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\SetA.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\SetD.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\SetF.tmp (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\w7df03.exe (Infected with W32/Suspicious_Gen2.GAILO)

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\w7df03.exe = "C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\w7df03.exe:*:Enabled:ipsec"

File marked for defered cleaning (reboot required)

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winiyrkp.exe (Infected with W32/Suspicious!api.A)

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\winiyrkp.exe = "C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\winiyrkp.exe:*:Enabled:ipsec"

File marked for defered cleaning (reboot required)

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\YouCam\Tutorial\youcam-tutorial.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temporary Internet Files\Content.IE5\HJIPHE29\install_flash_player_10_active_x[1].exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temporary Internet Files\Content.IE5\XJ1NG2OF\ChromeFrameSetup[1].exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack\UXTheme Multi-Patcher 7.1.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack\ViStart 7\Language Changer.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack\ViStart 7\ViStart OneStep.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack.rar/Windows Seven Pack\ViStart 7\ViStart OneStep.exe (Infected with Killav.MIN)

Deleted file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\Daemon Tools Lite.rar/Daemon Tools Lite www.tudocompleto.com\daemon4303-lite.exe/noname.nsis/file0/file47 (Error whilst scanning file: I/O Error (0x00220005))

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\DTLite4401-0127.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\install_flash_player.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\SoftonicDownloader_for_windows-live-messenger.exe (Infected with W32/Sality.gen1)

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\SoftonicDownloader_para_msn-messenger-2011-windows-live-messenger.exe (Infected with W32/Sality.gen1)

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\SoftonicDownloader_para_windows-live-messenger.exe (Infected with W32/Sality.gen1)

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\TeamSpeak3-Client-win32-3.0.0-beta36.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\TeamViewer_Setup.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\WebzenGameStarter-1024(2).exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\WebzenGameStarter-1024.exe (Infected with W32/Sality.AN)

Repaired file

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\KPIZKPYN\tqgrnr[1].gif (Infected with W32/Conficker.FL)

Deleted file

C:\WINDOWS\ALCMTR.EXE (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\NAV\Support\SymLnch\SymLnch.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\patchx86.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\system32\CMStarterCore.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\system32\hkcmd.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\WINDOWS\system32\igfxcfg.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\system32\igfxpers.exe (Infected with W32/Sality.AN)

Failed to repair file

C:\WINDOWS\system32\igfxtray.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe (Infected with W32/Sality.AN)

Repaired file

C:\WINDOWS\system32\xeghax.dll (Infected with W32/Conficker.FL)

Removed service: slvfrvl

File marked for defered cleaning (reboot required)

Scanning: D:\*.*

D:\Jogo 1\DirectX9\DXSETUP.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\EReg\RegistrationReminder.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\Manual\Adobe Reader\AdbeRdr60_deu.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\Manual\Adobe Reader\AdbeRdr60_enu.exe (Infected with W32/Sality.gen1)

D:\Jogo 1\Manual\Adobe Reader\AdbeRdr60_esp.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\Manual\Adobe Reader\AdbeRdr60_fra.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\Manual\Adobe Reader\AdbeRdr60_ita.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\sendsignal.exe (Infected with W32/Sality.AN)

Repaired file

D:\Jogo 1\setup.exe (Infected with W32/Sality.AN)

Repaired file

Scanning: I:\*.*

I:\jhtaho.pif (Infected with W32/Sality.gen1)

I:\cghbv.pif (Infected with W32/Sality.AN)

Deleted file

I:\xtkkai.pif (Infected with W32/Sality.gen1)

I:\Windows Seven Pack\UXTheme Multi-Patcher 7.1.exe (Infected with W32/Sality.AN)

Repaired file

I:\Windows Seven Pack\ViStart 7\Language Changer.exe (Infected with W32/Sality.AN)

Repaired file

I:\Windows Seven Pack\ViStart 7\ViStart OneStep.exe (Infected with W32/Sality.AN)

Repaired file

I:\piqp.pif (Infected with W32/Sality.AN)

Deleted file

I:\mudsw.exe (Infected with W32/Sality.AN)

Deleted file

I:\jiqt.pif (Infected with W32/Sality.AN)

Deleted file

I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Infected with W32/Conficker.FL)

Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: postscan

Running post-scan cleanup routine:

Failed to locate shared service executable: C:\WINDOWS\System32\appmgmts.dll

Removed service: AppMgmt

Number of files found: 181351

Number of archives unpacked: 7609

Number of files scanned: 181346

Number of files not scanned: 5

Number of files skipped due to exclude list: 0

Number of infected files found: 253

Number of infected files repaired/deleted: 227

Number of infections removed: 228

Total scanning time: 2h 2m 15s

Power Max · Janeiro 15, 2011

:) Vários arquivos foram desinfectados pelo Norman.

_____________________

:seta: Faça download do Dr. Web CureIt no endereço abaixo (coloquei o nome dele como Rei para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/WoTf4hk3/rei.html?

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Dr. Web CureIt

Na sua próxima resposta poste o conteúdo do log do Dr. Web CureIt e nos diga como está o seu PC depois disto.

Ficamos na espera.

Bruno Carazato · Janeiro 15, 2011

:) Vários arquivos foram desinfectados pelo Norman.

_____________________

:seta: Faça download do Dr. Web CureIt no endereço abaixo (coloquei o nome dele como Rei para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/WoTf4hk3/rei.html?

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Dr. Web CureIt

Na sua próxima resposta poste o conteúdo do log do Dr. Web CureIt e nos diga como está o seu PC depois disto.

Ficamos na espera.

Amigo aqui o endereço do Dr. Web CureIt naum funciona, eu abro o indereço aai de repente fecha todas minhas abas e janelas da internet, tanto faz FireFox ou Explore. :/ tomara que você solucione o problema. abraçs!

:) Vários arquivos foram desinfectados pelo Norman.

_____________________

:seta: Faça download do Dr. Web CureIt no endereço abaixo (coloquei o nome dele como Rei para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/WoTf4hk3/rei.html?

Ao acessar este site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Dr. Web CureIt

Na sua próxima resposta poste o conteúdo do log do Dr. Web CureIt e nos diga como está o seu PC depois disto.

Ficamos na espera.

Amigo aqui o endereço do Tutorial do Dr. Web CureIt naum funciona, eu abro o indereço aai de repente fecha todas minhas abas e janelas da internet, tanto faz FireFox ou Explore. :/ tomara que você solucione o problema. abraçs!

Power Max · Janeiro 16, 2011

Amigo aqui o endereço do Dr. Web CureIt naum funciona, eu abro o indereço aai de repente fecha todas minhas abas e janelas da internet, tanto faz FireFox ou Explore. :/ tomara que você solucione o problema. abraçs!

Mas você conseguiu baixar ele do 4shared com o nome de Rei?

Bruno Carazato · Janeiro 16, 2011

Amigo aqui o endereço do Dr. Web CureIt naum funciona, eu abro o indereço aai de repente fecha todas minhas abas e janelas da internet, tanto faz FireFox ou Explore. :/ tomara que você solucione o problema. abraçs!

Mas você conseguiu baixar ele do 4shared com o nome de Rei?

sim sim Baixei. mas precisa do tutorial p/ fazer certinho.

Amigo aqui o endereço do Dr. Web CureIt naum funciona, eu abro o indereço aai de repente fecha todas minhas abas e janelas da internet, tanto faz FireFox ou Explore. :/ tomara que você solucione o problema. abraçs!

Mas você conseguiu baixar ele do 4shared com o nome de Rei?

o endereço do tutorial que naum funciona, clico nele aai abre a pagina mas de repente fecha tudo, minhas abas e janelas. mas o do REI eu jah baixei.

Power Max · Janeiro 16, 2011

sim sim Baixei. mas precisa do tutorial p/ fazer certinho.

:) Ah, sim! Deve ser o sality que está bloqueando a visita ao site do tutorial. Mas vou colocar os passos para você aqui no tópico:

* Reinicie o computador em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro com rede, ou Modo Seguro normal (sem rede), com rede é melhor porque ai você continua tendo acesso à internet);

* Caso não seja possível reiniciar o computador em Modo Seguro, faça o escaneamento no modo normal.

* Dê um duplo clique em Rei.cmd e será aberta esta tela abaixo na qual você clicará no botão OK:

* Mais esta tela abaixo aparecerá, e você clicará no botão OK:

* Surgirá esta tela abaixo, onde você clicará em Iniciar.

* Aguarde o scan inicial das áreas vitais do sistema terminar.

* Quando a verificação rápida terminar, caso seja detectado algum problema, clique no botão Seleccionar todos, como mostra esta imagem:

* Clique, então, no botão Curar:

* O Dr. Web CureIt tentará curar o(s) arquivo(s) contaminado(s). Caso não seja possível desinfectá-lo, surgirá uma pequena janela com várias opções, na qual você escolherá a opção Mover incurável (ou Mover incuráveis), para que o(s) arquivo(s) infectado(s) seja(m) enviado(s) para a quarentena do Dr. Web CureIt como mostra esta imagem:

* Poderá então aparecer uma mensagem pedindo para reiniciar o computador, clique em Não:

* Depois disto clique em Opções > Alterar Definições:

* Na aba Verificar desmarque a opção Análise Heurística e clique no botão Ok:

* Depois disto, marque a opção Verificação Completa e clique na seta verde:

* Se durante a verificação for encontrado alguma ameaça, surgirá uma janela parecida com esta abaixo perguntando se você deseja curar/mover o arquivo, na qual você clicará na opção Sim para todos:

* Caso o programa não possa curar os arquivos infectados, ele irá movê-los para a pasta Quarentena, no diretório do DoctorWeb.

* Assim que for concluida esta Verificação Completa, caso ainda exista algum problema que não tenha sido curado ou movido para a quarentena, clique no botão Seleccionar todos, como mostra esta imagem:

* Clique, então, no botão Curar:

* O Dr. Web CureIt tentará curar o(s) arquivo(s) contaminado(s). Caso não seja possível desinfectá-lo, surgirá uma pequena janela com várias opções, na qual você escolherá a opção Mover incurável (ou Mover incuráveis), para que o(s) arquivo(s) infectado(s) seja(m) enviado(s) para a quarentena do Dr. Web CureIt como mostra esta imagem:

* Vá no menu superior esquerdo e clique na opção Ficheiro > Guardar lista de relatórios.

* Salve a lista na sua área de trabalho (Desktop). A lista deverá ser salva como DrWeb.csv, como mostra esta imagem:

* Feche o programa.

* Reinicie seu computador para que o programa termine de desinfectar/mover os arquivos infectados.

Depois disto poste o log dele aqui no seu tópico e nos diga como está o PC depois disto.

Bruno Carazato · Janeiro 16, 2011

sim sim Baixei. mas precisa do tutorial p/ fazer certinho.

:) Ah, sim! Deve ser o sality que está bloqueando a visita ao site do tutorial. Mas vou colocar os passos para você aqui no tópico:

* Reinicie o computador em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro com rede, ou Modo Seguro normal (sem rede), com rede é melhor porque ai você continua tendo acesso à internet);

* Caso não seja possível reiniciar o computador em Modo Seguro, faça o escaneamento no modo normal.

* Dê um duplo clique em Rei.cmd e será aberta esta tela abaixo na qual você clicará no botão OK:

* Mais esta tela abaixo aparecerá, e você clicará no botão OK:

* Surgirá esta tela abaixo, onde você clicará em Iniciar.

* Aguarde o scan inicial das áreas vitais do sistema terminar.

* Quando a verificação rápida terminar, caso seja detectado algum problema, clique no botão Seleccionar todos, como mostra esta imagem:

* Clique, então, no botão Curar:

* O Dr. Web CureIt tentará curar o(s) arquivo(s) contaminado(s). Caso não seja possível desinfectá-lo, surgirá uma pequena janela com várias opções, na qual você escolherá a opção Mover incurável (ou Mover incuráveis), para que o(s) arquivo(s) infectado(s) seja(m) enviado(s) para a quarentena do Dr. Web CureIt como mostra esta imagem:

* Poderá então aparecer uma mensagem pedindo para reiniciar o computador, clique em Não:

* Depois disto clique em Opções > Alterar Definições:

* Na aba Verificar desmarque a opção Análise Heurística e clique no botão Ok:

* Depois disto, marque a opção Verificação Completa e clique na seta verde:

* Se durante a verificação for encontrado alguma ameaça, surgirá uma janela parecida com esta abaixo perguntando se você deseja curar/mover o arquivo, na qual você clicará na opção Sim para todos:

* Caso o programa não possa curar os arquivos infectados, ele irá movê-los para a pasta Quarentena, no diretório do DoctorWeb.

* Assim que for concluida esta Verificação Completa, caso ainda exista algum problema que não tenha sido curado ou movido para a quarentena, clique no botão Seleccionar todos, como mostra esta imagem:

* Clique, então, no botão Curar:

* O Dr. Web CureIt tentará curar o(s) arquivo(s) contaminado(s). Caso não seja possível desinfectá-lo, surgirá uma pequena janela com várias opções, na qual você escolherá a opção Mover incurável (ou Mover incuráveis), para que o(s) arquivo(s) infectado(s) seja(m) enviado(s) para a quarentena do Dr. Web CureIt como mostra esta imagem:

* Vá no menu superior esquerdo e clique na opção Ficheiro > Guardar lista de relatórios.

* Salve a lista na sua área de trabalho (Desktop). A lista deverá ser salva como DrWeb.csv, como mostra esta imagem:

* Feche o programa.

* Reinicie seu computador para que o programa termine de desinfectar/mover os arquivos infectados.

Depois disto poste o log dele aqui no seu tópico e nos diga como está o PC depois disto.

Processos em memória: C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe:2640;;Win32.Sector.8;Erradicado.;

hkcmd.exe;C:\WINDOWS\system32;Win32.Sector.5;Desinfectado.;

igfxpers.exe;C:\WINDOWS\system32;Win32.Sector.5;Desinfectado.;

igfxtray.exe;C:\WINDOWS\system32;Win32.Sector.5;Desinfectado.;

shkbu.exe;C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp;Trojan.Proxy.origin;Incurável.Movido.;

w7d36b.exe;C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp;Trojan.DownLoader1.44995;Incurável.Movido.;

winbjjx.exe;C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp;Trojan.PWS.Stealer.origin;Incurável.Movido.;

youcam-tutorial.exe;C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\YouCam\Tutorial;Win32.Sector.5;Desinfectado.;

ccsetup302.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

DTLite4401-0127.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

install_flash_player.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

SoftonicDownloader_for_windows-live-messenger.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

SoftonicDownloader_para_msn-messenger-2011-windows-live-messenger.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

SoftonicDownloader_para_windows-live-messenger.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

TeamSpeak3-Client-win32-3.0.0-beta36.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

TeamViewer_Setup.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

WebzenGameStarter-1024(2).exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

WebzenGameStarter-1024.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Win32.Sector.5;Desinfectado.;

quickstart.exe;c:\arquivos de programas\broffice.org 3\program;Win32.Sector.5;Desinfectado.;

soffice.exe;c:\arquivos de programas\broffice.org 3\program;Win32.Sector.5;Desinfectado.;

muistartmenu.exe;c:\arquivos de programas\cyberlink\youcam\muitransfer;Win32.Sector.5;Desinfectado.;

dtlite.exe;c:\arquivos de programas\daemon tools lite;Win32.Sector.5;Desinfectado.;

googleupdate.exe;c:\arquivos de programas\google\update;Win32.Sector.5;Desinfectado.;

ip operator.exe;c:\arquivos de programas\lg software\ip operator;Win32.Sector.5;Desinfectado.;

magnifyingglass.exe;c:\arquivos de programas\lg software\lg magnifier;Win32.Sector.5;Desinfectado.;

firefox.exe;c:\arquivos de programas\mozilla firefox;Win32.Sector.5;Desinfectado.;

searchsettings.dll;c:\arquivos de programas\search settings;Adware.Websearch.177;Incurável.Movido.;

searchsettings.exe;c:\arquivos de programas\search settings;Win32.Sector.5;Desinfectado.;

srstrayapp.exe;c:\arquivos de programas\srs labs\wowhd and tsxt driver;Win32.Sector.5;Desinfectado.;

syntpenh.exe;c:\arquivos de programas\synaptics\syntp;Win32.Sector.5;Desinfectado.;

mgsysctrl.exe;c:\arquivos de programas\system control manager;Win32.Sector.5;Desinfectado.;

itsecmng.exe;c:\arquivos de programas\toshiba\bluetooth toshiba stack;Win32.Sector.5;Desinfectado.;

tosa2dp.exe;c:\arquivos de programas\toshiba\bluetooth toshiba stack;Win32.Sector.5;Desinfectado.;

tosbtproc.exe;c:\arquivos de programas\toshiba\bluetooth toshiba stack;Win32.Sector.5;Desinfectado.;

tosobex.exe;c:\arquivos de programas\toshiba\bluetooth toshiba stack;Win32.Sector.5;Desinfectado.;

msnmsgr.exe;c:\arquivos de programas\windows live\messenger;Win32.Sector.5;Desinfectado.;

usnsvc.exe;c:\arquivos de programas\windows live\messenger;Win32.Sector.5;Desinfectado.;

wmpnetwk.exe;c:\arquivos de programas\windows media player;Win32.Sector.5;Desinfectado.;

alcmtr.exe;c:\windows;Win32.Sector.5;Desinfectado.;

igfxtray.exe;c:\windows\system32;Modificação de Win32.Sector.5;Movido.;

IKernel.exe;C:\Arquivos de programas\Arquivos comuns\InstallShield\Engine\6\Intel 32;Win32.Sector.5;Desinfectado.;

DW20.EXE;C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW;Win32.Sector.5;Desinfectado.;

DWTRIG20.EXE;C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW;Win32.Sector.5;Desinfectado.;

WLLoginProxy.exe;C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live;Win32.Sector.5;Desinfectado.;

uninst.exe;C:\Arquivos de programas\BitTorrent;Win32.Sector.5;Desinfectado.;

gengal.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

msfontextract.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

nsplugin.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

senddoc.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

setofficelang.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

stclient_wrapper.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

testtool.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program;Win32.Sector.5;Desinfectado.;

wininst.exe;C:\Arquivos de programas\BrOffice.org 3\Basis\program\python-core-2.3.4\lib\distutils\command;Win32.Sector.5;Desinfectado.;

crashrep.exe;C:\Arquivos de programas\BrOffice.org 3\program;Win32.Sector.5;Desinfectado.;

python.exe;C:\Arquivos de programas\BrOffice.org 3\program;Win32.Sector.5;Desinfectado.;

quickstart.exe;C:\Arquivos de programas\BrOffice.org 3\program;Modificação de Win32.Sector.5;Movido.;

unoinfo.exe;C:\Arquivos de programas\BrOffice.org 3\program;Win32.Sector.5;Desinfectado.;

unopkg.exe;C:\Arquivos de programas\BrOffice.org 3\program;Win32.Sector.5;Desinfectado.;

regcomp.exe;C:\Arquivos de programas\BrOffice.org 3\URE\bin;Win32.Sector.5;Desinfectado.;

regmerge.exe;C:\Arquivos de programas\BrOffice.org 3\URE\bin;Win32.Sector.5;Desinfectado.;

regview.exe;C:\Arquivos de programas\BrOffice.org 3\URE\bin;Win32.Sector.5;Desinfectado.;

uno.exe;C:\Arquivos de programas\BrOffice.org 3\URE\bin;Win32.Sector.5;Desinfectado.;

uninst.exe;C:\Arquivos de programas\CCleaner;Modificação de Win32.Sector.5;Movido.;

ConduitEngineHelper.exe;C:\Arquivos de programas\ConduitEngine;Win32.Sector.5;Desinfectado.;

ConduitEngineUninstall.exe;C:\Arquivos de programas\ConduitEngine;Win32.Sector.5;Desinfectado.;

EffectExtractor.exe;C:\Arquivos de programas\CyberLink\Shared files;Win32.Sector.5;Desinfectado.;

YouCam.exe;C:\Arquivos de programas\CyberLink\YouCam;Win32.Sector.5;Desinfectado.;

CLUpdater.exe;C:\Arquivos de programas\CyberLink\YouCam\BigBang;Win32.Sector.5;Desinfectado.;

youcam-tutorial.exe;C:\Arquivos de programas\CyberLink\YouCam\Language;Win32.Sector.5;Desinfectado.;

MUIStartMenu.exe;C:\Arquivos de programas\CyberLink\YouCam\MUITransfer;Modificação de Win32.Sector.5;Movido.;

OLRStateCheck.exe;C:\Arquivos de programas\CyberLink\YouCam\OLRSubmission;Win32.Sector.5;Desinfectado.;

OLRSubmission.exe;C:\Arquivos de programas\CyberLink\YouCam\OLRSubmission;Win32.Sector.5;Desinfectado.;

DTHelper.exe;C:\Arquivos de programas\DAEMON Tools Lite;Win32.Sector.5;Desinfectado.;

DTShellHlp.exe;C:\Arquivos de programas\DAEMON Tools Lite;Win32.Sector.5;Desinfectado.;

uninst.exe;C:\Arquivos de programas\DAEMON Tools Lite;Win32.Sector.5;Desinfectado.;

uninst.exe;C:\Arquivos de programas\DAEMON Tools Toolbar;Win32.Sector.5;Desinfectado.;

WidgiHelper.exe;C:\Arquivos de programas\Dealio Toolbar;Win32.Sector.5;Desinfectado.;

chrome.exe;C:\Arquivos de programas\Google\Chrome Frame\Application;Win32.Sector.5;Desinfectado.;

chrome_launcher.exe;C:\Arquivos de programas\Google\Chrome Frame\Application\6.0.472.63;Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\Google\Chrome Frame\Application\6.0.472.63\Installer;Win32.Sector.5;Desinfectado.;

chrome_frame_helper.exe;C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237;Win32.Sector.5;Desinfectado.;

chrome_launcher.exe;C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237;Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\Installer;Win32.Sector.5;Desinfectado.;

GoogleCrashHandler.exe;C:\Arquivos de programas\Google\Update\1.2.183.39;Win32.Sector.5;Desinfectado.;

GoogleUpdate.exe;C:\Arquivos de programas\Google\Update\1.2.183.39;Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{2B3ADDDE-6841-4D5B-A655-CFB6C832430B};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{7F7AE0A7-D2DF-44A0-BD20-33C53710FBAF};Win32.Sector.5;Desinfectado.;

Setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{81717D01-32F6-449C-85E1-41AFD678E545};Win32.Sector.5;Desinfectado.;

data.exe;C:\Arquivos de programas\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{D10CB652-9332-4242-B7A9-2D61570144F7};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8};Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC};Win32.Sector.5;Desinfectado.;

gdsmux.exe;C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali;Win32.Sector.5;Desinfectado.;

mpc-hc.exe;C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic;Win32.Sector.5;Desinfectado.;

dsconfig.exe;C:\Arquivos de programas\K-Lite Codec Pack\Tools;Win32.Sector.5;Desinfectado.;

graphstudio.exe;C:\Arquivos de programas\K-Lite Codec Pack\Tools;Win32.Sector.5;Desinfectado.;

StatsReader.exe;C:\Arquivos de programas\K-Lite Codec Pack\Tools;Win32.Sector.5;Desinfectado.;

InstDrv32.exe;C:\Arquivos de programas\LG Software\IP Operator;Win32.Sector.5;Desinfectado.;

autoname.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

Getlang.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

Gilautouc.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

Giljabi.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

kill_exe.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

pnp.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

tmcheck.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

totsetup.exe;C:\Arquivos de programas\lg_swupdate;Win32.Sector.5;Desinfectado.;

CGuard.exe;C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Choice Guard;Win32.Sector.5;Desinfectado.;

crashreporter.exe;C:\Arquivos de programas\Mozilla Firefox;Win32.Sector.5;Desinfectado.;

helper.exe;C:\Arquivos de programas\Mozilla Firefox\uninstall;Win32.Sector.5;Desinfectado.;

wificfg.exe;C:\Arquivos de programas\Norton AntiVirus\SupportSoft;Win32.Sector.5;Desinfectado.;

BsSndRpt.exe;C:\Arquivos de programas\Pando Networks\Media Booster;Win32.Sector.5;Desinfectado.;

uninst.exe;C:\Arquivos de programas\Pando Networks\Media Booster;Win32.Sector.5;Desinfectado.;

Alcmtr.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

ChCfg.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

RtlUpd.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

SkyTel.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

SoundMan.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

SearchSettings.exe;C:\Arquivos de programas\Search Settings;Modificação de Win32.Sector.5;Movido.;

cdrom_mon.exe;C:\Arquivos de programas\SupportInfo;Win32.Sector.5;Desinfectado.;

EXETimer.exe;C:\Arquivos de programas\SupportInfo;Win32.Sector.5;Desinfectado.;

KillProcess.exe;C:\Arquivos de programas\SupportInfo;Win32.Sector.5;Desinfectado.;

data.exe;C:\Arquivos de programas\SupportInfo\Setup;Win32.Sector.5;Desinfectado.;

InstNT.exe;C:\Arquivos de programas\Synaptics\SynTP;Win32.Sector.5;Desinfectado.;

SynMood.exe;C:\Arquivos de programas\Synaptics\SynTP;Win32.Sector.5;Desinfectado.;

SynZMetr.exe;C:\Arquivos de programas\Synaptics\SynTP;Win32.Sector.5;Desinfectado.;

Tutorial.exe;C:\Arquivos de programas\Synaptics\SynTP;Win32.Sector.5;Desinfectado.;

InstNT.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

setup.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

SynMood.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

SynTPEnh.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

SynZMetr.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

Tutorial.exe;C:\Arquivos de programas\Synaptics\SynTP\Media;Win32.Sector.5;Desinfectado.;

LGSystemInfoXP.exe;C:\Arquivos de programas\System Control Manager;Win32.Sector.5;Desinfectado.;

AS.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

As0.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

AutoAns.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

AutoOn.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

BIP_Camera.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

BIP_Camera1.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

BTSecurityExport.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

BTSeting.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

COMReConnect.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

ECCenter.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

ECCenter1.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

InstDev.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

ItSecMng.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

ITSecSettings.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

OemBtAcpiAPI.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

SetupDiU.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TbpSetup.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

tbpwiz.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosAVRC.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBt1st.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtAvAC.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtBty.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtDiag.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtHid.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtHSP.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtInit.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtKbd.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtMng.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Win32.Sector.5;Desinfectado.;

TosBtMng1.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtMng_D.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtPCS.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtProc1.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtPSS.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

TosBtRefresh.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack;Modificação de Win32.Sector.5;Movido.;

HfpTester.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\Tools;Win32.Sector.5;Desinfectado.;

TbpCheck.exe;C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\Tools;Win32.Sector.5;Desinfectado.;

revcon.exe;C:\Arquivos de programas\USB 2.0 Card Reader\MassStorage;Win32.Sector.5;Desinfectado.;

hlds.exe;C:\Arquivos de programas\Valve\valve;Win32.Sector.5;Desinfectado.;

hltv.exe;C:\Arquivos de programas\Valve\valve;Win32.Sector.5;Desinfectado.;

CMUpdater.exe;C:\Arquivos de programas\Vivo 3G;Win32.Sector.5;Desinfectado.;

ejectdisk.exe;C:\Arquivos de programas\Vivo 3G;Win32.Sector.5;Desinfectado.;

UpdateVersion.exe;C:\Arquivos de programas\Vivo 3G;Win32.Sector.5;Desinfectado.;

USBDriverInstaller_x86.exe;C:\Arquivos de programas\Vivo 3G;Win32.Sector.5;Desinfectado.;

livecall.exe;C:\Arquivos de programas\Windows Live\Messenger;Win32.Sector.5;Desinfectado.;

msnmsgr.exe;C:\Arquivos de programas\Windows Live\Messenger;Modificação de Win32.Sector.5;Movido.;

msvs.exe;C:\Arquivos de programas\Windows Live\Messenger;Win32.Sector.5;Desinfectado.;

usnsvc.exe;C:\Arquivos de programas\Windows Live\Messenger;Modificação de Win32.Sector.5;Movido.;

wlcsdk.exe;C:\Arquivos de programas\Windows Live\Messenger;Win32.Sector.5;Desinfectado.;

wlcstart.exe;C:\Arquivos de programas\Windows Live\Messenger;Win32.Sector.5;Desinfectado.;

dpinst.exe;C:\Arquivos de programas\Windows Live\Messenger\Device Manager;Win32.Sector.5;Desinfectado.;

msgrdvmn.exe;C:\Arquivos de programas\Windows Live\Messenger\Device Manager;Win32.Sector.5;Desinfectado.;

wmdbexport.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

wmlaunch.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

wmpenc.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

wmpnetwk.exe;C:\Arquivos de programas\Windows Media Player;Modificação de Win32.Sector.5;Movido.;

wmpnscfg.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

wmpshare.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

wmsetsdk.exe;C:\Arquivos de programas\Windows Media Player;Win32.Sector.5;Desinfectado.;

Rar.exe;C:\Arquivos de programas\WinRAR;Win32.Sector.5;Desinfectado.;

RarExtLoader.exe;C:\Arquivos de programas\WinRAR;Win32.Sector.5;Desinfectado.;

Uninstall.exe;C:\Arquivos de programas\WinRAR;Win32.Sector.5;Desinfectado.;

UnRAR.exe;C:\Arquivos de programas\WinRAR;Win32.Sector.5;Desinfectado.;

WinRAR.exe;C:\Arquivos de programas\WinRAR;Win32.Sector.5;Desinfectado.;

UNWISE.EXE;C:\Arquivos de programas\XfireXO;Win32.Sector.5;Desinfectado.;

XfireXOToolbarHelper.exe;C:\Arquivos de programas\XfireXO;Win32.Sector.5;Desinfectado.;

KCSTrayDownloaderEngine.exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Dados de aplicativos\Kamuse\KCSTrayDownloader;Win32.Sector.5;Desinfectado.;

w2c5984.exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp;Trojan.DownLoader1.44995;Incurável.Movido.;

winilyc.exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp;Trojan.PWS.Stealer.origin;Incurável.Movido.;

winyxtn.exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp;Trojan.Proxy.origin;Incurável.Movido.;

youcam-tutorial.exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\YouCam\Tutorial;Modificação de Win32.Sector.5;Movido.;

install_flash_player_10_active_x[1].exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temporary Internet Files\Content.IE5\HJIPHE29;Win32.Sector.5;Desinfectado.;

ChromeFrameSetup[1].exe;C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temporary Internet Files\Content.IE5\XJ1NG2OF;Win32.Sector.5;Desinfectado.;

UXTheme Multi-Patcher 7.1.exe;C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack;Win32.Sector.5;Desinfectado.;

Language Changer.exe;C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack\ViStart 7;Win32.Sector.5;Desinfectado.;

ViStart OneStep.exe;C:\Documents and Settings\Gabriel Athayde\Desktop\Windows Seven Pack\ViStart 7;Win32.Sector.5;Desinfectado.;

ccsetup302.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

DTLite4401-0127.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

install_flash_player.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

TeamSpeak3-Client-win32-3.0.0-beta36.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

TeamViewer_Setup.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

WebzenGameStarter-1024(2).exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

WebzenGameStarter-1024.exe;C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads;Modificação de Win32.Sector.5;Movido.;

ALCMTR.EXE;C:\WINDOWS;Modificação de Win32.Sector.5;Movido.;

AdbeRdr60_enu.exe;D:\Jogo 1\Manual\Adobe Reader;Modificação de Win32.Sector.5;Movido.;

Power Max · Janeiro 16, 2011

:) Vários outros problemas foram desinfectados pelo Dr. Web CureIt.

________________________

:seta: Faça o download do Kaspersky Virus Removal Tool no endereço abaixo (coloquei o nome dele como Principe para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/J5C3WccL/Principe.html?

Obs: Quando acessar o site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Download file now.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Kaspersky Virus Removal Tool

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

Bruno Carazato · Janeiro 16, 2011

:) Vários outros problemas foram desinfectados pelo Dr. Web CureIt.

________________________

:seta: Faça o download do Kaspersky Virus Removal Tool no endereço abaixo (coloquei o nome dele como Principe para que se algum virus tentar bloquear a execução dele possamos enganá-lo):

http://www.4shared.com/file/J5C3WccL/Principe.html?

Obs: Quando acessar o site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Download file now.

Depois disto é só executá-lo normalmente como é ensinado no tutorial dele abaixo:

Tutorial do Kaspersky Virus Removal Tool

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

Verificação automática: concluído 1 minuto atrás (eventos: 47, objetos: 185456, hora: 00:47:32)

16/1/2011 11:15:08 Tarefa iniciada Ação padrão selecionada

16/1/2011 11:21:51 Detectados: Trojan-Downloader.Win32.FlyStudio.oo C:\Arquivos de programas\XfireXO\UNWISE.EXE Ação padrão selecionada

16/1/2011 11:22:51 Detectados: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\fuksy.exe/UPX Ação padrão selecionada

16/1/2011 11:23:33 Detectados: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winuiqgji.exe/UPX Ação padrão selecionada

16/1/2011 11:29:12 Excluído: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\fuksy.exe Ação padrão selecionada

16/1/2011 11:29:12 Excluído: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winuiqgji.exe Ação padrão selecionada

16/1/2011 11:29:13 Detectados: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winvikp.exe/UPX Ação padrão selecionada

16/1/2011 11:29:13 Não neutralizado: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winvikp.exe/UPX Ignorado pelo usuário

16/1/2011 11:29:25 Tarefa interrompida Ação padrão selecionada

16/1/2011 11:53:35 Tarefa iniciada Ação padrão selecionada

16/1/2011 11:59:36 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ALCMTR.EXE Ação padrão selecionada

16/1/2011 12:00:29 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ccsetup302.exe Ação padrão selecionada

16/1/2011 12:01:51 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ALCMTR.EXE Ação padrão selecionada

16/1/2011 12:02:00 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ccsetup302.exe Ação padrão selecionada

16/1/2011 12:02:10 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\DTLite4401-0127.exe Ação padrão selecionada

16/1/2011 12:02:57 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\DTLite4401-0127.exe Ação padrão selecionada

16/1/2011 12:02:57 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ItSecMng.exe Ação padrão selecionada

16/1/2011 12:03:01 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\msnmsgr.exe Ação padrão selecionada

16/1/2011 12:03:31 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\MUIStartMenu.exe Ação padrão selecionada

16/1/2011 12:03:55 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\ItSecMng.exe Ação padrão selecionada

16/1/2011 12:04:00 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\msnmsgr.exe Ação padrão selecionada

16/1/2011 12:04:00 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\MUIStartMenu.exe Ação padrão selecionada

16/1/2011 12:05:00 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\SoftonicDownloader_para_msn-messenger-2011-windows-live-messenger.exe Ação padrão selecionada

16/1/2011 12:05:28 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TeamSpeak3-Client-win32-3.0.0-beta36.exe Ação padrão selecionada

16/1/2011 12:05:57 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TeamViewer_Setup.exe Ação padrão selecionada

16/1/2011 12:06:46 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\SoftonicDownloader_para_msn-messenger-2011-windows-live-messenger.exe Ação padrão selecionada

16/1/2011 12:06:46 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TeamViewer_Setup.exe Ação padrão selecionada

16/1/2011 12:06:46 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtInit.exe Ação padrão selecionada

16/1/2011 12:06:47 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TeamSpeak3-Client-win32-3.0.0-beta36.exe Ação padrão selecionada

16/1/2011 12:06:47 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtInit.exe Ação padrão selecionada

16/1/2011 12:06:47 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtKbd.exe Ação padrão selecionada

16/1/2011 12:06:48 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtKbd.exe Ação padrão selecionada

16/1/2011 12:06:49 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtMng_D.exe Ação padrão selecionada

16/1/2011 12:06:50 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtMng_D.exe Ação padrão selecionada

16/1/2011 12:07:28 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtPSS.exe Ação padrão selecionada

16/1/2011 12:07:29 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\TosBtPSS.exe Ação padrão selecionada

16/1/2011 12:08:29 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\w7d36b.exe Ação padrão selecionada

16/1/2011 12:09:29 Detectados: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\winbjjx.exe Ação padrão selecionada

16/1/2011 12:10:34 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\w7d36b.exe Ação padrão selecionada

16/1/2011 12:10:35 Excluído: Packed.Win32.Katusha.o C:\Documents and Settings\Gabriel Athayde\DoctorWeb\Quarantine\winbjjx.exe Ação padrão selecionada

16/1/2011 12:11:31 Detectados: HackTool.Win32.Injecter.mj C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\Net Em Massa Injector.exe Ação padrão selecionada

16/1/2011 12:12:02 Detectados: HackTool.Win32.Injecter.mj C:\RECYCLER\S-1-5-21-1133822343-2567802216-3433580167-1005\Dc1.rar/Net Em Massa Injector.exe Ação padrão selecionada

16/1/2011 12:12:55 Excluído: HackTool.Win32.Injecter.mj C:\Documents and Settings\Gabriel Athayde\Meus documentos\Downloads\Net Em Massa Injector.exe Ação padrão selecionada

16/1/2011 12:12:57 Excluído: HackTool.Win32.Injecter.mj C:\RECYCLER\S-1-5-21-1133822343-2567802216-3433580167-1005\Dc1.rar Ação padrão selecionada

16/1/2011 12:30:19 Detectados: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winvikp.exe/UPX Ação padrão selecionada

16/1/2011 12:31:22 Excluído: Backdoor.Win32.Mazben.fl C:\Documents and Settings\Gabriel Athayde\Configurações locais\Temp\winvikp.exe Ação padrão selecionada

16/1/2011 12:41:08 Tarefa concluída Ação padrão selecionada

Desinfetar ameaças ativas: concluído 54 minutos atrás (eventos: 28, objetos: 2542, hora: 00:19:27)

Power Max · Janeiro 16, 2011

:) Vários problemas foram removidos pelo Kaspersky.

______________________

:seta: Siga, por gentileza, as dicas deste tutorial:

Tutorial do USBFix

________________________

:seta: Crie também uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).

Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.

Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.

Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado juntamente com o log do Usbfix que estará em C:\UsbFix.txt e nos diga como está o PC após estes procedimentos.

Ficamos no aguardo de sua resposta.

Bruno Carazato · Janeiro 16, 2011

USBFix Log:

############################## | UsbFix 7.038 | [supressão]

Usuário: Gabriel Athayde (Administrador) # NOME-8CEEEB90E9 [ ]

Atualizado em 14/01/2011 por El Desaparecido / C_XX

Começou em 13:50:28 | 16/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

CPU: Intel® Atom CPU N270 @ 1.60GHz

CPU 2: Intel® Atom CPU N270 @ 1.60GHz

Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 6.0.2900.5512

Windows Firewall: Habilitado

RAM -> 1013 Mb

C:\ (%systemdrive%) -> Disco fixo # 40 Gb (30 Mb livre - 75%) [OS_Install] # NTFS

D:\ -> Disco fixo # 105 Gb (101 Mb livre - 96%) [Data] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> CD-ROM

H:\ -> CD-ROM

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1133822343-2567802216-3433580167-1005

Supprimido ! D:\Recycler\S-1-5-21-1133822343-2567802216-3433580167-1005

################## | Registro |

################## | Mountpoints2 |

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{29d6b6b8-abef-11df-96c9-0024214d941b}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{4c27f260-1e9d-11e0-9728-0024219140e8}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{a2421ba0-f68c-11df-970d-0024214d941b}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{c6d0a244-f641-11de-9658-0024214d941b}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{dfa8b135-0e9a-11df-9670-0024214d941b}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{eb362589-9e85-11df-96b1-0024214d941b}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{f8b90044-b914-11df-96ce-0024214d941b}

################## | Listing |

[12/10/2010 - 10:21:58 | D ] C:\Archivos de Programa

[15/01/2011 - 16:28:45 | D ] C:\Arquivos de programas

[21/08/2008 - 10:33:19 | N | 0] C:\AUTOEXEC.BAT

[31/12/2009 - 11:31:16 | N | 211] C:\boot.ini

[14/04/2008 - 10:00:00 | N | 4952] C:\Bootfont.bin

[05/10/2010 - 20:04:34 | D ] C:\CFLog

[21/08/2008 - 10:33:19 | N | 0] C:\CONFIG.SYS

[31/12/2009 - 11:31:28 | D ] C:\Documents and Settings

[16/01/2011 - 13:41:57 | ASH | 1062526976] C:\hiberfil.sys

[16/01/2011 - 13:48:04 | D ] C:\HijackThis

[18/09/2008 - 12:27:21 | D ] C:\Intel

[21/08/2008 - 10:33:19 | N | 0] C:\IO.SYS

[21/08/2008 - 10:33:19 | N | 0] C:\MSDOS.SYS

[22/11/2010 - 20:56:32 | D ] C:\My Shared Folder

[14/04/2008 - 10:00:00 | N | 47564] C:\NTDETECT.COM

[14/04/2008 - 10:00:00 | N | 251696] C:\ntldr

[28/12/2010 - 20:07:16 | D ] C:\OutputFolder

[16/01/2011 - 13:41:56 | ASH | 1598029824] C:\pagefile.sys

[02/01/2010 - 08:39:21 | D ] C:\Program Files

[13/01/2011 - 15:55:49 | N | 17408] C:\psapi.dll

[16/01/2011 - 13:51:06 | SHD ] C:\RECYCLER

[16/01/2011 - 11:14:37 | SHD ] C:\System Volume Information

[14/12/2008 - 11:48:08 | D ] C:\Temp

[16/01/2011 - 13:51:06 | D ] C:\UsbFix

[16/01/2011 - 13:51:06 | A | 982] C:\UsbFix.txt

[16/01/2011 - 13:49:41 | D ] C:\WINDOWS

[15/01/2011 - 00:56:12 | D ] D:\Jogo 1

[16/01/2011 - 13:51:06 | SHD ] D:\RECYCLER

[29/12/2009 - 14:16:23 | SHD ] D:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_NOME-8CEEEB90E9.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

################## | E.O.F |

HijhackThis Log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:53:02, on 16/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\SoftwareDistribution\Download\e979358326850944c4f4e9b33963f6d0\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\npchrome_frame.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Arquivos de programas\lg_swupdate\autoupdate.exe" Gilautouc

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iPO3] "C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG

O4 - HKLM\..\Run: [LG Magnifier] "C:\Arquivos de programas\LG Software\LG Magnifier\MagnifyingGlass.exe"

O4 - HKLM\..\Run: [MGSysCtrl] C:\Arquivos de programas\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sRSTrayApp] C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Startup: Fox.lnk = C:\Documents and Settings\Gabriel Athayde\Desktop\Virus Removal Tool\Fox\startup.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6F3A396-DDE8-4202-B83F-ED189F1E3092}: NameServer = 192.168.2.254

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Arquivos de programas\Google\Chrome Frame\Application\8.0.552.237\npchrome_frame.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Micro Star SCM - Unknown owner - C:\Arquivos de programas\System Control Manager\MSIService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 6592 bytes

Power Max · Janeiro 16, 2011

:) Mais problemas foram removidos pelo Usbfix.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_NOME-8CEEEB90E9.zip para o endereço abaixo para que o Usbfix possa ser aperfeiçoado:

http://www.teamxscript.org/Upload.php

_____________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

______________________

:seta: Siga também estas dicas:

Tutorial do Ad-Remover

Tutorial do Malwarebytes Anti-Malware

______________________

:seta: Na sua próxima resposta poste o log do Malwarebytes, um novo log do Hijackthis, o log do Ad-remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está seu PC depois disto.

Bruno Carazato · Janeiro 16, 2011

:) Mais problemas foram removidos pelo Usbfix.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_NOME-8CEEEB90E9.zip para o endereço abaixo para que o Usbfix possa ser aperfeiçoado:

http://www.teamxscript.org/Upload.php'>http://www.teamxscript.org/Upload.php

_____________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

______________________

:seta: Siga também estas dicas:

Tutorial do Ad-Remover

Tutorial do Malwarebytes Anti-Malware

______________________

:seta: Na sua próxima resposta poste o log do Malwarebytes, um novo log do Hijackthis, o log do Ad-remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está seu PC depois disto.

Ad report:

======= REPORT FROM AD-REMOVER 2.0.0.2,D | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 16/01/11 at 02:00

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:24:05 on 16/01/2011, Normal boot

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Gabriel Athayde@NOME-8CEEEB90E9 ( )

============== ACTION(S) ==============

Service: "Application Updater" Service stopped and deleted

File deleted: C:\Arquivos de programas\Mozilla FireFox\extensions\dealio@mybrowserbar.com

File deleted: C:\Arquivos de programas\Mozilla Firefox\extensions\searchsettings@spigot.com

File deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\searchplugins\askcom.xml

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\conduit

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\ConduitEngine

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\extensions\engine@conduit.com

File deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\searchplugins\conduit.xml

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Dealio

Folder deleted: C:\Arquivos de programas\Dealio Toolbar

Folder deleted: C:\Arquivos de programas\Application Updater

Folder deleted: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Search Settings

Folder deleted: C:\Arquivos de programas\Search Settings

Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\Prefs.js --

Line deleted:

Line deleted: user_pref("CT2304157.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line deleted: user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT230...

Line deleted: user_pref("CT2567694.SavedHomepage", "hxxp://br.ask.com?o=15446&l=dis");

Line deleted: user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1073242&fid=1068946", "\"0\...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1073242/1068946/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2304157", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2567694", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680812", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"0ecab474d2ecb1...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=9/22/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2304157&octid=...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2567694&octid=...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2680812&octid=...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"634...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21817319.xml", "\"c11d5278a5d9f4805d7...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2680812");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utubebario");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar...

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2680812");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{58beca16-cae6-4b7a-a0e8-153d0cbba63a}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utubebario");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.asp...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2567694,CT2304157,CT2680812,ConduitEngine");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2567694,CT2304157");

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 15 2011 22:30:29 GMT-0200 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 15 2011 21:27:45 GMT-0200 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "ad1eda74-0931-4c1b-a989-458c75663d94");

Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 12 2010 15:03:13 GMT-0300 (Hor...

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2304157");

Line deleted: user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Tue Oct 12 2010 15:03:23 GMT-0300...

Line deleted: user_pref("ConduitEngine.FirstServerDate", "10/12/2010 15");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Oct 12 2010 10:27:31 GMT-0300 (Hora oficial do Brasil)...

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Oct 12 2010 10:27:33 GMT-0300 (Hora oficia...

Line deleted: user_pref("ConduitEngine.LastLogin_3.1.0.12", "Tue Oct 12 2010 15:03:21 GMT-0300 (Hora oficial do Br...

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Oct 12 2010 15:03:21 GMT-0300 (Hora oficial do...

Line deleted: user_pref("ConduitEngine.UserID", "UN61823614927453884");

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Oct 12 2010 10:27:31 GMT-0300 (Hora ...

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("browser.search.defaultengine", "Ask.com");

-- File closed --

Key deleted: HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{EDB08ED8-1B1F-4B8E-B42E-D83CBE79AECC}

Key deleted: HKLM\Software\Classes\CLSID\{FFD74E78-6479-4FD6-9918-1325D3F1D2B5}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FFD74E78-6479-4FD6-9918-1325D3F1D2B5}

Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}

Key deleted: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

Key deleted: HKLM\Software\Classes\SearchSettings.BHO

Key deleted: HKLM\Software\Classes\SearchSettings.BHO.1

Key deleted: HKLM\Software\Classes\Toolbar.CT2567694

Key deleted: HKLM\Software\Application Updater

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKLM\Software\Dealio

Key deleted: HKLM\Software\Search Settings

Key deleted: HKLM\Software\Trymedia Systems

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\Dealio

Key deleted: HKCU\Software\Search Settings

Key deleted: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19

Key deleted: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE88A8D9-A645-458C-8D93-3AC58C175CF2}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.12 (pt-BR)] **

-- C:\Documents and Settings\Gabriel Athayde\Dados de aplicativos\Mozilla\FireFox\Profiles\rq1lsy8n.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\Gabriel Athayde\\Desktop

browser.search.defaultenginename, Yahoo

browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

browser.search.selectedEngine, Yahoo

browser.startup.homepage, hxxp://www.google.com/

browser.startup.homepage_override.mstone, rv:1.9.2.12

keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 207 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 16/01/2011 (8802 Byte(s))

End at: 16:25:13, 16/01/2011

============== E.O.F ==============

Mbam-log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 5533

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

16/1/2011 16:55:39

mbam-log-2011-01-16 (16-55-39).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|I:\|)

Objetos escaneados: 161851

Tempo decorrido: 12 minuto(s), 9 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 9

Processos de Memória Infectados: