me ajudem por favor... "analfabeto em desespero"

Question

Gente, peguei a desgra&ccedil;a do autorun.inf, balero ak. baleroc tudo depois de uma viagem a trabalho com o note book do jornal que trabalho.
infectou meu wolverine (hd externo com leitor de cart&atilde;o de mem&oacute;ria) todos os meus cart&otilde;es cf, e pen drive. na viagem o virus bloqueou meus cart&otilde;es n&atilde;o os deixando descarregar e embaralhou e apagou quase metade das imagens. Passei in&uacute;meras vezes o avast para bloqueio mas n&atilde;o consigo fazer sumir os virus das midias.
segui as instru&ccedil;&otilde;es deste post e o resultado na m&aacute;quina foi o seguinte:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:04, on 25/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32undll32.exe
C:\Arquivos de programas\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)
O2 - BHO: Auxiliar de Conex&atilde;o do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ZDWlan.EXE] C:\Arquivos de programas\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C3FCD27-4E0E-454A-A068-EADBD73A9EE3}: NameServer = 200.255.255.66 208.67.222.222
O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Arquivos de programas\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\ARQUIV~1\EASYPH~1.0\MySql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
--
End of file - 11154 bytes

Algu&eacute;m poderia decifrar toda esta sopa de letrinhas, pois em inform&aacute;tica eu sou um analfabeto. outradica que agradeceria muito &eacute; como fa&ccedil;o para rodar o hijackthis em minhas midias remov&iacute;veis.
 
grato

Answer

Baixe o AD-Remover e salve-o no desktop
http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe

* Duplo clique em AD-R.exe e instale o programa.
* Ao t&eacute;rmino clique em [Quitter]

* Ser&aacute; criado um &iacute;cone no dektop
* Duplo clique em Ad Remover.exe e clique em [Oui][sim]

* Tecle [S] > [ENTER] para fazer um scan inicial
Aguarde...pode demorar.

* Cole o relat&oacute;rio em sua resposta
* O relat&oacute;rio ser&aacute; criado em C:\AD-Report-Scan-X-X-X.txt, onde X = dia-m&ecirc;s-ano

Desabilitando o Autorun: 
Menu Iniciar->Executar. Na janela Executar digite: gpedit.msc (sem as aspas). 
Isso abrir&aacute; as Diretivas de Grupo do Windows XP. 
Dentro das Diretivas de Grupo, abra Configura&ccedil;&atilde;o do Computador, Modelos Administrativos, Sistema. 
No &iacute;tem Sistema localize o item Desativar AutoExecutar e clique duas vezes sobre ele.
Ser&aacute; exibida a op&ccedil;&atilde;o: Propriedades de Desativar AutoExecutar escolha a op&ccedil;&atilde;o Ativado. Todas as Unidades.
Clique em OK para concluir a opera&ccedil;&atilde;o e feche todas as janelas abertas nesse procedimento.

Answer

Caro wolf09
segue o log do ad-report:
 
====== LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: [EMAIL=AdRemover.contact@gmail.com]AdRemover.contact@gmail.com[/EMAIL]
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 23:43:58, qui 25/02/2010 | Normal Boot | Option: SCAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft&reg; Windows XP&trade;  Service Pack 3 vers&AElig;o 5.1.2600
Computer Name: CARDIA-C1055BAD | Current user: Cardia
.
============== FOUND ELEMENT(S) ==============
.
.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
.
============== Added scan ==============
.
.
* Mozilla FireFox Version [Unable to get version] *
.
 ProfilePath: 8ceglq4z.default (Cardia)
.
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: about:blank
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Cardia\Desktop\PenDrive\Cart&AElig;oN1\IVT_BlueSoleil_6.4.245.0\BlueSoleil_6.2.227.11_Crack.rar
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\CS3\Crack\Photoshop.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\CS3\Crack\serial.nfo
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital GEM Airbrush Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital GEM Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital ROC Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital SHO Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Contribute CS3\Contribute.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Fireworks CS3\Fireworks.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Flash CS3\Flash.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Illustrator CS3\Illustrator.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital GEM Airbrush Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital GEM Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital ROC Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital SHO Pro v1.0.2 Keygen.exe
.
===================================
.
5106 Byte(s) - C:\Ad-Report-SCAN[1].log 
.
118 File(s) - C:\DOCUME~1\Cardia\CONFIG~1\Temp 
43 File(s) - C:\WINDOWS\Temp 
116 File(s) - C:\WINDOWS\Prefetch 
.
2 File(s) - C:\Ad-Remover\BACKUP
0 File(s) - C:\Ad-Remover\QUARANTINE
.
End at: 23:59:11 | qui 25/02/2010 - SCAN[1]
.
============== E.O.F ==============
.

Answer

Ok!! vamos executar novamente o ad-remover... mas observe que a op&ccedil;&atilde;o referente a letra mudou:

* Duplo clique em Ad Remover.exe e clique em [Oui][sim]
* Tecle [L] > [Enter]
Aguarde...pode demorar.

* Cole o relat&oacute;rio em sua resposta
* O relat&oacute;rio ser&aacute; criado em C:\AD-Report-Scan-X-X-X.txt, onde X = dia-m&ecirc;s-ano

-------------------------------//---------------------------------------
* desabilitou o autorun conforme informado anteriormente ?

Ent&atilde;o!! conecte o Hd externo...

Fa&ccedil;a o download do FindyKill:      
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

* Duplo clique em FindyKill(setup.exe)
* Tecle P > [ENTER]
* Tecle 1 > [ENTER] e aguarde o t&eacute;rmino
* Cole o relat&oacute;rio criado em C:\FindyKill.txt

Answer

fiz a desabilita&ccedil;&atilde;o do autorun.
segue o relatorio da do ad-cleaner:
====== LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: [EMAIL=AdRemover.contact@gmail.com]AdRemover.contact@gmail.com[/EMAIL]
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at:  0:24:34, sex 26/02/2010 | Normal Boot | Option: CLEAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft&reg; Windows XP&trade;  Service Pack 3 vers&AElig;o 5.1.2600
Computer Name: CARDIA-C1055BAD | Current user: Cardia
.
============== NEUTRALIZED ELEMENT(S) ==============
.

(!) -- Temp files deleted.
 
.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} 
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
.
============== Added scan ==============
.
.
* Mozilla FireFox Version [Unable to get version] *
.
 ProfilePath: 8ceglq4z.default (Cardia)
.
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Cardia\Desktop\PenDrive\Cart&AElig;oN1\IVT_BlueSoleil_6.4.245.0\BlueSoleil_6.2.227.11_Crack.rar
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\CS3\Crack\Photoshop.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\CS3\Crack\serial.nfo
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital GEM Airbrush Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital GEM Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital ROC Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Downloads\Programas\Plugins Kodak\Kodak Digital SHO Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Contribute CS3\Contribute.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Fireworks CS3\Fireworks.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Flash CS3\Flash.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Illustrator CS3\Illustrator.exe
C:\Documents and Settings\Cardia\Meus documentos\Lirian\LIVRO PAULO\Adobe CS3 Design Premium\MAGNiTUDE (Cracks)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital GEM Airbrush Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital GEM Pro v1.0.1 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital ROC Pro v1.0.2 Keygen.exe
C:\Documents and Settings\Cardia\Meus documentos\Programas\Plugins Kodak\Kodak Digital SHO Pro v1.0.2 Keygen.exe
.
===================================
.
5186 Byte(s) - C:\Ad-Report-CLEAN[1].log 
5433 Byte(s) - C:\Ad-Report-SCAN[1].log 
.
80 File(s) - C:\DOCUME~1\Cardia\CONFIG~1\Temp 
43 File(s) - C:\WINDOWS\Temp 
10 File(s) - C:\WINDOWS\Prefetch 
.
19 File(s) - C:\Ad-Remover\BACKUP
0 File(s) - C:\Ad-Remover\QUARANTINE
.
End at:  0:31:29 | sex 26/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.

Answer

Passei o find kill pela 1&ordf; vez, com pen drive, 2 hds internos, 1 hd externo e um cart&atilde;o de mem&oacute;ria:
############################## | FindyKill V5.037 |
# User : Cardia (Administradores) # CARDIA-C1055BAD
# Update on 18/02/2010 by El Desaparecido
# Start at: 00:40:38 | 26/2/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : [EMAIL=FindyKill.Contact@gmail.com]FindyKill.Contact@gmail.com[/EMAIL]
#               Intel(R) Pentium(R) D CPU 3.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1368 [VPS 100225-0] 4.8.1368 [ Enabled | Updated ]
# C:\ # Disco fixo local # 74,55 Go (16,33 Go free) [HD Sistema] # NTFS
# D:\ # Disco fixo local # 111,79 Go (373,78 Mo free) [HD Fotos] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco remov&iacute;vel # 1,9 Go (1,9 Go free) [EOS_DIGITAL] # FAT
# G:\ # Disco remov&iacute;vel
# H:\ # Disco remov&iacute;vel
# I:\ # Disco remov&iacute;vel
# J:\ # Disco remov&iacute;vel # 37,3 Go (1,39 Go free) [WOLVERINE] # FAT32
# K:\ # Disco remov&iacute;vel # 3,73 Go (1,97 Go free) [PEN CARDIA] # FAT32
# L:\ # Disco remov&iacute;vel
# M:\ # Disco remov&iacute;vel
# N:\ # Disco remov&iacute;vel
############################## | Processos ativos  |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\Prefetch |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Cardia\Dados de aplicativos |

################## | Temporary Internet Files |

################## | Registro |

################## | Estado |
# Affichagem dos arquivos ocultos : OK
 
# Safe mode : OK 
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 
################## | ! Fim do relat&oacute;rio # FindyKill V5.037 !  |

Answer

Agora o findykill com os outros 2 cart&otilde;es de memoria:

############################## | FindyKill V5.037 |
# User : Cardia (Administradores) # CARDIA-C1055BAD
# Update on 18/02/2010 by El Desaparecido
# Start at: 00:43:22 | 26/2/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : [EMAIL=FindyKill.Contact@gmail.com]FindyKill.Contact@gmail.com[/EMAIL]
#               Intel(R) Pentium(R) D CPU 3.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1368 [VPS 100225-0] 4.8.1368 [ Enabled | Updated ]
# C:\ # Disco fixo local # 74,55 Go (16,32 Go free) [HD Sistema] # NTFS
# D:\ # Disco fixo local # 111,79 Go (373,78 Mo free) [HD Fotos] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco remov&iacute;vel # 3,72 Go (3,72 Go free) [EOS_DIGITAL] # FAT32
# G:\ # Disco remov&iacute;vel
# H:\ # Disco remov&iacute;vel
# I:\ # Disco remov&iacute;vel
# J:\ # Disco remov&iacute;vel # 37,3 Go (1,39 Go free) [WOLVERINE] # FAT32
# K:\ # Disco remov&iacute;vel # 3,73 Go (1,97 Go free) [PEN CARDIA] # FAT32
# L:\ # Disco remov&iacute;vel # 7,44 Go (7,44 Go free) [EOS_DIGITAL] # FAT32
# M:\ # Disco remov&iacute;vel
# N:\ # Disco remov&iacute;vel
############################## | Processos ativos  |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\WINDOWS\system32undll32.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\Prefetch |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Cardia\Dados de aplicativos |

################## | Temporary Internet Files |

################## | Registro |

################## | Estado |
# Affichagem dos arquivos ocultos : OK
 
# Safe mode : OK 
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 
################## | ! Fim do relat&oacute;rio # FindyKill V5.037 !  |

Answer

* Duplo clique em FindyKill
* Tecle P > [ENTER]
* Tecle 4 > [ENTER]

--------------------------------------------//-------------------------------------------------------

Fa&ccedil;a o download do Malwarebytes:
http://www.superdownloads.com.br/download/119/malwarebytes-anti-malware/

1) Instale o aplicativo, atualiza-o e efetue uma verifica&ccedil;&atilde;o completa.

2) Quando terminar o scan., se algum malware foi detectado., clique em (Exibir resultado), e depois clique em (remover selecionados). 
 Abrir&aacute; um Relat&oacute;rio automatico, Copia e cole aqui.

3) as infec&ccedil;&otilde;es ser&atilde;o enviadas para quarentena., e alguns tipos poder&atilde;o exigir a reinicializa&ccedil;&atilde;o do sistema.

* finalizado o procedimento envie um novo log do hijackthis

Ferramentas

Mover Tópico