Logo Hardware.com.br
felix augusto
felix august... Membro Junior Registrado
135 Mensagens 2 Curtidas

erro de nsis no download

#1 Por felix august... 17/03/2010 - 22:22
Antes eu fazia download normal.Só que há alguns dias vem dando esse erro chato .Toda vez que baixo um arquivo,seja pelo IE 8 ou gerenciador(FDM).Já tentei até o tal de /NCRC na linha de cmd no prompt e nada,continua dando arquivo corrompido.Já dei uma busca com antivirus e passei o windows defender e não deu nada.Como resolvo isso?
erro arquivo chato normal download dias fazia nsis
felix augusto
felix august... Membro Junior Registrado
135 Mensagens 2 Curtidas
#4 Por felix august...
21/03/2010 - 22:56
wolf09 disse:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:27, on 21/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\MediaKey\MMKeybd.EXE
C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Oi Internet\DiscaOi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Usuario\CONFIG~1\Temp\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 189.49.206.179 #2008-02-07 23:10:52
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: XBTB00078 - {5251A003-B61F-448e-8C4D-3AC1323323C4} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FDM; AskTB5.4)" -"http://www.necromanthus.com/Games/ShockWave/MortalKombat.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.com/hangame/hansetup/HanSetup1010.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2067699-61C0-42DF-84A1-5D6A322A67D7}: NameServer = 200.202.193.75 200.222.0.34
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8400 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#5 Por Espírita
21/03/2010 - 23:10
faça o download do toolbarsd:
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

Execute o ToolBarSd.exe
Na primeira tela vai aparecer a opção de idiomas, escolha "Português" digitando P e depois tecle Enter.
Na próxima tela vai ser solicitado uma ação, escolha "Remoção" digitando 2 e depois tecle Enter.
Terminado o processo vai aparecer o relatório, Salve-o e apresente o conteúdo dele em sua próxima resposta.Caso não o ache... ele está localizado em C:\

* faça o download do HostsXpert:
http://www.funkytoad.com/download/HostsXpert.zip

* Extraia o arquivo.
* Execute-o. Clique na opção Restore Ms Hosts e em seguida clique na opção Make Hosts Read-only.

Execute o hijackthis e escolha a opção do a system scan only. Selecine os itens:

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)

O2 - BHO: XBTB00078 - {5251A003-B61F-448e-8C4D-3AC1323323C4} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries...1071_em_XP.cab

O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries...1070_em_XP.cab

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.com/hangame/hanse...nSetup1010.cab

clique em fix checked.

*finalizados os procedimentos acima., envie também um novo log do hijackthis
felix augusto
felix august... Membro Junior Registrado
135 Mensagens 2 Curtidas
#6 Por felix august...
22/03/2010 - 00:13
ToolBar S&D


-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2600+ )
BIOS : BIOS Date: 09/08/05 09:26:43 Ver: 08.00.10
USER : Usuario ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:16 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( dom 21/03/2010|23:35 )
C:\WINDOWS\iun6002.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsa3D.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsa5E.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsaB.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb1C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb20.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb8.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc1D.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc1E.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc28.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc48.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc78.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nscB.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsd5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsd7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse28.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse2E.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse40.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nseB.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nseD.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf11.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf68.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf74.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsfC.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg20.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg33.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg6E.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsgA.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsh2.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsh7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi33.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi35.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsiA.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsiF.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj18.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj19.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj22.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj2.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj4.tmp
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj54.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj76.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk33.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk4.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk6.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nskB.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl39.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl4A.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl8.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsm18.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsmA.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsmD.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn33.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn37.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn66.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsnD.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso2B.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso33.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso58.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso6.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp10.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp1C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp27.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp2.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp4.tmp
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp62.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nspB.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq11.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq30.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq36.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq70.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsqB.tmp
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsqF.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr1C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr1F.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr2.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr4C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr52.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr54.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr56.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss18.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss27.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss30.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss5A.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss60.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst10.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst35.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst3.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nstD.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsu16.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsu1C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsv6.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsv8.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw47.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw5.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw7.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx16.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx1A.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx1E.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx6C.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy23.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy64.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy8B.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy9.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz14.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz18.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz25.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz32.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz3D.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz6A.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz72.tmp(null)
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz9.tmp(null)
-----------\\ REMOVIDOS
Deletado! - C:\WINDOWS\iun6002.exe
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsa3D.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsa5E.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsaB.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb1C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb20.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsb8.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc1D.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc1E.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc28.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc48.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsc78.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nscB.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsd5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsd7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse28.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse2E.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nse40.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nseB.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nseD.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf11.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf68.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf74.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsf9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsfC.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg20.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg33.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg6E.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsg7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsgA.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsh2.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsh7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi33.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi35.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsi9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsiA.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsiF.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj18.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj19.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj22.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj2.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj4.tmp
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj54.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsj76.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk33.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk4.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsk6.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nskB.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl39.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl4A.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsl8.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsm18.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsmA.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsmD.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn33.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn37.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsn66.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsnD.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso2B.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso33.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso58.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nso6.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp10.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp1C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp27.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp2.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp4.tmp
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp62.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsp9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nspB.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq11.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq30.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq36.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsq70.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsqB.tmp
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsqF.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr1C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr1F.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr2.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr4C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr52.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr54.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr56.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsr9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss18.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss27.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss30.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss5A.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nss60.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst10.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst35.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst3.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nst5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nstD.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsu16.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsu1C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsv6.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsv8.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw47.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw5.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsw7.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx16.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx1A.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx1E.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx6C.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsx9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy23.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy64.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy8B.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsy9.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz14.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz18.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz25.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz32.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz3D.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz6A.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz72.tmp(null)
Deletado! - C:\DOCUME~1\Usuario\CONFIG~1\Temp\nsz9.tmp(null)
-----------\\ Procura por Arquivos / Ficheiros ...

-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"

--------------------\\ Procurando por outras infecções

C:\WINDOWS\System32\kuywth.dat
C:\WINDOWS\System32\kuywth_nav.dat
C:\WINDOWS\System32\kuywth_navps.dat
==> EGDACCESS <==
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Usuario\Meus documentos\My Videos\Creativity Fun Packs\Sound Effects\sports\Baseball Bat Hit, Crack.wma

1 - "C:\ToolBar SD\TB_1.txt" - dom 21/03/2010|23:37 - Option : [2]
-----------\\ Verificação completa em 23:37:25,84



HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:01, on 22/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\MediaKey\MMKeybd.EXE
C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Oi Internet\DiscaOi.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\ARQUIV~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Usuario\Meus documentos\RAYNNER\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FDM; AskTB5.4)" -"http://www.necromanthus.com/Games/ShockWave/MortalKombat.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2067699-61C0-42DF-84A1-5D6A322A67D7}: NameServer = 200.202.193.75 200.222.0.34
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7692 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#8 Por Espírita
22/03/2010 - 22:07
Execute o hijackthis e escolha a opção do a system scan only. Selecione os itens:

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

clique em fix checked.

Faça o download do Malwarebytes:
http://www.baixaki.com.br/download/malwarebytes-anti-malware.htm

1) Instale o aplicativo, atualiza-o e efetue uma verificação completa.

2) Quando terminar o scan., se algum "malware" foi detectado., clique em (Exibir resultado), e depois clique em (remover selecionados).
Abrirá um Relatório automatico, Copia e cole aqui.

3) as infecções serão enviadas para quarentena., e alguns tipos poderão exigir a reinicialização do sistema.
felix augusto
felix august... Membro Junior Registrado
135 Mensagens 2 Curtidas
#12 Por felix august...
27/03/2010 - 21:41
wolf09 disse:



Entrei no site e não deu nada.Mais cedo fiz uma verificação completa com antivirus e achei alguns trojans mas o problema continua.
Alguns arquivos baixam com muito custo outros não.Tentei usar o msn como navegador tbm não adiantou.
Talvez possa ser alguma coisa no HD.Não sei mais o que fazer.Já reinstalei o IE.Já tentei restaurar o sistema e nada.
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#13 Por Espírita
27/03/2010 - 22:01
*Baixe o ComboFix e salve-o no desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
*Desative temporariamente o seu Antivirus.
* Execute-o - Aceite o contrato.

* Caso o console de recuperação já esteja instalado o ComboFix irá continuar o processo automaticamente.
* Caso não esteja, uma janela, será exibida solicitando a instalação. Clique em [SIM] para aceitá-la.

– Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

– O programa será fechado automaticamente. --

* Cole o relatório criado em C:\combofix.txt juntamente com um novo Log do hijackthis.
felix augusto
felix august... Membro Junior Registrado
135 Mensagens 2 Curtidas
#14 Por felix august...
28/03/2010 - 19:18
wolf09 disse:


Não dá pra baixar.Tentei 5 vezes.Dá erro de arquivo corrompido.
Será que é algum arquivo .dll corrompido do windows que use esse nsis?Talvez baixando a .dll o problema acaba.






HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:42, on 28/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\MediaKey\MMKeybd.EXE
C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Oi Internet\DiscaOi.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Usuario\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MediaKey] C:\ARQUIV~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FDM; AskTB5.4)" -"http://www.necromanthus.com/Games/ShockWave/MortalKombat.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2067699-61C0-42DF-84A1-5D6A322A67D7}: NameServer = 200.202.193.75 200.222.0.34
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7500 bytes
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal