[Resolvido!]Desktop e menu iniciar SUMIU!

[ErMaC 0]

Quando eu inicio o meu computador so aparece uma janela com a pasta Meus Documentos e depois nao aparece nem a barra de iniciar nem os icones do desktop! Me ajudem por favor!

 

 

 

Abraços

[PedroN 1]

Opa ErMaC, bem vindo(a).

 

Léia esse tópico e retorne com um log do hijackthis

 

http://forum.imasters.com.br/index.php?showtopic=165906

[ErMaC 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:35, on 27/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\cidaemon.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10...;ctid=CT1098640

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

F2 - REG:system.ini: Shell=C:\Level Up! Games\Perfect World\launcher\Launcher.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator 11\Applications\LEC IE Translation Extension.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdiag.exe] C:\WINDOWS\system32\kdiag.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9F7552-C40B-4BB4-AE0A-4DDC5A9BE99F}: NameServer = 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9245 bytes

[PedroN 1]

- Faça o download do SDFix

 

Reinicie seu computador, e aperte a tecla F8 (F5 em alguns casos) intermitentemente durante a inicialização, até aparecer um menu onde você deverá escolher a opção Modo Seguro

 

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

2. Tecle Y para que a ferramenta inicie o processo de remoção

3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente

4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.

5. Uma janela com o relatório do SDFix irá aparecer.

6. Copie e cole este relatório na sua resposta (se for postar na area de remoção de malware). Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

[ErMaC 0]

Ae deu certo vlw cara! Nem sei como te agradescer!

 

Eu queria saber onde se pega esses virus assim.

 

 

Vlw ae vcs são nota 10 :grin: :clap: :clap:

 

 

 

SDFix: Version 1.219

Run by Administrador on qua 27/08/2008 at 14:39

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\kdiag.exe - Deleted

C:\Temp\tmp6.tmp - Deleted

C:\Temp\tmp3D.tmp - Deleted

C:\Temp\tmp6.tmp - Deleted

C:\Temp\tmp6.tmp - Deleted

C:\WINDOWS\system32\drivers\svchost.exe - Deleted

[PedroN 1]

Opa ErMaC

 

Poste um novo log do hijackthis

[ErMaC 0]

gfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:17:38, on 27/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10...;ctid=CT1098640

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator 11\Applications\LEC IE Translation Extension.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdiag.exe] C:\WINDOWS\system32\kdiag.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9F7552-C40B-4BB4-AE0A-4DDC5A9BE99F}: NameServer = 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9323 bytes

[PedroN 1]

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[ErMaC 0]

ComboFix 08-08-27.01 - Administrador 2008-08-27 15:46:50.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.638 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\CVVGHURZ\interclick.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\CVVGHURZ\interclick.com\ud.sol

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\Administrador\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\Sysvxd.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))

.

 

2008-08-27 16:10 . 2008-08-27 16:10 <DIR> d-------- C:\Temp\WPDNSE

2008-08-27 16:10 . 2008-08-27 16:10 27,753 --a------ C:\Temp\Spanish.bin

2008-08-27 16:10 . 2008-08-27 16:10 27,410 --a------ C:\Temp\Italian.bin

2008-08-27 16:10 . 2008-08-27 16:10 27,235 --a------ C:\Temp\French.bin

2008-08-27 16:10 . 2008-08-27 16:10 26,260 --a------ C:\Temp\Portuguese.bin

2008-08-27 16:10 . 2008-08-27 16:10 26,126 --a------ C:\Temp\Russian.bin

2008-08-27 16:10 . 2008-08-27 16:10 26,080 --a------ C:\Temp\Hungarian.bin

2008-08-27 16:10 . 2008-08-27 16:10 25,753 --a------ C:\Temp\German.bin

2008-08-27 16:10 . 2008-08-27 16:10 25,747 --a------ C:\Temp\Dutch.bin

2008-08-27 16:10 . 2008-08-27 16:10 25,082 --a------ C:\Temp\Greek.bin

2008-08-27 16:10 . 2008-08-27 16:10 25,071 --a------ C:\Temp\Portuguese(Brazil).bin

2008-08-27 16:10 . 2008-08-27 16:10 24,312 --a------ C:\Temp\Czech.bin

2008-08-27 16:10 . 2008-08-27 16:10 24,297 --a------ C:\Temp\Japanese.bin

2008-08-27 16:10 . 2008-08-27 16:10 24,221 --a------ C:\Temp\Polish.bin

2008-08-27 16:10 . 2008-08-27 16:10 24,082 --a------ C:\Temp\SWEDISH.bin

2008-08-27 16:10 . 2008-08-27 16:10 22,857 --a------ C:\Temp\Finnish.bin

2008-08-27 16:10 . 2008-08-27 16:10 22,783 --a------ C:\Temp\Danish.bin

2008-08-27 16:10 . 2008-08-27 16:10 22,253 --a------ C:\Temp\Turkish.bin

2008-08-27 16:10 . 2008-08-27 16:10 21,976 --a------ C:\Temp\Thai.bin

2008-08-27 16:10 . 2008-08-27 16:10 21,964 --a------ C:\Temp\Norwegian.bin

2008-08-27 16:10 . 2008-08-27 16:10 21,914 --a------ C:\Temp\English.bin

2008-08-27 16:10 . 2008-08-27 16:10 20,972 --a------ C:\Temp\Arabic.bin

2008-08-27 16:10 . 2008-08-27 16:10 20,135 --a------ C:\Temp\Korean.bin

2008-08-27 16:10 . 2008-08-27 16:10 19,553 --a------ C:\Temp\Hebrew.bin

2008-08-27 16:10 . 2008-08-27 16:10 16,408 --a------ C:\Temp\SimChin.bin

2008-08-27 14:49 . 2008-08-27 16:10 16,949 --a------ C:\Temp\TradChin.bin

2008-08-27 14:26 . 2008-08-27 14:26 <DIR> d-------- C:\WINDOWS\ERUNT

2008-08-27 14:16 . 2008-08-27 14:49 <DIR> d-------- C:\SDFix

2008-08-27 13:45 . 2008-08-27 13:45 401,720 --a------ C:\HiJackThis.exe

2008-08-22 21:33 . 2008-08-22 21:34 <DIR> d-------- C:\Temp\plugtmp-18

2008-08-14 12:36 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\nsa14.tmp

2008-08-14 12:17 . 2008-08-14 12:58 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-08-14 12:17 . 2008-08-14 12:58 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-08-14 12:03 . 2008-08-27 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-08-14 12:03 . 2008-08-14 12:03 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-08-14 12:03 . 2008-08-27 16:08 5,171,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-08-14 12:03 . 2008-08-27 16:08 447,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-08-14 12:03 . 2008-08-27 14:23 67,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-08-14 12:03 . 2008-08-27 14:23 42,164 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-08-14 11:39 . 2008-08-14 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-13 19:22 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERbe7d.dir00

2008-08-13 19:22 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERba28.dir00

2008-08-13 19:22 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WER98c2.dir00

2008-08-13 19:21 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERa7ef.dir00

2008-08-13 19:21 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WER0ea6.dir00

2008-08-13 19:21 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WER03b2.dir00

2008-08-13 10:11 . 2008-08-13 10:22 <DIR> d-------- C:\Temp\plugtmp-17

2008-08-09 21:44 . 2008-08-09 21:44 268 --ah----- C:\sqmdata03.sqm

2008-08-09 21:44 . 2008-08-09 21:44 244 --ah----- C:\sqmnoopt03.sqm

2008-08-05 06:48 . 2008-08-05 06:49 <DIR> d-------- C:\Temp\plugtmp-16

2008-08-02 21:36 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\.kmztmp

2008-08-01 08:25 . 2008-08-01 08:26 <DIR> d-------- C:\Temp\plugtmp-15

2008-07-31 14:45 . 2008-07-31 14:49 <DIR> d-------- C:\Temp\plugtmp-14

2008-07-30 21:52 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-07-30 21:52 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-07-30 21:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-07-30 21:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERdf8b.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERdd22.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERdbf3.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERda36.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERd8f2.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERd82e.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERc3ee.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERc35d.dir00

2008-07-28 19:41 . 2008-08-27 14:42 <DIR> d-------- C:\Temp\WERc2ef.dir00

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 19:11 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Orbit

2008-08-27 19:08 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\DNA

2008-08-20 11:40 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-08-15 14:49 23 ----a-w C:\Documents and Settings\Administrador\jagex_runescape_preferences.dat

2008-08-15 00:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-08-14 15:58 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-08-14 15:48 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2

2008-08-14 14:57 --------- d-----w C:\Arquivos de programas\ESET

2008-08-11 15:59 --------- d-----w C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-07-29 20:49 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-07-22 14:56 --------- d-----w C:\Arquivos de programas\Tibia

2008-07-21 21:55 --------- d-----w C:\Arquivos de programas\Virtools

2008-07-20 21:09 --------- d-----w C:\Arquivos de programas\Windows Live

2008-07-20 21:09 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-07-17 01:14 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-14 12:07 --------- d-----w C:\Arquivos de programas\Megacubo

2008-07-12 20:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-07-11 20:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-11 20:49 --------- d-----w C:\Arquivos de programas\Impressora Inkjet IJ650 da Compaq

2008-07-05 02:57 --------- d-----w C:\Arquivos de programas\Valve

2008-06-29 11:56 --------- d-----w C:\Arquivos de programas\Google

2008-06-19 23:28 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-06-19 16:14 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2008-06-19 16:14 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2002-10-03 08:32 200,704 ----a-w C:\Documents and Settings\Administrador\SFSetup.exe

.

 

------- Sigcheck -------

 

2007-06-10 11:10 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "C:\Arquivos de programas\speed-bit\tbspe1.dll" [2008-03-23 14:53 1470488]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

 

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

2008-03-23 14:53 1470488 --a------ C:\Arquivos de programas\speed-bit\tbspe1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-02-14 14:54 1555480 --a------ C:\Arquivos de programas\free-downloads.net\tbfree.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "C:\Arquivos de programas\speed-bit\tbspe1.dll" [2008-03-23 14:53 1470488]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

 

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Arquivos de programas\speed-bit\tbspe1.dll" [2008-03-23 14:53 1470488]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

 

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-05-15 17:32 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-21 04:31 7561216]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-21 04:31 86016]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"CMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 16:53 40960]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

"nwiz"="nwiz.exe" [2007-05-21 04:31 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-04-04 06:22 1822720 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-06 13:21:48 1678536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-02-22 12:58 217544 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-05-15 17:32 289088 C:\Arquivos de programas\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-04-12 19:44 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winpos]

--a------ 2004-08-28 03:41 110592 C:\WINDOWS\winpos.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin"=

"C:\\Documents and Settings\\Administrador\\Desktop\\FIFA08.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Nexon\\Combat Arms\\NMService.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe [2007-03-02 14:05]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 07:33]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe [2007-03-02 14:05]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-06-01 01:12]

S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

S3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys []

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKLM-Run-C:\WINDOWS\system32\kdiag.exe - C:\WINDOWS\system32\kdiag.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nqk8jc43.default\

FF -: plugin - C:\Arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF -: plugin - C:\Arquivos de programas\Virtools\3D Life Player\npvirtools.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-27 16:10:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\\WINDOWS\\system32\\kdiag.exe"="C:\\WINDOWS\\system32\\kdiag.exe"

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-27 16:17:24 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-27 19:17:14

 

Pre-Run: 19 pasta(s) 57,788,985,344 bytes disponíveis

Post-Run: 22 pasta(s) 57,763,115,008 bytes dispon¡veis

 

248

 

 

 

 

 

 

 

 

 

Hijackthis

 

gfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:19:51, on 27/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\msiexec.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10...;ctid=CT1098640

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator 11\Applications\LEC IE Translation Extension.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Arquivos de programas\speed-bit\tbspe1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9F7552-C40B-4BB4-AE0A-4DDC5A9BE99F}: NameServer = 200.165.132.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O17 - HKLM\System\CS2\Services\Tcpip\..\{1D7FE4DF-22F3-4EA7-ADDD-3B96BEAF22B4}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator 11\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9359 bytes

[PedroN 1]

Opa! Amigo.

 

- O seu log está limpo! :thumbsup:

- Tudo Ok?

[ErMaC 0]

Sim, Vlw ae ^^

 

vcs sao demais :clap: :clap: :clap:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.