Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Ae pessoal, eu to com um problema irritante e sério aqui!! Hoje meu pc funcionava perfeitamente.... entao, eu o desliguei, e levei até a loja onde comprei, mas como eles pediram um prazo muito grande pra eu deixar o PC lá, resolvi traze-lo de volta. Instalei a maquina e liguei... desde entao, meu explorer.exe fica fechando SOZINHO! Ele fecha, abre, fecha de novo, abre... é impossivel fazer qualquer coisa... alguem pode me ajudar? abaixo, segue o log do hijackthis:
Logfile of HijackThis v1.99.1Scan saved at 19:19:46, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\MYSECR~1\MSFMON.exe
C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Water Desktop\Water Desktop.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe
C:\ARQUIV~1\Free Download Manager\fdm.exe
C:\DOCUME~1\Adm\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ErrorSmart] C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Water Desktop] C:\Arquivos de programas\Water Desktop\Water Desktop.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de Programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
Baixe o ComboFix e salve na área de trabalho.
Feche todos os programas.
Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.
O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.
Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.
Atenção:
Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.
Para parar o processo ou sair do ComboFix, tecle "2" e Enter.
Aguardo um novo log do HijackThis juntamente com o ComboFix.txt
Opa! Valeu a dica!! Segue ae o log do ComboFix
ComboFix 08-04-15.5 - Ravani 2008-04-16 13:43:40.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1643 [GMT -3:00]Running from: C:\Documents and Settings\Ravani\Desktop\ComboFix.exe Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infC:\Documents and Settings\Adm\Dados de aplicativos\inst.exe.((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))).2008-04-16 13:47 . 2001-08-17 13:52 16,000 --a--c--- C:\WINDOWS.0\system32\dllcache\ini910u.sys2008-04-16 13:47 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS.0\system32\dllcache\inport.sys2008-04-16 13:47 . 2008-03-20 19:33 5,504 --a--c--- C:\WINDOWS.0\system32\dllcache\intelide.sys2008-04-16 13:46 . 2008-03-20 13:51 262,200 --a--c--- C:\WINDOWS.0\system32\dllcache\OLD773.tmp2008-04-16 13:46 . 2008-03-20 13:51 233,527 --a--c--- C:\WINDOWS.0\system32\dllcache\OLD76D.tmp2008-04-16 13:46 . 2001-08-23 08:00 59,904 --a--c--- C:\WINDOWS.0\system32\dllcache\OLD779.tmp2008-04-16 13:46 . 2008-03-20 13:51 59,392 --a--c--- C:\WINDOWS.0\system32\dllcache\OLD77F.tmp2008-04-16 13:46 . 2001-08-23 08:00 45,109 --a--c--- C:\WINDOWS.0\system32\dllcache\OLD770.tmp2008-04-16 13:45 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS.0\system32\dllcache\iconf32.dll2008-04-16 13:45 . 2001-08-17 14:06 154,496 --a--c--- C:\WINDOWS.0\system32\dllcache\icam4usb.sys2008-04-16 13:45 . 2001-08-17 14:06 100,992 --a--c--- C:\WINDOWS.0\system32\dllcache\icam5usb.sys2008-04-16 13:45 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS.0\system32\dllcache\icam5com.dll2008-04-16 13:45 . 2001-08-17 22:36 20,480 --a--c--- C:\WINDOWS.0\system32\dllcache\icam5ext.dll2008-04-16 13:42 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS.0\system32\dllcache\el656ct5.sys2008-04-16 13:41 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS.0\system32\dllcache\cicap.sys2008-04-16 13:40 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS.0\system32\dllcache\bcmdm.sys2008-04-16 13:39 . 2008-03-21 01:35 1,888,992 --a--c--- C:\WINDOWS.0\system32\dllcache\ati3duag.dll2008-04-16 13:38 . 2008-04-16 13:47 <DIR> d-------- C:\WINDOWS.0\LastGood.Tmp2008-04-16 13:38 . 2008-03-20 20:20 2,188,928 --a--c--- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe2008-04-16 13:38 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS.0\system32\dllcache\s3legacy.dll2008-04-16 13:35 . 2008-03-20 19:39 26,368 --a--c--- C:\WINDOWS.0\system32\dllcache\usbstor.sys2008-04-16 06:04 . 2008-04-16 06:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spyware Terminator2008-04-16 06:04 . 2008-04-16 06:04 138,752 --a------ C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys2008-04-15 19:08 . 2008-04-16 13:49 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP2008-04-15 18:55 . 2008-04-16 06:05 <DIR> d-------- C:\Documents and Settings\Ravani\Application Data\Spyware Terminator2008-04-15 18:55 . 2008-04-15 18:55 <DIR> d-------- C:\Documents and Settings\Ravani\Application Data\ErrorSmart2008-04-15 18:55 . 2008-04-15 18:55 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Dados de aplicativos2008-04-15 18:55 . <DIR> C:\Documents and Settings\NetworkService.NT AUTHORITY\Configura‡oes locais2008-04-15 18:55 . 2008-04-15 18:55 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Dados de aplicativos2008-04-15 18:55 . <DIR> C:\Documents and Settings\LocalService.NT AUTHORITY\Configura‡oes locais2008-04-15 18:44 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS.0\system32\wmpns.dll2008-04-15 18:40 . 2008-04-15 18:40 91,700 --a------ C:\WINDOWS.0\system32\drivers\klin.dat2008-04-15 18:40 . 2008-04-15 18:40 85,860 --a------ C:\WINDOWS.0\system32\drivers\klick.dat2008-04-15 18:34 . 2008-04-15 18:34 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData2008-04-15 18:21 . 2008-03-27 17:21 218,624 --a------ C:\WINDOWS.0\system32\uxtheme.backup2008-04-15 18:18 . 2008-03-20 21:36 528,384 --a------ C:\WINDOWS.0\system32\shimgvw.dll.zottel2008-04-15 18:15 . 2008-04-15 18:21 <DIR> d-------- C:\WINDOWS.0\VistaMizer2008-04-15 18:02 . 2008-04-15 18:02 0 --a------ C:\WINDOWS.0\nsreg.dat2008-04-14 12:47 . 2008-04-14 12:47 <DIR> d-------- C:\Program Files\Steinberg2008-04-14 12:47 . 2008-04-14 12:47 <DIR> d-------- C:\Program Files\Common Files\Digidesign2008-04-13 16:37 . 2008-04-16 07:15 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\Spy Emergency2008-04-12 21:22 . 2008-04-12 21:22 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\PC Tools2008-04-12 20:17 . 2008-04-12 20:17 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\Simply Super Software2008-04-12 19:21 . 2008-04-12 19:22 <DIR> d-------- C:\Hijack2008-04-12 13:46 . 2008-04-15 11:00 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\Spyware Terminator2008-04-07 13:16 . 2008-04-07 13:31 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\ErrorSmart2008-04-02 18:34 . 2008-04-02 18:34 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\Nero2008-03-28 08:47 . 2008-03-28 08:47 3,786,760 --a------ C:\WINDOWS.0\system32\D3DX9_37.dll2008-03-28 08:47 . 2008-03-28 08:47 3,734,536 --a------ C:\WINDOWS.0\system32\d3dx9_36.dll2008-03-28 08:47 . 2008-03-28 08:47 3,727,720 --a------ C:\WINDOWS.0\system32\d3dx9_35.dll2008-03-28 08:46 . 2008-03-28 08:46 3,497,832 --a------ C:\WINDOWS.0\system32\d3dx9_34.dll2008-03-28 08:46 . 2008-03-28 08:46 3,495,784 --a------ C:\WINDOWS.0\system32\d3dx9_33.dll2008-03-28 08:46 . 2008-03-28 08:46 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll2008-03-28 08:46 . 2008-03-28 08:46 2,414,360 --a------ C:\WINDOWS.0\system32\d3dx9_31.dll2008-03-28 08:45 . 2008-03-28 08:45 2,297,552 --a------ C:\WINDOWS.0\system32\d3dx9_26.dll2008-03-27 17:22 . 2008-03-27 17:22 1,614,848 --a------ C:\WINDOWS.0\system32\sfcfiles.dll2008-03-27 17:19 . 2008-03-27 17:19 2,248,704 --a------ C:\WINDOWS.0\system32\inetcpl.cpl2008-03-27 17:19 . 2008-03-27 17:19 78,336 --a------ C:\WINDOWS.0\system32\ieencode.dll2008-03-27 17:19 . 2008-03-27 17:19 78,336 --a--c--- C:\WINDOWS.0\system32\dllcache\ieencode.dll2008-03-27 17:19 . 2008-03-27 17:19 70,144 --a------ C:\WINDOWS.0\system32\iesetup.dll2008-03-27 17:19 . 2008-03-27 17:19 36,352 --a------ C:\WINDOWS.0\system32\imgutil.dll2008-03-27 17:19 . 2008-03-27 17:19 36,352 --a--c--- C:\WINDOWS.0\system32\dllcache\imgutil.dll2008-03-26 23:14 . 2008-04-16 03:13 <DIR> d-------- C:\Documents and Settings\Adm\Dados de aplicativos\Free Download Manager2008-03-20 22:37 . 2008-03-21 01:37 294,912 --a------ C:\WINDOWS.0\system32\msh263.drv2008-03-20 22:37 . 2008-03-20 21:45 23,552 --a------ C:\WINDOWS.0\system32\wdmaud.drv2008-03-20 22:36 . 2008-03-20 21:45 483,840 --a------ C:\WINDOWS.0\system32\wzcsvc.dll2008-03-20 22:36 . 2008-03-20 21:45 52,736 --a------ C:\WINDOWS.0\system32\wzcsapi.dll2008-03-20 22:36 . 2008-03-20 21:45 47,616 --a------ C:\WINDOWS.0\system32\iyuv_32.dll2008-03-20 22:36 . 2008-03-20 21:45 35,328 --a------ C:\WINDOWS.0\system32\pid.dll2008-03-20 22:36 . 2008-03-20 21:45 20,992 --a------ C:\WINDOWS.0\system32\hid.dll2008-03-20 22:36 . 2008-03-20 21:45 20,992 --a--c--- C:\WINDOWS.0\system32\dllcache\hid.dll2008-03-20 22:36 . 2008-03-20 21:45 16,896 --a------ C:\WINDOWS.0\system32\msyuv.dll2008-03-20 22:36 . 2008-03-20 21:45 15,360 --a------ C:\WINDOWS.0\system32\pjlmon.dll2008-03-20 22:35 . 2008-03-20 21:45 52,224 --a------ C:\WINDOWS.0\system32\dmutil.dll2008-03-20 22:35 . 2008-03-20 21:45 52,224 --a--c--- C:\WINDOWS.0\system32\dllcache\dmutil.dll2008-03-20 22:35 . 2008-03-20 21:45 47,104 --a--c--- C:\WINDOWS.0\system32\dllcache\cnbjmon.dll2008-03-20 22:35 . 2008-03-20 21:45 47,104 --a------ C:\WINDOWS.0\system32\cnbjmon.dll2008-03-20 21:49 . 2008-03-20 21:49 1,804 --a------ C:\WINDOWS.0\system32\Dcache.bin2008-03-20 21:40 . 2008-03-20 21:40 384,000 --a------ C:\WINDOWS.0\system32\netsetup.exe2008-03-20 21:40 . 2008-03-20 21:40 384,000 --a--c--- C:\WINDOWS.0\system32\dllcache\netsetup.exe2008-03-20 21:40 . 2008-03-20 21:40 80,544 --a--c--- C:\WINDOWS.0\system32\dllcache\apps.chm2008-03-20 21:39 . 2008-03-20 21:39 1,202,774 --a--c--- C:\WINDOWS.0\system32\dllcache\sysmain.sdb2008-03-20 21:39 . 2008-03-20 21:39 785,972 --a--c--- C:\WINDOWS.0\system32\dllcache\apph_sp.sdb2008-03-20 21:39 . 2008-03-20 21:39 218,134 --a--c--- C:\WINDOWS.0\system32\dllcache\apphelp.sdb2008-03-20 21:39 . 2008-03-20 21:39 203,154 --a--c--- C:\WINDOWS.0\system32\dllcache\msimain.sdb2008-03-20 21:39 . 2008-03-20 21:39 9,424 --a--c--- C:\WINDOWS.0\system32\dllcache\drvmain.sdb2008-03-20 21:35 . 2008-03-20 21:35 3,954,688 --a------ C:\WINDOWS.0\system32\winntbbu.dll2008-03-20 21:34 . 2008-03-20 21:34 1,208,346 --a------ C:\WINDOWS.0\system32\msdxm.ocx2008-03-20 21:33 . 2008-03-20 21:33 949,248 --a------ C:\WINDOWS.0\system32\gpedit.dll2008-03-20 21:32 . 2008-03-20 21:32 285,696 --a--c--- C:\WINDOWS.0\system32\dllcache\atmfd.dll2008-03-20 21:32 . 2008-03-20 21:32 285,696 --a------ C:\WINDOWS.0\system32\atmfd.dll2008-03-20 21:32 . 2008-03-20 21:32 176,640 --a------ C:\WINDOWS.0\system32\asctrls.ocx2008-03-20 21:32 . 2008-03-20 21:32 153,088 --a--c--- C:\WINDOWS.0\system32\dllcache\daxctle.ocx2008-03-20 21:32 . 2008-03-20 21:32 153,088 --a------ C:\WINDOWS.0\system32\daxctle.ocx2008-03-20 21:32 . 2008-03-20 21:32 16,896 --a--c--- C:\WINDOWS.0\system32\dllcache\cfgmgr32.dll2008-03-20 21:32 . 2008-03-20 21:32 16,896 --a------ C:\WINDOWS.0\system32\cfgmgr32.dll2008-03-20 17:08 . 2008-03-20 21:45 141,056 --a------ C:\WINDOWS.0\system32\drivers\ks.sys2008-03-20 16:51 . 2008-03-20 21:45 30,080 --a------ C:\WINDOWS.0\system32\drivers\modem.sys2008-03-20 16:46 . 2008-03-20 21:45 14,592 --a------ C:\WINDOWS.0\system32\drivers\ndisuio.sys2008-03-20 16:46 . 2008-03-20 21:45 12,288 --a------ C:\WINDOWS.0\system32\drivers\tunmp.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-04-16 15:31 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\uTorrent2008-04-15 20:47 --------- d-----w C:\Program Files\Common Files\InstallShield2008-04-15 20:25 --------- d-----w C:\Program Files\microsoft frontpage2008-04-15 20:24 --------- d-----w C:\Program Files\Windows Media Connect 22008-04-13 15:28 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\Vso2008-04-03 15:40 47,360 ----a-w C:\Documents and Settings\Adm\Dados de aplicativos\pcouffin.sys2008-03-28 11:47 462,864 ----a-w C:\WINDOWS.0\system32\d3dx10_37.dll2008-03-28 11:47 444,776 ----a-w C:\WINDOWS.0\system32\d3dx10_36.dll2008-03-28 11:47 444,776 ----a-w C:\WINDOWS.0\system32\d3dx10_35.dll2008-03-28 11:47 443,752 ----a-w C:\WINDOWS.0\system32\d3dx10_34.dll2008-03-28 11:47 443,752 ----a-w C:\WINDOWS.0\system32\d3dx10_33.dll2008-03-27 20:21 920,064 ----a-w C:\WINDOWS.0\system32\wininet.dll2008-03-27 20:21 361,344 ----a-w C:\WINDOWS.0\system32\drivers\tcpip.sys2008-03-27 20:21 26,112 ----a-w C:\WINDOWS.0\system32\idndl.dll2008-03-27 20:21 24,576 ----a-w C:\WINDOWS.0\system32\nlsdl.dll2008-03-27 20:21 23,552 ----a-w C:\WINDOWS.0\system32\normaliz.dll2008-03-27 20:21 218,624 ----a-w C:\WINDOWS.0\system32\uxtheme.dll2008-03-27 20:21 1,171,456 ----a-w C:\WINDOWS.0\system32\syssetup.dll2008-03-27 20:20 94,720 ----a-w C:\WINDOWS.0\system32\mshta.exe2008-03-27 20:20 48,128 ----a-w C:\WINDOWS.0\system32\mshtmler.dll2008-03-27 20:20 40,960 ----a-w C:\WINDOWS.0\system32\licmgr10.dll2008-03-27 20:20 156,160 ----a-w C:\WINDOWS.0\system32\msls31.dll2008-03-27 20:18 676,224 ----a-w C:\WINDOWS.0\system32\OGACheckControl.DLL2008-03-27 20:18 524,288 ----a-w C:\WINDOWS.0\opuc.dll2008-03-27 20:18 17,408 ----a-w C:\WINDOWS.0\system32\corpol.dll2008-03-27 20:18 142,696 ----a-w C:\WINDOWS.0\system32\MicrosoftUpdateCatalogWebControl.dll2008-03-27 20:18 105,984 ----a-w C:\WINDOWS.0\system32\admparse.dll2008-03-21 04:37 40,840 ----a-w C:\WINDOWS.0\system32\drivers\termdd.sys2008-03-21 04:36 193,024 ----a-w C:\WINDOWS.0\system32\fsquirt.exe2008-03-21 04:35 20,992 ----a-w C:\WINDOWS.0\system32\bthci.dll2008-03-21 02:32 1,295,938 ----a-r C:\WINDOWS.0\SET3.tmp2008-03-21 02:25 1,088,979 ----a-r C:\WINDOWS.0\SET4.tmp2008-03-21 02:24 16,674 ----a-r C:\WINDOWS.0\SET8.tmp2008-03-21 01:36 83,456 ----a-w C:\WINDOWS.0\system32\usbui.dll2008-03-21 01:36 75,776 ----a-w C:\WINDOWS.0\system32\storprop.dll2008-03-21 01:36 29,184 ----a-w C:\WINDOWS.0\system32\sdhcinst.dll2008-03-21 01:35 30,208 ----a-w C:\WINDOWS.0\system32\bthserv.dll2008-03-21 00:36 99,840 ----a-w C:\WINDOWS.0\system32\telnet.exe2008-03-21 00:35 98,304 ----a-w C:\WINDOWS.0\system32\actxprxy.dll2008-03-21 00:34 53,279 ----a-w C:\WINDOWS.0\system32\odbcji32.dll2008-03-21 00:34 4,126 ----a-w C:\WINDOWS.0\system32\msdxmlc.dll2008-03-21 00:34 102,912 ----a-w C:\WINDOWS.0\system32\dpcdll.dll2008-03-20 22:25 196,224 ----a-w C:\WINDOWS.0\system32\drivers\rdpdr.sys2008-03-20 19:33 57,600 ----a-w C:\WINDOWS.0\system32\drivers\redbook.sys2008-03-20 18:48 41,472 ----a-w C:\WINDOWS.0\system32\drivers\raspppoe.sys2008-03-20 18:48 40,576 ----a-w C:\WINDOWS.0\system32\drivers\ndproxy.sys2008-03-20 18:48 34,560 ----a-w C:\WINDOWS.0\system32\drivers\wanarp.sys2008-03-20 18:48 20,864 ----a-w C:\WINDOWS.0\system32\drivers\ipinip.sys2008-03-20 18:48 152,832 ----a-w C:\WINDOWS.0\system32\drivers\ipnat.sys2008-03-20 18:48 14,336 ----a-w C:\WINDOWS.0\system32\drivers\asyncmac.sys2008-03-20 18:48 10,112 ----a-w C:\WINDOWS.0\system32\drivers\ndistapi.sys2008-03-20 18:44 11,264 ----a-w C:\WINDOWS.0\system32\drivers\irenum.sys2008-03-20 18:38 799,744 ----a-w C:\WINDOWS.0\system32\drivers\dmboot.sys2008-03-20 18:38 36,864 ----a-w C:\WINDOWS.0\system32\drivers\hidclass.sys2008-03-20 18:38 24,960 ----a-w C:\WINDOWS.0\system32\drivers\hidparse.sys2008-03-20 18:38 17,664 ----a-w C:\WINDOWS.0\system32\watchdog.sys2008-03-20 18:38 153,344 ----a-w C:\WINDOWS.0\system32\drivers\dmio.sys2008-03-20 18:38 10,368 ----a-w C:\WINDOWS.0\system32\drivers\hidusb.sys2008-03-20 18:32 42,368 ----a-w C:\WINDOWS.0\system32\drivers\mountmgr.sys2008-03-20 18:32 384,768 ----a-w C:\WINDOWS.0\system32\drivers\update.sys2008-03-20 18:32 24,576 ----a-w C:\WINDOWS.0\system32\drivers\kbdclass.sys2008-03-20 18:32 15,744 ----a-w C:\WINDOWS.0\system32\drivers\serenum.sys2008-03-20 18:30 79,232 ----a-w C:\WINDOWS.0\system32\drivers\sdbus.sys2008-03-20 18:30 68,224 ----a-w C:\WINDOWS.0\system32\drivers\pci.sys2008-03-20 18:30 37,248 ----a-w C:\WINDOWS.0\system32\drivers\isapnp.sys2008-03-20 18:30 187,776 ----a-w C:\WINDOWS.0\system32\drivers\acpi.sys2008-03-20 18:30 120,192 ----a-w C:\WINDOWS.0\system32\drivers\pcmcia.sys2008-03-20 18:29 73,472 ----a-w C:\WINDOWS.0\system32\drivers\sr.sys2008-03-20 18:25 129,792 ----a-w C:\WINDOWS.0\system32\drivers\fltMgr.sys2008-03-20 18:05 76,800 ----a-w C:\WINDOWS.0\system32\msshavmsg.dll2008-03-20 18:04 20,992 ----a-w C:\WINDOWS.0\system32\drivers\RTL8139.sys2008-03-20 16:29 97,280 ----a-w C:\WINDOWS.0\system32\inetres.dll2008-03-15 22:41 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\OnReally2008-03-15 16:07 --------- d-----w C:\Program Files\Common Files\INCA Shared2008-03-11 23:24 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\FrostWire2008-03-09 19:19 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\GetRightToGo2008-03-06 17:26 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\Activision2008-03-06 16:26 22,328 ----a-w C:\Documents and Settings\Adm\Dados de aplicativos\PnkBstrK.sys2008-03-06 16:02 --------- d-----w C:\Program Files\Electronic Arts2008-02-27 21:57 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\CyberLink2008-02-25 16:14 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\Folder Guard2008-02-22 18:45 --------- d-----w C:\Documents and Settings\Adm\Dados de aplicativos\PGP Corporation.------- Sigcheck -------2008-03-27 17:21 920064 88348f8c92c28ba99fe49bd392100ce0 C:\WINDOWS.0\system32\wininet.dll2008-03-27 17:21 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS.0\VistaMizer\old\wininet.dll2008-03-27 17:21 361344 e3084457be14a22dc80979e2d78bf0aa C:\WINDOWS.0\system32\drivers\tcpip.sys2008-03-20 21:36 547328 1e8ada33f992303d06c4c8ae8fc654a5 C:\WINDOWS.0\system32\winlogon.exe2008-03-20 21:36 507904 b8135e9ed99a0858df535ce0a0271558 C:\WINDOWS.0\VistaMizer\old\winlogon.exe2008-03-20 21:45 2280960 4978fae12de6608e5ff9cae5c4a02a75 C:\WINDOWS.0\system32\ntkrnlpa.exe2008-03-20 21:45 2023936 b2bfe697e8775f306dfe21be054f1b95 C:\WINDOWS.0\VistaMizer\old\ntkrnlpa.exe2008-03-20 21:36 1551872 f4848a2b892c578a1095e079ab7249a0 C:\WINDOWS.0\explorer.exe2008-03-20 21:36 1033728 91172f1f7decaa275ed52fcb61f57307 C:\WINDOWS.0\VistaMizer\old\explorer.exe2008-03-20 21:36 25088 ed07222331df1b5fd7981c66b180b9b4 C:\WINDOWS.0\system32\ctfmon.exe2008-03-20 21:36 15360 49b33e2b875abe592c81f0d679858de0 C:\WINDOWS.0\VistaMizer\old\ctfmon.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E8F7DC7-B0B7-4B5A-BF4A-F3D10540E0CF}]2008-04-13 21:35 272896 --a------ C:\WINDOWS\system32\wvUllkkl.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-03-20 21:36 25088]"RocketDock"="C:\Arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]"WindowBlinds"="C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exe" [ ]"Tracks Eraser Pro"="" []"Steam"="C:\Arquivos de Programas\Steam\Steam.exe" [2008-04-03 23:34 1271032]"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-11-19 18:42 8523776]"nwiz"="nwiz.exe" [2007-11-19 18:42 1626112 C:\WINDOWS.0\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-11-19 18:42 81920]"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 19:54 37376]"VTTrayp"="VTtrayp.exe" []"VTTimer"="VTTimer.exe" []"TrojanScanner"="C:\Arquivos de Programas\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528]"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]"SpywareTerminator"="C:\ARQUIV~1\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-12 13:46 2957824]"SigmatelSysTrayApp"="sttray.exe" []"S3Trayp"="S3trayp.exe" []"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-25 23:33 131072]"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]"NBKeyScan"="C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]"MSF_Monitor"="C:\ARQUIV~1\MYSECR~1\MSFMON.exe" [2007-02-27 23:00 99920]"ISTray"="C:\Arquivos de Programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" []"GhostStartTrayApp"="C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [ ]"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2007-01-21 20:38 155648]"ErrorSmart"="C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exe" [2008-04-13 18:02 18244856]"AGEIA PhysX SysTray"="C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe" [2006-03-20 16:43 331776]"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-03-20 21:36 25088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32 /s /n /i:U shell32" [][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 0 (0x0)"NoResolveSearch"= 1 (0x1)"NoChangeAnimation"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"MemCheckBoxInRunDlg"= 0 (0x0)"NoStrCmpLogical"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrPiiH]awtrPiiH.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]C:\Arquivos de Programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-04-08 12:27 184320 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll[HKLM\~\startupfolder\C:^Documents and Settings^Adm^Menu Iniciar^Programas^Inicializar^Glass2k.lnk]backup=C:\WINDOWS\pss\Glass2k.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^PGPtray.lnk]backup=C:\WINDOWS\pss\PGPtray.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dimension4][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Advanced Keylogger][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\PES2008 Launcher\\KonamiLauncher.exe"="C:\\Arquivos de programas\\Valve\\hl.exe"="C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\Main.exe"="C:\\Arquivos de programas\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"="C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Arquivos de programas\\CyEngine\\Pokemon Online\\CyClient.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Arquivos de programas\\Mozilla Firefox 3 Beta 2\\firefox.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"="C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=S0 videX32;videX32;C:\WINDOWS.0\system32\DRIVERS\videX32.sys []S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 03:23]S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys [2008-04-16 06:04]S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS.0\system32\Drivers\spyemrg.sys []S2 MSF32;MSF32;C:\Arquivos de programas\MySecretFolder XP\MSF32.SYS [2007-02-27 23:00]S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-04-04 07:03]S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys []S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS.0\system32\DRIVERS\klim5.sys [][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install.Contents of the 'Scheduled Tasks' folder"2008-04-16 16:49:39 C:\WINDOWS.0\Tasks\ErrorSmart Scheduled Scan.job"- C:\Arquivos de Programas\ErrorSmart\ErrorSmart.ex- C:\Arquivos de Programas\ErrorSmart.Ravani+Runs ErrorSmart to optimize your registry..************************************************************************catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-16 13:49:35Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**********************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS.0\explorer.exe-> C:\Arquivos de programas\RocketDock\RocketDock.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Arquivos de programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS.0\system32\defrag.exeC:\Arquivos de programas\Spyware Terminator\sp_rsser.exeC:\WINDOWS.0\system32\dfrgntfs.exeC:\WINDOWS.0\system32\wscntfy.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe.************************************************************************.Completion time: 2008-04-16 13:55:27 - machine was rebootedComboFix-quarantined-files.txt 2008-04-16 16:55:22ComboFix2.txt 2008-02-25 15:10:19Pre-Run: 53,240,258,560 bytes freePost-Run: 53,303,889,920 bytes free.2008-04-15 21:18:41 --- E O F ---
Agora, o novo log do hijackthis:
Logfile of HijackThis v1.99.1Scan saved at 14:03:33, on 16/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Running processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\RUNDLL32.EXEC:\Arquivos de programas\Winamp\winampa.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exeC:\Arquivos de Programas\Bonjour\mDNSResponder.exeC:\ARQUIV~1\MYSECR~1\MSFMON.exeC:\Arquivos de Programas\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Arquivos de programas\AGEIA Technologies\TrayIcon.exeC:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Arquivos de programas\RocketDock\RocketDock.exeC:\WINDOWS.0\system32\defrag.exeC:\Arquivos de programas\Spyware Terminator\sp_rsser.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\WINDOWS.0\system32\DfrgNtfs.exeC:\WINDOWS.0\system32\wscntfy.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exeC:\WINDOWS.0\explorer.exeC:\WINDOWS.0\system32\notepad.exeC:\DOCUME~1\Ravani\LOCALS~1\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exeC:\WINDOWS.0\system32\msiexec.exeC:\WINDOWS.0\system32\msiexec.exeC:\WINDOWS.0\system32\MsiExec.exeC:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exeC:\WINDOWS.0\system32\MsiExec.exeC:\WINDOWS.0\system32\rundll32.exeC:\WINDOWS.0\system32\rundll32.exeC:\Documents and Settings\Ravani\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exeO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de Programas\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [SpywareTerminator] "C:\ARQUIV~1\Spyware Terminator\SpywareTerminatorShield.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [S3Trayp] S3trayp.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /StartO4 - HKLM\..\Run: [ISTray] "C:\Arquivos de Programas\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exeO4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"O4 - HKLM\..\Run: [ErrorSmart] C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exeO4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [3cd7c002] rundll32.exe "C:\WINDOWS.0\system32\kqulolui.dll",bO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exeO4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exeO4 - HKCU\..\Run: [Steam] "C:\Arquivos de Programas\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\npjpi160_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\npjpi160_01.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dllO11 - Options group: [INTERNATIONAL] International*O11 - Options group: [TABS] Tabbed BrowsingO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dllO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exeO23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
de fazer issovaleu ae pela ajuda! O explorer realmente parou de fechar!! Obrigado mesmo!!! Mas saca só, antes ae, eu consegui fazer uma reparação no meu XP antigo. Só que agora, ele nao entra mais. Na hora q eu escolho ele na tela boot, aparece a tela azul da morte!! Mas tudo bem, se n tiver como resolver isso, pode deixar assim, pq o outro windows funciona. Só que qundo vou entrar em algum jogo, parece haver um "buraco" no registro, talvez pelo fato de ter sido instalado no outro. Como faço pra poder usar os jogos e alguns programas que mostram o mesmo problema?
Siga as instruções abaixo:
Reinicie
o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).
Execute o HijackThis, clique em Do a system scan only e selecione as linhas:
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exeO9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
Clique em Fix Checked
Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.
Aguardo retorno.
Sobre o boot o problema pode estar no seu Boot Manager, verifique.
feito! Mas os programas continuam acusando que devo reinstala-las :/
segue o log:
Logfile of HijackThis v1.99.1Scan saved at 21:58:46, on 16/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\ARQUIV~1\MYSECR~1\MSFMON.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\explorer.exe
C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Documents and Settings\Ravani\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0B16A08-689E-4616-979F-7244959A65ED} - C:\WINDOWS\system32\wvUllkkl.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de Programas\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtrPiiH - awtrPiiH.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\Arquivos de Programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Obs.: Apos alguns bons momentos sao, o explorer voltou a dar o maldito erro de ficar fechando e abrindo :/
Siga as instruções abaixo:
Reinicie
o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).
Execute o HijackThis, clique em Do a system scan only e selecione as linhas:
O20 - Winlogon Notify: awtrPiiH - awtrPiiH.dll (file missing)O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
Clique em Fix Checked
Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.
Aguardo retorno.
estranho, esses itens já não existem mais no log gerado. Nem no modo seguro, nem no normal. Segue o novo log:
Logfile of HijackThis v1.99.1Scan saved at 22:53:49, on 16/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\ARQUIV~1\MYSECR~1\MSFMON.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Documents and Settings\Ravani\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Log Limpo
Quanto aos avisos de reinstalação pode vim a ser algo que você desisntalou incorretamente.
>
Log LimpoQuanto aos avisos de reinstalação pode vim a ser algo que você desisntalou incorretamente.
Nopz. Isso acontece com 90% dos programas. Tipo, ao que parece, pelo fato de eles terem sido instalados no windows antigo, parece que o novo não possui ainda o registro deles nessa nova versao que foi instalada agora. Entao praticamente todos eles pedem pra reinstalar o aplicativo. Existe alguma forma de reverter isso? E a tela azul da morte na hora do boot? tem como reparar isso?
valeu!
A tela azul é como eu disse você tem que verificar seu BOOT MANAGER, já os softwares você terá que os instalar também neste que pede para instalar, pois no registro do novo não consta as chaves dos softwares.
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Por favor pessoal, ninguem sabe nada?? eu preciso trabalhar!!!