[Resolvido] Explorer fechando sozinho

[Ravani 0]

Ae pessoal, eu to com um problema irritante e sério aqui!! Hoje meu pc funcionava perfeitamente.... entao, eu o desliguei, e levei até a loja onde comprei, mas como eles pediram um prazo muito grande pra eu deixar o PC lá, resolvi traze-lo de volta. Instalei a maquina e liguei... desde entao, meu explorer.exe fica fechando SOZINHO! Ele fecha, abre, fecha de novo, abre... é impossivel fazer qualquer coisa... alguem pode me ajudar? abaixo, segue o log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:19:46, on 12/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\MYSECR~1\MSFMON.exe

C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Water Desktop\Water Desktop.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe

C:\ARQUIV~1\Free Download Manager\fdm.exe

C:\DOCUME~1\Adm\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ErrorSmart] C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Water Desktop] C:\Arquivos de programas\Water Desktop\Water Desktop.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de Programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de Programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de Programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de Programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

[Ravani 0]

Por favor pessoal, ninguem sabe nada?? eu preciso trabalhar!!!

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Ravani 0]

Opa! Valeu a dica!! Segue ae o log do ComboFix

 

ComboFix 08-04-15.5 - Ravani 2008-04-16 13:43:40.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1643 [GMT -3:00]Running from: C:\Documents and Settings\Ravani\Desktop\ComboFix.exe * Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infC:\Documents and Settings\Adm\Dados de aplicativos\inst.exe.(((((((((((((((((((((((((   Files Created from 2008-03-16 to 2008-04-16  ))))))))))))))))))))))))))))))).2008-04-16 13:47 . 2001-08-17 13:52	16,000	--a--c---	C:\WINDOWS.0\system32\dllcache\ini910u.sys2008-04-16 13:47 . 2001-08-17 13:47	13,056	--a--c---	C:\WINDOWS.0\system32\dllcache\inport.sys2008-04-16 13:47 . 2008-03-20 19:33	5,504	--a--c---	C:\WINDOWS.0\system32\dllcache\intelide.sys2008-04-16 13:46 . 2008-03-20 13:51	262,200	--a--c---	C:\WINDOWS.0\system32\dllcache\OLD773.tmp2008-04-16 13:46 . 2008-03-20 13:51	233,527	--a--c---	C:\WINDOWS.0\system32\dllcache\OLD76D.tmp2008-04-16 13:46 . 2001-08-23 08:00	59,904	--a--c---	C:\WINDOWS.0\system32\dllcache\OLD779.tmp2008-04-16 13:46 . 2008-03-20 13:51	59,392	--a--c---	C:\WINDOWS.0\system32\dllcache\OLD77F.tmp2008-04-16 13:46 . 2001-08-23 08:00	45,109	--a--c---	C:\WINDOWS.0\system32\dllcache\OLD770.tmp2008-04-16 13:45 . 2001-08-17 22:36	372,824	--a--c---	C:\WINDOWS.0\system32\dllcache\iconf32.dll2008-04-16 13:45 . 2001-08-17 14:06	154,496	--a--c---	C:\WINDOWS.0\system32\dllcache\icam4usb.sys2008-04-16 13:45 . 2001-08-17 14:06	100,992	--a--c---	C:\WINDOWS.0\system32\dllcache\icam5usb.sys2008-04-16 13:45 . 2001-08-17 22:36	45,056	--a--c---	C:\WINDOWS.0\system32\dllcache\icam5com.dll2008-04-16 13:45 . 2001-08-17 22:36	20,480	--a--c---	C:\WINDOWS.0\system32\dllcache\icam5ext.dll2008-04-16 13:42 . 2001-08-17 13:28	634,134	--a--c---	C:\WINDOWS.0\system32\dllcache\el656ct5.sys2008-04-16 13:41 . 2001-08-17 12:13	980,034	--a--c---	C:\WINDOWS.0\system32\dllcache\cicap.sys2008-04-16 13:40 . 2001-08-17 13:28	871,388	--a--c---	C:\WINDOWS.0\system32\dllcache\bcmdm.sys2008-04-16 13:39 . 2008-03-21 01:35	1,888,992	--a--c---	C:\WINDOWS.0\system32\dllcache\ati3duag.dll2008-04-16 13:38 . 2008-04-16 13:47	<DIR>	d--------	C:\WINDOWS.0\LastGood.Tmp2008-04-16 13:38 . 2008-03-20 20:20	2,188,928	--a--c---	C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe2008-04-16 13:38 . 2001-08-17 14:56	66,048	--a--c---	C:\WINDOWS.0\system32\dllcache\s3legacy.dll2008-04-16 13:35 . 2008-03-20 19:39	26,368	--a--c---	C:\WINDOWS.0\system32\dllcache\usbstor.sys2008-04-16 06:04 . 2008-04-16 06:04	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spyware Terminator2008-04-16 06:04 . 2008-04-16 06:04	138,752	--a------	C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys2008-04-15 19:08 . 2008-04-16 13:49	<DIR>	d-a------	C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP2008-04-15 18:55 . 2008-04-16 06:05	<DIR>	d--------	C:\Documents and Settings\Ravani\Application Data\Spyware Terminator2008-04-15 18:55 . 2008-04-15 18:55	<DIR>	d--------	C:\Documents and Settings\Ravani\Application Data\ErrorSmart2008-04-15 18:55 . 2008-04-15 18:55	<DIR>	d--------	C:\Documents and Settings\NetworkService.NT AUTHORITY\Dados de aplicativos2008-04-15 18:55 . 	<DIR>		C:\Documents and Settings\NetworkService.NT AUTHORITY\Configura‡oes locais2008-04-15 18:55 . 2008-04-15 18:55	<DIR>	d--------	C:\Documents and Settings\LocalService.NT AUTHORITY\Dados de aplicativos2008-04-15 18:55 . 	<DIR>		C:\Documents and Settings\LocalService.NT AUTHORITY\Configura‡oes locais2008-04-15 18:44 . 2004-08-04 00:45	221,184	--a------	C:\WINDOWS.0\system32\wmpns.dll2008-04-15 18:40 . 2008-04-15 18:40	91,700	--a------	C:\WINDOWS.0\system32\drivers\klin.dat2008-04-15 18:40 . 2008-04-15 18:40	85,860	--a------	C:\WINDOWS.0\system32\drivers\klick.dat2008-04-15 18:34 . 2008-04-15 18:34	<DIR>	d--------	C:\WINDOWS.0\system32\NtmsData2008-04-15 18:21 . 2008-03-27 17:21	218,624	--a------	C:\WINDOWS.0\system32\uxtheme.backup2008-04-15 18:18 . 2008-03-20 21:36	528,384	--a------	C:\WINDOWS.0\system32\shimgvw.dll.zottel2008-04-15 18:15 . 2008-04-15 18:21	<DIR>	d--------	C:\WINDOWS.0\VistaMizer2008-04-15 18:02 . 2008-04-15 18:02	0	--a------	C:\WINDOWS.0\nsreg.dat2008-04-14 12:47 . 2008-04-14 12:47	<DIR>	d--------	C:\Program Files\Steinberg2008-04-14 12:47 . 2008-04-14 12:47	<DIR>	d--------	C:\Program Files\Common Files\Digidesign2008-04-13 16:37 . 2008-04-16 07:15	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\Spy Emergency2008-04-12 21:22 . 2008-04-12 21:22	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\PC Tools2008-04-12 20:17 . 2008-04-12 20:17	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\Simply Super Software2008-04-12 19:21 . 2008-04-12 19:22	<DIR>	d--------	C:\Hijack2008-04-12 13:46 . 2008-04-15 11:00	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\Spyware Terminator2008-04-07 13:16 . 2008-04-07 13:31	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\ErrorSmart2008-04-02 18:34 . 2008-04-02 18:34	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\Nero2008-03-28 08:47 . 2008-03-28 08:47	3,786,760	--a------	C:\WINDOWS.0\system32\D3DX9_37.dll2008-03-28 08:47 . 2008-03-28 08:47	3,734,536	--a------	C:\WINDOWS.0\system32\d3dx9_36.dll2008-03-28 08:47 . 2008-03-28 08:47	3,727,720	--a------	C:\WINDOWS.0\system32\d3dx9_35.dll2008-03-28 08:46 . 2008-03-28 08:46	3,497,832	--a------	C:\WINDOWS.0\system32\d3dx9_34.dll2008-03-28 08:46 . 2008-03-28 08:46	3,495,784	--a------	C:\WINDOWS.0\system32\d3dx9_33.dll2008-03-28 08:46 . 2008-03-28 08:46	3,426,072	--a------	C:\WINDOWS.0\system32\d3dx9_32.dll2008-03-28 08:46 . 2008-03-28 08:46	2,414,360	--a------	C:\WINDOWS.0\system32\d3dx9_31.dll2008-03-28 08:45 . 2008-03-28 08:45	2,297,552	--a------	C:\WINDOWS.0\system32\d3dx9_26.dll2008-03-27 17:22 . 2008-03-27 17:22	1,614,848	--a------	C:\WINDOWS.0\system32\sfcfiles.dll2008-03-27 17:19 . 2008-03-27 17:19	2,248,704	--a------	C:\WINDOWS.0\system32\inetcpl.cpl2008-03-27 17:19 . 2008-03-27 17:19	78,336	--a------	C:\WINDOWS.0\system32\ieencode.dll2008-03-27 17:19 . 2008-03-27 17:19	78,336	--a--c---	C:\WINDOWS.0\system32\dllcache\ieencode.dll2008-03-27 17:19 . 2008-03-27 17:19	70,144	--a------	C:\WINDOWS.0\system32\iesetup.dll2008-03-27 17:19 . 2008-03-27 17:19	36,352	--a------	C:\WINDOWS.0\system32\imgutil.dll2008-03-27 17:19 . 2008-03-27 17:19	36,352	--a--c---	C:\WINDOWS.0\system32\dllcache\imgutil.dll2008-03-26 23:14 . 2008-04-16 03:13	<DIR>	d--------	C:\Documents and Settings\Adm\Dados de aplicativos\Free Download Manager2008-03-20 22:37 . 2008-03-21 01:37	294,912	--a------	C:\WINDOWS.0\system32\msh263.drv2008-03-20 22:37 . 2008-03-20 21:45	23,552	--a------	C:\WINDOWS.0\system32\wdmaud.drv2008-03-20 22:36 . 2008-03-20 21:45	483,840	--a------	C:\WINDOWS.0\system32\wzcsvc.dll2008-03-20 22:36 . 2008-03-20 21:45	52,736	--a------	C:\WINDOWS.0\system32\wzcsapi.dll2008-03-20 22:36 . 2008-03-20 21:45	47,616	--a------	C:\WINDOWS.0\system32\iyuv_32.dll2008-03-20 22:36 . 2008-03-20 21:45	35,328	--a------	C:\WINDOWS.0\system32\pid.dll2008-03-20 22:36 . 2008-03-20 21:45	20,992	--a------	C:\WINDOWS.0\system32\hid.dll2008-03-20 22:36 . 2008-03-20 21:45	20,992	--a--c---	C:\WINDOWS.0\system32\dllcache\hid.dll2008-03-20 22:36 . 2008-03-20 21:45	16,896	--a------	C:\WINDOWS.0\system32\msyuv.dll2008-03-20 22:36 . 2008-03-20 21:45	15,360	--a------	C:\WINDOWS.0\system32\pjlmon.dll2008-03-20 22:35 . 2008-03-20 21:45	52,224	--a------	C:\WINDOWS.0\system32\dmutil.dll2008-03-20 22:35 . 2008-03-20 21:45	52,224	--a--c---	C:\WINDOWS.0\system32\dllcache\dmutil.dll2008-03-20 22:35 . 2008-03-20 21:45	47,104	--a--c---	C:\WINDOWS.0\system32\dllcache\cnbjmon.dll2008-03-20 22:35 . 2008-03-20 21:45	47,104	--a------	C:\WINDOWS.0\system32\cnbjmon.dll2008-03-20 21:49 . 2008-03-20 21:49	1,804	--a------	C:\WINDOWS.0\system32\Dcache.bin2008-03-20 21:40 . 2008-03-20 21:40	384,000	--a------	C:\WINDOWS.0\system32\netsetup.exe2008-03-20 21:40 . 2008-03-20 21:40	384,000	--a--c---	C:\WINDOWS.0\system32\dllcache\netsetup.exe2008-03-20 21:40 . 2008-03-20 21:40	80,544	--a--c---	C:\WINDOWS.0\system32\dllcache\apps.chm2008-03-20 21:39 . 2008-03-20 21:39	1,202,774	--a--c---	C:\WINDOWS.0\system32\dllcache\sysmain.sdb2008-03-20 21:39 . 2008-03-20 21:39	785,972	--a--c---	C:\WINDOWS.0\system32\dllcache\apph_sp.sdb2008-03-20 21:39 . 2008-03-20 21:39	218,134	--a--c---	C:\WINDOWS.0\system32\dllcache\apphelp.sdb2008-03-20 21:39 . 2008-03-20 21:39	203,154	--a--c---	C:\WINDOWS.0\system32\dllcache\msimain.sdb2008-03-20 21:39 . 2008-03-20 21:39	9,424	--a--c---	C:\WINDOWS.0\system32\dllcache\drvmain.sdb2008-03-20 21:35 . 2008-03-20 21:35	3,954,688	--a------	C:\WINDOWS.0\system32\winntbbu.dll2008-03-20 21:34 . 2008-03-20 21:34	1,208,346	--a------	C:\WINDOWS.0\system32\msdxm.ocx2008-03-20 21:33 . 2008-03-20 21:33	949,248	--a------	C:\WINDOWS.0\system32\gpedit.dll2008-03-20 21:32 . 2008-03-20 21:32	285,696	--a--c---	C:\WINDOWS.0\system32\dllcache\atmfd.dll2008-03-20 21:32 . 2008-03-20 21:32	285,696	--a------	C:\WINDOWS.0\system32\atmfd.dll2008-03-20 21:32 . 2008-03-20 21:32	176,640	--a------	C:\WINDOWS.0\system32\asctrls.ocx2008-03-20 21:32 . 2008-03-20 21:32	153,088	--a--c---	C:\WINDOWS.0\system32\dllcache\daxctle.ocx2008-03-20 21:32 . 2008-03-20 21:32	153,088	--a------	C:\WINDOWS.0\system32\daxctle.ocx2008-03-20 21:32 . 2008-03-20 21:32	16,896	--a--c---	C:\WINDOWS.0\system32\dllcache\cfgmgr32.dll2008-03-20 21:32 . 2008-03-20 21:32	16,896	--a------	C:\WINDOWS.0\system32\cfgmgr32.dll2008-03-20 17:08 . 2008-03-20 21:45	141,056	--a------	C:\WINDOWS.0\system32\drivers\ks.sys2008-03-20 16:51 . 2008-03-20 21:45	30,080	--a------	C:\WINDOWS.0\system32\drivers\modem.sys2008-03-20 16:46 . 2008-03-20 21:45	14,592	--a------	C:\WINDOWS.0\system32\drivers\ndisuio.sys2008-03-20 16:46 . 2008-03-20 21:45	12,288	--a------	C:\WINDOWS.0\system32\drivers\tunmp.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-04-16 15:31	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\uTorrent2008-04-15 20:47	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-04-15 20:25	---------	d-----w	C:\Program Files\microsoft frontpage2008-04-15 20:24	---------	d-----w	C:\Program Files\Windows Media Connect 22008-04-13 15:28	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\Vso2008-04-03 15:40	47,360	----a-w	C:\Documents and Settings\Adm\Dados de aplicativos\pcouffin.sys2008-03-28 11:47	462,864	----a-w	C:\WINDOWS.0\system32\d3dx10_37.dll2008-03-28 11:47	444,776	----a-w	C:\WINDOWS.0\system32\d3dx10_36.dll2008-03-28 11:47	444,776	----a-w	C:\WINDOWS.0\system32\d3dx10_35.dll2008-03-28 11:47	443,752	----a-w	C:\WINDOWS.0\system32\d3dx10_34.dll2008-03-28 11:47	443,752	----a-w	C:\WINDOWS.0\system32\d3dx10_33.dll2008-03-27 20:21	920,064	----a-w	C:\WINDOWS.0\system32\wininet.dll2008-03-27 20:21	361,344	----a-w	C:\WINDOWS.0\system32\drivers\tcpip.sys2008-03-27 20:21	26,112	----a-w	C:\WINDOWS.0\system32\idndl.dll2008-03-27 20:21	24,576	----a-w	C:\WINDOWS.0\system32\nlsdl.dll2008-03-27 20:21	23,552	----a-w	C:\WINDOWS.0\system32\normaliz.dll2008-03-27 20:21	218,624	----a-w	C:\WINDOWS.0\system32\uxtheme.dll2008-03-27 20:21	1,171,456	----a-w	C:\WINDOWS.0\system32\syssetup.dll2008-03-27 20:20	94,720	----a-w	C:\WINDOWS.0\system32\mshta.exe2008-03-27 20:20	48,128	----a-w	C:\WINDOWS.0\system32\mshtmler.dll2008-03-27 20:20	40,960	----a-w	C:\WINDOWS.0\system32\licmgr10.dll2008-03-27 20:20	156,160	----a-w	C:\WINDOWS.0\system32\msls31.dll2008-03-27 20:18	676,224	----a-w	C:\WINDOWS.0\system32\OGACheckControl.DLL2008-03-27 20:18	524,288	----a-w	C:\WINDOWS.0\opuc.dll2008-03-27 20:18	17,408	----a-w	C:\WINDOWS.0\system32\corpol.dll2008-03-27 20:18	142,696	----a-w	C:\WINDOWS.0\system32\MicrosoftUpdateCatalogWebControl.dll2008-03-27 20:18	105,984	----a-w	C:\WINDOWS.0\system32\admparse.dll2008-03-21 04:37	40,840	----a-w	C:\WINDOWS.0\system32\drivers\termdd.sys2008-03-21 04:36	193,024	----a-w	C:\WINDOWS.0\system32\fsquirt.exe2008-03-21 04:35	20,992	----a-w	C:\WINDOWS.0\system32\bthci.dll2008-03-21 02:32	1,295,938	----a-r	C:\WINDOWS.0\SET3.tmp2008-03-21 02:25	1,088,979	----a-r	C:\WINDOWS.0\SET4.tmp2008-03-21 02:24	16,674	----a-r	C:\WINDOWS.0\SET8.tmp2008-03-21 01:36	83,456	----a-w	C:\WINDOWS.0\system32\usbui.dll2008-03-21 01:36	75,776	----a-w	C:\WINDOWS.0\system32\storprop.dll2008-03-21 01:36	29,184	----a-w	C:\WINDOWS.0\system32\sdhcinst.dll2008-03-21 01:35	30,208	----a-w	C:\WINDOWS.0\system32\bthserv.dll2008-03-21 00:36	99,840	----a-w	C:\WINDOWS.0\system32\telnet.exe2008-03-21 00:35	98,304	----a-w	C:\WINDOWS.0\system32\actxprxy.dll2008-03-21 00:34	53,279	----a-w	C:\WINDOWS.0\system32\odbcji32.dll2008-03-21 00:34	4,126	----a-w	C:\WINDOWS.0\system32\msdxmlc.dll2008-03-21 00:34	102,912	----a-w	C:\WINDOWS.0\system32\dpcdll.dll2008-03-20 22:25	196,224	----a-w	C:\WINDOWS.0\system32\drivers\rdpdr.sys2008-03-20 19:33	57,600	----a-w	C:\WINDOWS.0\system32\drivers\redbook.sys2008-03-20 18:48	41,472	----a-w	C:\WINDOWS.0\system32\drivers\raspppoe.sys2008-03-20 18:48	40,576	----a-w	C:\WINDOWS.0\system32\drivers\ndproxy.sys2008-03-20 18:48	34,560	----a-w	C:\WINDOWS.0\system32\drivers\wanarp.sys2008-03-20 18:48	20,864	----a-w	C:\WINDOWS.0\system32\drivers\ipinip.sys2008-03-20 18:48	152,832	----a-w	C:\WINDOWS.0\system32\drivers\ipnat.sys2008-03-20 18:48	14,336	----a-w	C:\WINDOWS.0\system32\drivers\asyncmac.sys2008-03-20 18:48	10,112	----a-w	C:\WINDOWS.0\system32\drivers\ndistapi.sys2008-03-20 18:44	11,264	----a-w	C:\WINDOWS.0\system32\drivers\irenum.sys2008-03-20 18:38	799,744	----a-w	C:\WINDOWS.0\system32\drivers\dmboot.sys2008-03-20 18:38	36,864	----a-w	C:\WINDOWS.0\system32\drivers\hidclass.sys2008-03-20 18:38	24,960	----a-w	C:\WINDOWS.0\system32\drivers\hidparse.sys2008-03-20 18:38	17,664	----a-w	C:\WINDOWS.0\system32\watchdog.sys2008-03-20 18:38	153,344	----a-w	C:\WINDOWS.0\system32\drivers\dmio.sys2008-03-20 18:38	10,368	----a-w	C:\WINDOWS.0\system32\drivers\hidusb.sys2008-03-20 18:32	42,368	----a-w	C:\WINDOWS.0\system32\drivers\mountmgr.sys2008-03-20 18:32	384,768	----a-w	C:\WINDOWS.0\system32\drivers\update.sys2008-03-20 18:32	24,576	----a-w	C:\WINDOWS.0\system32\drivers\kbdclass.sys2008-03-20 18:32	15,744	----a-w	C:\WINDOWS.0\system32\drivers\serenum.sys2008-03-20 18:30	79,232	----a-w	C:\WINDOWS.0\system32\drivers\sdbus.sys2008-03-20 18:30	68,224	----a-w	C:\WINDOWS.0\system32\drivers\pci.sys2008-03-20 18:30	37,248	----a-w	C:\WINDOWS.0\system32\drivers\isapnp.sys2008-03-20 18:30	187,776	----a-w	C:\WINDOWS.0\system32\drivers\acpi.sys2008-03-20 18:30	120,192	----a-w	C:\WINDOWS.0\system32\drivers\pcmcia.sys2008-03-20 18:29	73,472	----a-w	C:\WINDOWS.0\system32\drivers\sr.sys2008-03-20 18:25	129,792	----a-w	C:\WINDOWS.0\system32\drivers\fltMgr.sys2008-03-20 18:05	76,800	----a-w	C:\WINDOWS.0\system32\msshavmsg.dll2008-03-20 18:04	20,992	----a-w	C:\WINDOWS.0\system32\drivers\RTL8139.sys2008-03-20 16:29	97,280	----a-w	C:\WINDOWS.0\system32\inetres.dll2008-03-15 22:41	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\OnReally2008-03-15 16:07	---------	d-----w	C:\Program Files\Common Files\INCA Shared2008-03-11 23:24	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\FrostWire2008-03-09 19:19	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\GetRightToGo2008-03-06 17:26	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\Activision2008-03-06 16:26	22,328	----a-w	C:\Documents and Settings\Adm\Dados de aplicativos\PnkBstrK.sys2008-03-06 16:02	---------	d-----w	C:\Program Files\Electronic Arts2008-02-27 21:57	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\CyberLink2008-02-25 16:14	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\Folder Guard2008-02-22 18:45	---------	d-----w	C:\Documents and Settings\Adm\Dados de aplicativos\PGP Corporation.------- Sigcheck -------2008-03-27 17:21  920064  88348f8c92c28ba99fe49bd392100ce0	C:\WINDOWS.0\system32\wininet.dll2008-03-27 17:21  818688  a4a0fc92358f39538a6494c42ef99fe9	C:\WINDOWS.0\VistaMizer\old\wininet.dll2008-03-27 17:21  361344  e3084457be14a22dc80979e2d78bf0aa	C:\WINDOWS.0\system32\drivers\tcpip.sys2008-03-20 21:36  547328  1e8ada33f992303d06c4c8ae8fc654a5	C:\WINDOWS.0\system32\winlogon.exe2008-03-20 21:36  507904  b8135e9ed99a0858df535ce0a0271558	C:\WINDOWS.0\VistaMizer\old\winlogon.exe2008-03-20 21:45  2280960  4978fae12de6608e5ff9cae5c4a02a75	C:\WINDOWS.0\system32\ntkrnlpa.exe2008-03-20 21:45  2023936  b2bfe697e8775f306dfe21be054f1b95	C:\WINDOWS.0\VistaMizer\old\ntkrnlpa.exe2008-03-20 21:36  1551872  f4848a2b892c578a1095e079ab7249a0	C:\WINDOWS.0\explorer.exe2008-03-20 21:36  1033728  91172f1f7decaa275ed52fcb61f57307	C:\WINDOWS.0\VistaMizer\old\explorer.exe2008-03-20 21:36  25088  ed07222331df1b5fd7981c66b180b9b4	C:\WINDOWS.0\system32\ctfmon.exe2008-03-20 21:36  15360  49b33e2b875abe592c81f0d679858de0	C:\WINDOWS.0\VistaMizer\old\ctfmon.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E8F7DC7-B0B7-4B5A-BF4A-F3D10540E0CF}]2008-04-13 21:35	272896	--a------	C:\WINDOWS\system32\wvUllkkl.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-03-20 21:36 25088]"RocketDock"="C:\Arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]"WindowBlinds"="C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exe" [ ]"Tracks Eraser Pro"="" []"Steam"="C:\Arquivos de Programas\Steam\Steam.exe" [2008-04-03 23:34 1271032]"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-11-19 18:42 8523776]"nwiz"="nwiz.exe" [2007-11-19 18:42 1626112 C:\WINDOWS.0\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-11-19 18:42 81920]"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 19:54 37376]"VTTrayp"="VTtrayp.exe" []"VTTimer"="VTTimer.exe" []"TrojanScanner"="C:\Arquivos de Programas\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528]"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]"SpywareTerminator"="C:\ARQUIV~1\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-12 13:46 2957824]"SigmatelSysTrayApp"="sttray.exe" []"S3Trayp"="S3trayp.exe" []"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-25 23:33 131072]"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]"NBKeyScan"="C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]"MSF_Monitor"="C:\ARQUIV~1\MYSECR~1\MSFMON.exe" [2007-02-27 23:00 99920]"ISTray"="C:\Arquivos de Programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" []"GhostStartTrayApp"="C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [ ]"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2007-01-21 20:38 155648]"ErrorSmart"="C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exe" [2008-04-13 18:02 18244856]"AGEIA PhysX SysTray"="C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe" [2006-03-20 16:43 331776]"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-03-20 21:36 25088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="regsvr32 /s /n /i:U shell32" [][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 0 (0x0)"NoResolveSearch"= 1 (0x1)"NoChangeAnimation"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"MemCheckBoxInRunDlg"= 0 (0x0)"NoStrCmpLogical"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrPiiH]awtrPiiH.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]C:\Arquivos de Programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-04-08 12:27 184320 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll[HKLM\~\startupfolder\C:^Documents and Settings^Adm^Menu Iniciar^Programas^Inicializar^Glass2k.lnk]backup=C:\WINDOWS\pss\Glass2k.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^PGPtray.lnk]backup=C:\WINDOWS\pss\PGPtray.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dimension4][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Advanced Keylogger][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\PES2008 Launcher\\KonamiLauncher.exe"="C:\\Arquivos de programas\\Valve\\hl.exe"="C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\Main.exe"="C:\\Arquivos de programas\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"="C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Arquivos de programas\\CyEngine\\Pokemon Online\\CyClient.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Arquivos de programas\\Mozilla Firefox 3 Beta 2\\firefox.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"="C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=S0 videX32;videX32;C:\WINDOWS.0\system32\DRIVERS\videX32.sys []S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 03:23]S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS.0\system32\drivers\sp_rsdrv2.sys [2008-04-16 06:04]S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS.0\system32\Drivers\spyemrg.sys []S2 MSF32;MSF32;C:\Arquivos de programas\MySecretFolder XP\MSF32.SYS [2007-02-27 23:00]S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-04-04 07:03]S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys []S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS.0\system32\DRIVERS\klim5.sys [][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install.Contents of the 'Scheduled Tasks' folder"2008-04-16 16:49:39 C:\WINDOWS.0\Tasks\ErrorSmart Scheduled Scan.job"- C:\Arquivos de Programas\ErrorSmart\ErrorSmart.ex- C:\Arquivos de Programas\ErrorSmart.Ravani+Runs ErrorSmart to optimize your registry..**************************************************************************catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-16 13:49:35Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS.0\explorer.exe-> C:\Arquivos de programas\RocketDock\RocketDock.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Arquivos de programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS.0\system32\defrag.exeC:\Arquivos de programas\Spyware Terminator\sp_rsser.exeC:\WINDOWS.0\system32\dfrgntfs.exeC:\WINDOWS.0\system32\wscntfy.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe.**************************************************************************.Completion time: 2008-04-16 13:55:27 - machine was rebootedComboFix-quarantined-files.txt  2008-04-16 16:55:22ComboFix2.txt  2008-02-25 15:10:19Pre-Run: 53,240,258,560 bytes freePost-Run: 53,303,889,920 bytes free.2008-04-15 21:18:41	--- E O F ---

 

Agora, o novo log do hijackthis:

 

Logfile of HijackThis v1.99.1Scan saved at 14:03:33, on 16/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Running processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\RUNDLL32.EXEC:\Arquivos de programas\Winamp\winampa.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exeC:\Arquivos de Programas\Bonjour\mDNSResponder.exeC:\ARQUIV~1\MYSECR~1\MSFMON.exeC:\Arquivos de Programas\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Arquivos de programas\AGEIA Technologies\TrayIcon.exeC:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Arquivos de programas\RocketDock\RocketDock.exeC:\WINDOWS.0\system32\defrag.exeC:\Arquivos de programas\Spyware Terminator\sp_rsser.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\WINDOWS.0\system32\DfrgNtfs.exeC:\WINDOWS.0\system32\wscntfy.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exeC:\WINDOWS.0\explorer.exeC:\WINDOWS.0\system32\notepad.exeC:\DOCUME~1\Ravani\LOCALS~1\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exeC:\WINDOWS.0\system32\msiexec.exeC:\WINDOWS.0\system32\msiexec.exeC:\WINDOWS.0\system32\MsiExec.exeC:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exeC:\WINDOWS.0\system32\MsiExec.exeC:\WINDOWS.0\system32\rundll32.exeC:\WINDOWS.0\system32\rundll32.exeC:\Documents and Settings\Ravani\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exeO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de Programas\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [SpywareTerminator] "C:\ARQUIV~1\Spyware Terminator\SpywareTerminatorShield.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [S3Trayp] S3trayp.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /StartO4 - HKLM\..\Run: [ISTray] "C:\Arquivos de Programas\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exeO4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"O4 - HKLM\..\Run: [ErrorSmart] C:\Arquivos de Programas\ErrorSmart\ErrorSmart.exeO4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [3cd7c002] rundll32.exe "C:\WINDOWS.0\system32\kqulolui.dll",bO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exeO4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exeO4 - HKCU\..\Run: [Steam] "C:\Arquivos de Programas\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\npjpi160_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\npjpi160_01.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dllO11 - Options group: [INTERNATIONAL] International*O11 - Options group: [TABS] Tabbed BrowsingO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dllO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dllO21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exeO23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

 

de fazer issovaleu ae pela ajuda! O explorer realmente parou de fechar!! Obrigado mesmo!!! Mas saca só, antes ae, eu consegui fazer uma reparação no meu XP antigo. Só que agora, ele nao entra mais. Na hora q eu escolho ele na tela boot, aparece a tela azul da morte!! Mas tudo bem, se n tiver como resolver isso, pode deixar assim, pq o outro windows funciona. Só que qundo vou entrar em algum jogo, parece haver um "buraco" no registro, talvez pelo fato de ter sido instalado no outro. Como faço pra poder usar os jogos e alguns programas que mostram o mesmo problema?

[Silas Martins 0]

Siga as instruções abaixo:

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users.WINDOWS.0\Documents\Stardock\WindowBlinds\WBInstall32.exe

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

 

Sobre o boot o problema pode estar no seu Boot Manager, verifique.

[Ravani 0]

feito! Mas os programas continuam acusando que devo reinstala-las :/

segue o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:58:46, on 16/4/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\WINDOWS.0\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\MYSECR~1\MSFMON.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS.0\system32\wscntfy.exe

C:\WINDOWS.0\system32\wuauclt.exe

C:\WINDOWS.0\explorer.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe

C:\Documents and Settings\Ravani\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A0B16A08-689E-4616-979F-7244959A65ED} - C:\WINDOWS\system32\wvUllkkl.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de Programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: awtrPiiH - awtrPiiH.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WBSrv - C:\Arquivos de Programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

Obs.: Apos alguns bons momentos sao, o explorer voltou a dar o maldito erro de ficar fechando e abrindo :/

[Silas Martins 0]

Siga as instruções abaixo:

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O20 - Winlogon Notify: awtrPiiH - awtrPiiH.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Ravani 0]

estranho, esses itens já não existem mais no log gerado. Nem no modo seguro, nem no normal. Segue o novo log:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:53:49, on 16/4/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\WINDOWS.0\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\MYSECR~1\MSFMON.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS.0\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe

C:\WINDOWS.0\system32\taskmgr.exe

C:\WINDOWS.0\system32\wuauclt.exe

C:\Documents and Settings\Ravani\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de Programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MSF_Monitor] C:\ARQUIV~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.0\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de Programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Arquivos de Programas\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[Silas Martins 0]

Log Limpo

Quanto aos avisos de reinstalação pode vim a ser algo que você desisntalou incorretamente.

[Ravani 0]

Log Limpo

Quanto aos avisos de reinstalação pode vim a ser algo que você desisntalou incorretamente.

 

Nopz. Isso acontece com 90% dos programas. Tipo, ao que parece, pelo fato de eles terem sido instalados no windows antigo, parece que o novo não possui ainda o registro deles nessa nova versao que foi instalada agora. Entao praticamente todos eles pedem pra reinstalar o aplicativo. Existe alguma forma de reverter isso? E a tela azul da morte na hora do boot? tem como reparar isso?

 

valeu!

[Silas Martins 0]

A tela azul é como eu disse você tem que verificar seu BOOT MANAGER, já os softwares você terá que os instalar também neste que pede para instalar, pois no registro do novo não consta as chaves dos softwares.

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.