[Resolvido!] explorer.exe reiniciando

[KuroLuffy 0]

Após baixar o VSO ConvertXtoDVD 3.0 do qoogle e instalar no PC, o explorer começou a reiniciar sem parar e eu pesquisei um pouko e vi q c eu postar o arquivo do HijackThis no tópico alguém pode resolver o meu problema, então aki vai :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:20, on 20/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\MUSICA~1\mac.exe

C:\Documents and Settings\Particular\sccs.exe

C:\Documents and Settings\Particular\css.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

C:\FRAPS\FRAPS.EXE

C:\Arquivos de programas\ReminderCube2\remindercube2.exe

C:\Arquivos de programas\Xfire\xfire.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\VSO\ConvertXtoDVD\ConvertXtoDvd.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Music Alarm Clock] C:\ARQUIV~1\MUSICA~1\mac.exe

O4 - HKLM\..\Run: [sccs] C:\Documents and Settings\Particular\sccs.exe

O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Particular\css.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

O4 - HKCU\..\Run: [EA Core] C:\Arquivos de programas\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ReminderCube2.lnk = C:\Arquivos de programas\ReminderCube2\remindercube2.exe

O4 - Startup: Xfire.lnk = C:\Arquivos de programas\Xfire\xfire.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213906394218

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B32710-B03D-42CA-9E2D-4AC1B4304B19}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 6441 bytes

 

 

Desculpa eu não vou mudar o de cima mais eu esqueci de fechar alguns programas, então aqui vai outro no qual eu fechei alguns programas:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:28:55, on 20/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\MUSICA~1\mac.exe

C:\Documents and Settings\Particular\sccs.exe

C:\Documents and Settings\Particular\css.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\imapi.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Music Alarm Clock] C:\ARQUIV~1\MUSICA~1\mac.exe

O4 - HKLM\..\Run: [sccs] C:\Documents and Settings\Particular\sccs.exe

O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Particular\css.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

O4 - HKCU\..\Run: [EA Core] C:\Arquivos de programas\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ReminderCube2.lnk = C:\Arquivos de programas\ReminderCube2\remindercube2.exe

O4 - Startup: Xfire.lnk = C:\Arquivos de programas\Xfire\xfire.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213906394218

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B32710-B03D-42CA-9E2D-4AC1B4304B19}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 6083 bytes

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[KuroLuffy 0]

Aqui estao os dois relatorios:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:21:57, on 21/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213906394218

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 4762 bytes

 

 

 

 

 

e o outro:

 

 

 

 

 

 

ComboFix 08-09-20.05 - Particular 2008-09-21 20:01:45.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1573 [GMT -3:00]

Executando de: C:\Documents and Settings\Particular\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Particular\Cookies\particular@ad.yieldmanager[1].txt

C:\Documents and Settings\Particular\Dados de aplicativos\inst.exe

C:\WINDOWS\system32\actskn43.ocx

C:\WINDOWS\system32\byXqnLCs.dll

C:\WINDOWS\system32\Memman.vxd

C:\WINDOWS\system32\nnnKBRlm.dll

C:\WINDOWS\system32\nnnljklj.dll

C:\WINDOWS\system32\sCLnqXyb.ini

C:\WINDOWS\system32\sCLnqXyb.ini2

C:\WINDOWS\system32\skinboxer43.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))

.

 

2008-09-20 20:16 . 2008-09-20 20:16 <DIR> d-------- C:\!KillBox

2008-09-20 20:07 . 2008-09-20 20:07 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-09-17 02:17 . 2008-09-20 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

2008-09-17 01:13 . 2008-09-17 01:13 479,232 ---hs---- C:\Documents and Settings\Particular\css.exe

2008-09-17 01:13 . 2008-09-17 01:13 103,936 ---hs---- C:\Documents and Settings\Particular\sccs.exe

2008-09-17 00:38 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-09-17 00:38 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-09-17 00:38 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-09-17 00:17 . 2008-09-21 20:01 <DIR> d-------- C:\Documents and Settings\Particular\Dados de aplicativos\Vso

2008-09-17 00:17 . 2008-09-17 19:38 <DIR> d-------- C:\Arquivos de programas\VSO

2008-09-17 00:17 . 2008-09-17 00:38 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-09-17 00:17 . 2008-09-17 00:38 47,360 --a------ C:\Documents and Settings\Particular\Dados de aplicativos\pcouffin.sys

2008-09-15 17:06 . 2008-09-15 18:26 <DIR> d-------- C:\Arquivos de programas\The KMPlayer

2008-09-15 16:42 . 2008-09-15 16:42 <DIR> d-------- C:\Arquivos de programas\IrfanView

2008-09-13 18:58 . 2008-09-13 18:58 <DIR> d-------- C:\Arquivos de programas\G-Collections

2008-09-13 18:58 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-09-12 21:28 . 2008-09-12 21:28 <DIR> d-------- C:\Documents and Settings\Particular\Dados de aplicativos\SPORE

2008-09-12 21:26 . 2008-09-12 21:26 <DIR> d-------- C:\ProgramData

2008-09-12 21:26 . 2008-09-12 21:26 <DIR> dr-h----- C:\Documents and Settings\Particular\Dados de aplicativos\SecuROM

2008-09-12 21:26 . 2008-09-12 21:26 14,314 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

2008-09-11 21:54 . 2008-09-11 21:54 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-30 23:44 . 2008-08-30 23:44 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-08-30 13:37 . 2008-08-30 13:37 <DIR> d--h----- C:\WINDOWS\PIF

2008-08-30 01:28 . 2008-08-30 01:53 <DIR> d-------- C:\Arquivos de programas\ReminderCube2

2008-08-30 01:12 . 2008-08-30 01:12 <DIR> d-------- C:\Documents and Settings\Particular\Dados de aplicativos\Megacubo

2008-08-30 01:12 . 2008-08-30 01:12 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-08-30 01:12 . 2008-08-30 01:18 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-08-30 00:51 . 2008-09-17 13:27 <DIR> d-------- C:\Arquivos de programas\Craagle

2008-08-30 00:50 . 2008-08-30 01:22 <DIR> d-------- C:\Arquivos de programas\Cl1ckClock

2008-08-30 00:49 . 2008-08-30 00:49 <DIR> d-------- C:\Arquivos de programas\Wallpaper Rotator

2008-08-30 00:48 . 2008-08-30 00:49 <DIR> d-------- C:\Arquivos de programas\Clock Tray Skins

2008-08-30 00:47 . 2008-08-30 00:47 <DIR> d-------- C:\Arquivos de programas\URUSoft

2008-08-30 00:46 . 2008-08-30 00:46 <DIR> d-------- C:\Arquivos de programas\FrameShots

2008-08-30 00:41 . 2008-08-30 19:05 <DIR> d-------- C:\Arquivos de programas\Typle2.0v

2008-08-30 00:31 . 2008-08-30 00:31 <DIR> d-------- C:\Arquivos de programas\CBS Software

2008-08-30 00:30 . 2008-08-30 20:59 <DIR> d-------- C:\Arquivos de programas\Music Alarm Clock

2008-08-30 00:28 . 2008-08-30 00:28 <DIR> d-------- C:\Arquivos de programas\DiskTrix

2008-08-30 00:24 . 2008-08-30 01:00 <DIR> d-------- C:\Arquivos de programas\PC Satellite TV

2008-08-30 00:24 . 1998-06-24 00:00 525,352 --a------ C:\WINDOWS\system32\Dbgrid32.ocx

2008-08-30 00:24 . 1998-06-17 23:00 299,008 --a------ C:\WINDOWS\system32\MSDBRPTR.DLL

2008-08-30 00:24 . 2004-03-08 22:00 275,216 --a------ C:\WINDOWS\system32\msdatgrd.ocx

2008-08-30 00:24 . 2004-03-08 23:00 234,016 --a------ C:\WINDOWS\system32\Msdatlst.ocx

2008-08-30 00:24 . 1998-06-23 23:00 209,192 --a------ C:\WINDOWS\system32\TabCtl32.ocx

2008-08-30 00:24 . 1998-06-23 23:00 118,064 --a------ C:\WINDOWS\system32\MSADODC.OCX

2008-08-30 00:24 . 1998-06-23 23:00 115,016 --a-s---- C:\WINDOWS\system32\MSINET.OCX

2008-08-30 00:24 . 1998-06-23 23:00 103,744 --a------ C:\WINDOWS\system32\mscomm32.ocx

2008-08-30 00:24 . 1998-06-17 23:00 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-08-30 00:24 . 1998-06-17 23:00 77,824 --a-s---- C:\WINDOWS\system32\MSBIND.DLL

2008-08-30 00:22 . 2008-08-30 00:22 <DIR> d-------- C:\Arquivos de programas\Insofta Cover Commander

2008-08-30 00:19 . 2008-08-30 01:01 <DIR> d-------- C:\Arquivos de programas\Everest

2008-08-30 00:16 . 2008-08-30 00:16 <DIR> d-------- C:\Arquivos de programas\Google Hacks

2008-08-30 00:14 . 2008-09-01 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2008-08-30 00:12 . 2008-08-30 20:58 <DIR> d-------- C:\Arquivos de programas\US Downloader

2008-08-30 00:05 . 2008-09-11 13:11 <DIR> d-------- C:\Arquivos de programas\SBP

2008-08-29 23:09 . 2008-08-29 23:09 <DIR> d-------- C:\Arquivos de programas\Sweet Home 3D

2008-08-29 20:40 . 2008-08-29 20:40 268 --ah----- C:\sqmdata19.sqm

2008-08-29 20:40 . 2008-08-29 20:40 244 --ah----- C:\sqmnoopt19.sqm

2008-08-29 13:59 . 2008-08-29 13:59 268 --ah----- C:\sqmdata18.sqm

2008-08-29 13:59 . 2008-08-29 13:59 244 --ah----- C:\sqmnoopt18.sqm

2008-08-28 21:58 . 2008-08-28 21:58 335 --a------ C:\WINDOWS\game.ini

2008-08-28 10:24 . 2008-08-28 10:24 268 --ah----- C:\sqmdata17.sqm

2008-08-28 10:24 . 2008-08-28 10:24 244 --ah----- C:\sqmnoopt17.sqm

2008-08-27 18:11 . 2008-08-27 18:11 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-08-27 18:03 . 2008-08-27 18:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-08-27 13:52 . 2008-08-27 13:52 268 --ah----- C:\sqmdata16.sqm

2008-08-27 13:52 . 2008-08-27 13:52 244 --ah----- C:\sqmnoopt16.sqm

2008-08-27 10:39 . 2008-08-27 10:39 268 --ah----- C:\sqmdata15.sqm

2008-08-27 10:39 . 2008-08-27 10:39 244 --ah----- C:\sqmnoopt15.sqm

2008-08-26 19:44 . 2008-08-26 19:44 268 --ah----- C:\sqmdata14.sqm

2008-08-26 19:44 . 2008-08-26 19:44 244 --ah----- C:\sqmnoopt14.sqm

2008-08-26 14:30 . 2008-08-26 14:30 268 --ah----- C:\sqmdata13.sqm

2008-08-26 14:30 . 2008-08-26 14:30 244 --ah----- C:\sqmnoopt13.sqm

2008-08-26 14:26 . 2008-08-26 14:26 268 --ah----- C:\sqmdata12.sqm

2008-08-26 14:26 . 2008-08-26 14:26 244 --ah----- C:\sqmnoopt12.sqm

2008-08-25 10:25 . 2008-08-25 10:25 268 --ah----- C:\sqmdata11.sqm

2008-08-25 10:25 . 2008-08-25 10:25 244 --ah----- C:\sqmnoopt11.sqm

2008-08-24 18:28 . 2008-08-24 18:28 268 --ah----- C:\sqmdata10.sqm

2008-08-24 18:28 . 2008-08-24 18:28 244 --ah----- C:\sqmnoopt10.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-21 21:08 --------- d-----w C:\Arquivos de programas\eMule

2008-09-21 01:24 --------- d-----w C:\Documents and Settings\Particular\Dados de aplicativos\uTorrent

2008-09-20 18:31 --------- d-----w C:\Arquivos de programas\Xfire

2008-09-20 18:29 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-18 12:33 --------- d-----w C:\Documents and Settings\Particular\Dados de aplicativos\Xfire

2008-09-17 01:49 137,728 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-13 00:26 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-13 00:26 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-09-11 18:16 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-09-10 01:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Pc Velho

2008-09-02 23:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-08-30 01:07 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-29 00:58 22,328 ----a-w C:\Documents and Settings\Particular\Dados de aplicativos\PnkBstrK.sys

2008-08-20 02:32 --------- d-----w C:\Arquivos de programas\Steam

2008-08-14 18:29 --------- d-----w C:\Arquivos de programas\Driver som

2008-08-13 22:39 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-08-13 22:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-12 23:06 --------- d-----w C:\Arquivos de programas\uTorrent

2008-08-11 23:07 --------- d-----w C:\Documents and Settings\Particular\Dados de aplicativos\Ubisoft

2008-08-11 23:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-08-11 22:58 --------- d-----w C:\Arquivos de programas\Ubisoft

2008-08-11 02:03 --------- d-----w C:\Documents and Settings\Particular\Dados de aplicativos\Microsoft Games

2008-08-10 04:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Codemasters

2008-08-10 04:14 --------- d-----w C:\Arquivos de programas\OpenAL

2008-08-10 04:00 --------- d-----w C:\Arquivos de programas\Codemasters

2008-08-09 23:21 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-08-09 23:21 --------- d-----w C:\Arquivos de programas\MSBuild

2008-08-06 23:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-06 23:54 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\Xfire

2008-08-05 20:51 --------- d-----w C:\Arquivos de programas\FlashGet

2008-08-04 18:23 --------- d-----w C:\Documents and Settings\Particular\Dados de aplicativos\teamspeak2

2008-08-04 18:23 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-08-03 22:54 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\Xfire

2008-08-03 21:17 16,608 ----a-w C:\WINDOWS\gdrv.sys

2008-08-03 20:11 --------- d-----w C:\Arquivos de programas\PC Wizard 2008 1.85.2

2008-08-03 14:27 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-08-03 13:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-06-27 14:23 16,875,008 ----a-w C:\WINDOWS\RTHDCPL.exe

2008-06-25 17:52 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2008-06-25 17:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Particular^Menu Iniciar^Programas^Inicializar^ReminderCube2.lnk]

path=C:\Documents and Settings\Particular\Menu Iniciar\Programas\Inicializar\ReminderCube2.lnk

backup=C:\WINDOWS\pss\ReminderCube2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Particular^Menu Iniciar^Programas^Inicializar^Xfire.lnk]

path=C:\Documents and Settings\Particular\Menu Iniciar\Programas\Inicializar\Xfire.lnk

backup=C:\WINDOWS\pss\Xfire.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-08-29 05:55 1966080 C:\WINDOWS\system32\xRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-01 10:21 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Css]

---hs---- 2008-09-17 01:13 479232 C:\Documents and Settings\Particular\css.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 19:20 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 06:39 486856 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2008-07-21 14:07 2752512 C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]

--a------ 2008-01-14 09:18 3182248 C:\Fraps\fraps.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2007-03-20 03:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-11-07 15:34 3739672 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Music Alarm Clock]

--a------ 2006-01-18 18:39 970240 C:\ARQUIV~1\MUSICA~1\mac.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sccs]

---hs---- 2008-09-17 01:13 103936 C:\Documents and Settings\Particular\sccs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]

--a------ 2007-09-11 18:34 1328640 C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-03-25 04:28 144784 C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2008-06-19 16:20 57344 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a------ 2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2008-06-27 11:23 16875008 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"NMIndexingService"=3 (0x3)

"NBService"=3 (0x3)

"GEST Service"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Flagship Studios\\Hellgate London\\Launcher.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Documents and Settings\\Particular\\Meus documentos\\RatioMaster-1.7.5\\RatioMaster.exe"=

"C:\\Arquivos de programas\\Xfire\\xfire.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Codemasters\\GRID\\GRID.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\PC Satellite TV\\PC Satellite TV.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]

S3 PciCon;PciCon;D:\PciCon.sys [ ]

S4 GEST Service;GEST Service for program management.;C:\Arquivos de programas\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]

.

- - - - ORFAOS REMOVIDOS - - - -

 

BHO-{3808166D-640F-4468-98E8-4E53AE1FF113} - C:\WINDOWS\system32\nnnljklj.dll

BHO-{4AA40991-0505-49DD-9586-DBDF6A3C04E6} - C:\WINDOWS\system32\byXqnLCs.dll

ShellExecuteHooks-{3808166D-640F-4468-98E8-4E53AE1FF113} - C:\WINDOWS\system32\nnnljklj.dll

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Particular\Dados de aplicativos\Mozilla\Firefox\Profiles\vimarfwp.default\

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 20:07:21

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\ComboFix\pv.cfexe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-21 20:10:03 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-09-21 23:09:59

 

Pre-Run: 16 pasta(s) 168.473.862.144 bytes disponíveis

Post-Run: 21 pasta(s) 169,347,399,680 bytes dispon¡veis

 

292 --- E O F --- 2008-09-10 06:01:18

 

 

PS: Parece q voltou a funcionar c for isso obridão kra c tiver mais coisas sou todo ouvidos

[Silas Martins 0]

Sigas as instruções abaixo:

 

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis

Aguardo retorno

[KuroLuffy 0]

O Bankerfix falou que nao encontrou nada de errado e o relatorio tah aki

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:15:11, on 22/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213906394218

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B32710-B03D-42CA-9E2D-4AC1B4304B19}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 5031 bytes

[KuroLuffy 0]

Se for isso, muito obrigado por me guiar durante o processo Silas Martins

[Silas Martins 0]

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[KuroLuffy 0]

MSNFix:

 

read file error: C:\DOCUME~1\PARTIC~1\CONFIG~1\Temp\winlogon.exe, O sistema não pode encontrar o arquivo especificado.

read file error: C:\DOCUME~1\PARTIC~1\CONFIG~1\Temp\services.exe, O sistema não pode encontrar o arquivo especificado.

read file error: C:\WINDOWS\system32\cftmon.exe, O sistema não pode encontrar o arquivo especificado.

 

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:22:43, on 24/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213906394218

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B32710-B03D-42CA-9E2D-4AC1B4304B19}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 4862 bytes

 

 

 

PS: Apareceu tambem uma pasta no desktop chamada "Upload_me", posso deleta-la, ou tenho q iniciar algum arquivo dela

[Silas Martins 0]

Log Limpo

O problema persiste?

 

 

Quanto a pasta upload-me pode sim ser deletada.

[KuroLuffy 0]

Não, o explorer.exe parou de reiniciar, Muuuuuuuuuuuuuito obrigado

[Silas Martins 0]

Denada.

Caso Resolvido

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.