[Resolvido!] Explorer.exe - Fechando sózinho

Thiago Fatal1ty · Novembro 4, 2009

Havia recem instalado o windows, drivers e updates, alguns programas e etc.

Então, acabou a energia, deu queda na máquina(desligo) e quando voltou a energia liguei novamente.

Então o "Explorer.exe" começou a dar problema, sem mais nem menos, talvez por causa da queda de energia, segue primeiro o log do ComboFix:

* Uma dúvida, pelo decorrer do relatório, alguma entrada do registro/programa ou qualquer coisa foi "Removida" da máquina?

ComboFix 09-11-04.02 - Thiago 04/11/2009 17:00.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2494.2094 [GMT -2:00]

Executando de: c:\documents and settings\Thiago\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-1757981266-1659004503-1606980848-1003

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))

.

2009-11-04 18:43 . 2009-11-04 18:48 -------- d-----w- c:\windows\LastGood

2009-11-04 18:22 . 2009-11-04 18:22 -------- d-sh--w- c:\documents and settings\Thiago\PrivacIE

2009-11-04 17:54 . 2009-11-04 17:54 -------- d-sh--w- c:\documents and settings\Thiago\IECompatCache

2009-11-04 17:53 . 2009-11-04 17:53 -------- d-sh--w- c:\documents and settings\Thiago\IETldCache

2009-11-04 17:48 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-04 17:48 . 2009-11-04 17:48 -------- d-----w- c:\windows\ie8updates

2009-11-04 17:48 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-04 17:48 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-11-04 17:48 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-11-04 17:48 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-11-04 17:48 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-04 17:48 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-04 17:47 . 2009-11-04 17:48 -------- dc-h--w- c:\windows\ie8

2009-11-04 17:32 . 2009-11-04 18:26 -------- d-----r- C:\Thiago

2009-11-04 15:48 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-11-04 15:47 . 2009-11-04 15:47 -------- d-----w- c:\arquivos de programas\Panda Security

2009-11-04 15:31 . 2008-10-16 16:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-11-04 15:31 . 2008-10-16 16:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-11-03 16:31 . 2009-11-04 19:04 5107744 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-11-03 16:31 . 2009-11-03 16:47 -------- d-----w- C:\Virus Removal Tool

2009-11-03 16:31 . 2008-07-08 15:54 148496 ----a-w- c:\windows\system32\drivers\82080389.sys

2009-11-03 16:29 . 2009-11-04 15:31 -------- d-----w- c:\documents and settings\Thiago\Tracing

2009-11-03 16:28 . 2009-11-04 17:53 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-11-03 16:27 . 2009-11-04 17:36 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-03 16:27 . 2009-11-03 16:27 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-11-03 16:26 . 2009-11-03 16:27 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-03 16:15 . 2009-11-03 16:15 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-11-03 16:09 . 2009-11-03 16:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-11-02 23:44 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll

2009-11-02 23:44 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-11-02 23:44 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-11-02 23:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-11-02 23:44 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll

2009-11-02 23:44 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll

2009-11-02 23:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll

2009-11-02 23:44 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-02 23:44 . 2009-11-03 16:39 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-02 23:15 . 2009-11-02 23:15 198064 ----a-w- c:\documents and settings\Thiago\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

2009-11-02 23:15 . 2009-11-03 15:59 -------- d-----w- c:\documents and settings\Thiago\Dados de aplicativos\IDM

2009-11-02 23:15 . 2009-11-04 18:55 -------- d-----w- c:\documents and settings\Thiago\Dados de aplicativos\DMCache

2009-11-02 23:15 . 2009-11-02 23:16 -------- d-----w- c:\arquivos de programas\Internet Download Manager

2009-11-02 20:58 . 2009-11-02 20:58 -------- dc----w- c:\windows\system32\DRVSTORE

2009-11-02 20:58 . 2009-11-02 20:58 -------- d-----w- C:\Program Files

2009-11-02 20:58 . 2009-11-02 20:58 -------- d-----w- c:\arquivos de programas\Motorola

2009-11-02 20:58 . 2009-11-02 20:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2009-11-02 20:45 . 2009-11-02 20:45 -------- d-----w- c:\arquivos de programas\DoroPDFWriter

2009-11-02 20:36 . 2009-11-02 20:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-11-02 20:36 . 2009-11-02 20:36 -------- d-----w- c:\arquivos de programas\Real

2009-11-02 20:36 . 2009-11-02 20:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-11-02 20:25 . 2009-11-02 20:25 -------- d-----w- c:\documents and settings\Thiago\Dados de aplicativos\GRETECH

2009-11-02 20:24 . 2009-11-02 20:24 -------- d-----w- c:\arquivos de programas\GRETECH

2009-11-02 20:14 . 2009-11-02 20:14 -------- d-----w- c:\arquivos de programas\MSECache

2009-11-02 19:38 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-11-02 19:04 . 2007-04-09 15:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2009-11-02 19:03 . 2009-11-02 19:04 -------- d-----w- c:\windows\SHELLNEW

2009-11-02 19:03 . 2009-11-02 19:03 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-11-02 19:00 . 2009-11-02 19:00 -------- d-----r- C:\MSOCache

2009-11-02 18:58 . 2009-11-02 18:58 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2009-11-02 18:56 . 2009-11-02 18:56 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-02 17:58 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-11-02 17:53 . 2009-11-02 17:53 -------- d-----w- c:\windows\system32\XPSViewer

2009-11-02 17:53 . 2009-11-02 17:53 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-02 17:53 . 2009-11-02 17:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-11-02 17:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-11-02 17:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-11-02 17:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-11-02 17:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-11-02 17:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-11-02 17:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-11-02 17:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-11-02 17:48 . 2009-11-02 18:17 -------- d-----w- c:\windows\NV1212296.TMP

2009-11-02 16:38 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-11-02 16:38 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-11-02 16:38 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-11-02 16:34 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-11-02 16:20 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-11-02 16:20 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-11-02 16:15 . 2008-04-13 21:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2009-11-02 16:15 . 2008-04-13 21:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-11-02 06:47 . 2009-11-02 06:47 25214 ----a-r- c:\documents and settings\Thiago\Dados de aplicativos\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe

2009-11-02 06:47 . 2009-11-02 06:47 -------- d-----w- c:\arquivos de programas\Pro Imaging Powertoys

2009-11-02 06:46 . 2009-11-02 06:46 -------- d-----w- c:\windows\Downloaded Installations

2009-11-02 06:45 . 2009-11-02 16:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-02 06:43 . 2009-11-02 06:44 -------- d-----w- c:\windows\system32\Adobe

2009-11-02 06:41 . 2009-11-02 06:41 -------- d-----w- c:\windows\system32\URTTemp

2009-11-02 06:40 . 2009-11-02 06:40 -------- d-----w- c:\windows\Logs

2009-11-02 06:37 . 2009-11-02 06:37 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-02 06:37 . 2009-11-02 06:37 -------- d-----w- c:\arquivos de programas\Java

2009-11-02 06:34 . 2009-01-07 20:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2009-11-02 06:34 . 2009-11-04 17:48 -------- d--h--w- c:\windows\$hf_mig$

2009-11-02 06:31 . 2009-11-02 06:31 -------- d-sh--w- c:\documents and settings\Thiago\UserData

2009-11-02 06:30 . 2009-11-02 06:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Office Genuine Advantage

2009-11-02 06:28 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-11-02 06:24 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe

2009-11-02 06:23 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe

2009-11-02 06:23 . 2006-12-16 05:10 1191936 ------r- c:\windows\RtlUpd.exe

2009-11-02 06:23 . 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

2009-11-02 06:23 . 2006-05-04 08:35 9709568 ------r- c:\windows\RTLCPL.exe

2009-11-02 06:23 . 2006-12-21 08:26 4405248 ------r- c:\windows\system32\drivers\RtkHDAud.sys

2009-11-02 06:23 . 2006-12-19 03:12 16062464 ------r- c:\windows\RTHDCPL.exe

2009-11-02 06:23 . 2006-10-11 09:42 2157568 ------r- c:\windows\MicCal.exe

2009-11-02 06:23 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

2009-11-02 06:23 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe

2009-11-02 06:19 . 2009-11-02 06:19 -------- d-----w- c:\arquivos de programas\On-line Help Console

2009-11-02 06:18 . 2009-11-02 06:18 -------- d-----w- c:\windows\system32\Tools

2009-11-02 06:18 . 2009-11-02 06:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-11-02 06:18 . 2006-12-26 12:31 4864 ----a-r- c:\windows\system32\drivers\PortIo.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-04 17:58 . 2009-11-03 16:31 47240 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-11-02 20:36 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-11-02 20:36 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-11-02 19:12 . 2008-04-14 12:00 82770 ----a-w- c:\windows\system32\perfc016.dat

2009-11-02 19:12 . 2008-04-14 12:00 476876 ----a-w- c:\windows\system32\perfh016.dat

2009-11-02 06:23 . 2009-11-02 06:23 -------- d-----w- c:\arquivos de programas\Realtek

2009-11-02 06:23 . 2009-11-02 06:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-02 06:23 . 2009-11-02 06:23 315392 ----a-w- c:\windows\HideWin.exe

2009-11-02 05:48 . 2009-11-02 05:48 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-02 05:47 . 2009-11-02 05:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-02 05:46 . 2009-11-02 05:46 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-02 05:46 . 2009-11-02 05:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-08-06 21:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 21:23 . 2009-11-02 05:45 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 21:23 . 2009-11-02 05:45 1929952 ----a-w- c:\windows\system32\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-02 149280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-11-02 198160]

"DoroServer"="c:\arquivos de programas\DoroPDFWriter\DoroServer.exe" [2009-10-21 143360]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-19 16062464]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Thiago\Menu Iniciar\Programas\Inicializar\

WinColor.lnk - c:\arquivos de programas\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe [2005-10-31 371456]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [04/11/2009 13:48 28552]

R1 is-KRPS9drv;is-KRPS9drv;c:\windows\system32\drivers\82080389.sys [03/11/2009 14:31 148496]

R2 MotoConnect Service;MotoConnect Service;c:\arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe [02/11/2009 18:58 91392]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{500B15A1-83B2-4DCC-AB71-3763006D16C6}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-04 17:04

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spat.sys >>UNKNOWN [0x89E8F938]<<

kernel: MBR read successfully

user & kernel MBR OK

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA5FBB40 atapi.sys

\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA5FBB40 atapi.sys

\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA5FBB40 atapi.sys

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA5FBB40 atapi.sys

\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA5FBB40 atapi.sys

\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA5FBB40 atapi.sys

\Driver\atapi IRP hooks detected !

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€€|ÿÿÿÿÀ€|ù6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3168)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2009-11-04 17:05

ComboFix-quarantined-files.txt 2009-11-04 19:05

Pré-execução: 7 pasta(s) 10.135.785.472 bytes disponíveis

Pós execução: 11 pasta(s) 10.119.204.864 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

wings · Novembro 4, 2009

Por favor...

Leia a regra 2 antes de postar aqui.

Thiago Fatal1ty · Novembro 4, 2009

Já ia fazer isso!

Tinha lido, só postei o ComboFix primeiro para reiniciar a máquina, segue:

* Uma dúvidas: No log do ComboFix, o ComFix apagou algum registro do sistema, programa, música, qualquer tipo de dado, ou fez alguma alteração no sistema?

* O ComboFix solicitou a instalação do "Console de Recuperação do Windows" ele baixo e instalo quase tudo automaticamente, havia baixado o ComboFix daqui:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

O link esta certo? Ele podia instalar esse console de recuperação mesmo?

"Do a system scan only" em modo de segurança.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:50, on 04/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Thiago\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DoroServer] C:\Arquivos de programas\DoroPDFWriter\DoroServer.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: WinColor.lnk = C:\Arquivos de programas\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe

O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257348675703

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MotoConnect Service - Unknown owner - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--

End of file - 5358 bytes

Por favor...

Leia a regra'>http://forum.imasters.com.br/index.php?showtopic=165906"]regra 2 antes de postar aqui.

Já ia fazer isso!

Tinha ligo, só postei o ComboFix primeiro para reiniciar a máquina, segue: