[Arquivado] svchost.exe com problemas

ByaChan · Fevereiro 6, 2008

Gente... Preciso muito da ajuda de vocês

meu computador é WinXp SP1 e já estava com esse problema mais só de vez em quando..ai ontem eu resolvi instalar o SP2 e piorou ficou insuportavel..entao restaurei o sistema pra um ponto anterior..e não apareceu mais nada..mesmo assim de vez em quando apareçe..e eu quero instalar o SP2

Fiz o Log pelo HijackThis e jah passei o banker fix que não deu em nada

Logfile of HijackThis v1.99.1

Scan saved at 14:46:24, on 6/2/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\pctspk.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\Mobile Phone Manager\bin\Mobile Phone Manager.exe

C:\ARQUIV~1\MOBILE~1\bin\DESPROXY.exe

C:\ARQUIV~1\MOBILE~1\bin\SPHONE~1.EXE

C:\ARQUIV~1\MOBILE~1\bin\SCfgSrv.exe

C:\ARQUIV~1\MOBILE~1\bin\SCONTA~1.EXE

C:\ARQUIV~1\MOBILE~1\bin\MESSAG~1.EXE

C:\ARQUIV~1\MOBILE~1\bin\MPMPim.exe

C:\Arquivos de programas\Microsoft Office\Office\OUTLOOK.EXE

C:\ARQUIV~1\MOBILE~1\bin\SMESSE~1.EXE

C:\ARQUIV~1\MOBILE~1\SMARTS~1\xtndpc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [styler] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx

O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201725384343

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A352D8E5-25DE-4B83-872F-98842905DE04} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E174DAD-2266-4AA0-BF75-FEECD782110E}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

O21 - SSODL: JCGAH0GD - {1A1A1417-6041-64D6-158F-1AEB0B6E228D} - (no file)

O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Nakido - Unknown owner - C:\Arquivos de programas\Nakido\nakido.exe (file missing)

Estou muitoooo preucupada ...

Olha a imagem do erro ontem quando eu estava com o SP2 instalado e ele tbm apareçe da mesma forma com esse tal appcompat.txt e eles aparecem na pasta temp..então estou mto confusa.

Me ajudem...^^

jgarcia · Fevereiro 8, 2008

Opa ByaChan,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

ByaChan · Fevereiro 8, 2008

Segue os logs... ^^ O erro ainda continua aparecendo.. e a pasta que eles ficam nunca existe e ela sempre muda cada vez que aparece :blink:

ComboFix 08-02.05.3 - adm 2008-02-08 14:24:59.1 - NTFSx86

Executando de: C:\Documents and Settings\adm\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\iMeshBar

C:\Arquivos de programas\iMeshBar\bar\History\search

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\tmlpcert2007

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

hxxp://msgr.dlservice.microsoft.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))

.

2008-02-08 13:44 . 2001-10-28 13:06 387,584 --a------ C:\kmd.exe

2008-02-06 14:43 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-02-06 14:36 . 2008-02-06 18:43 <DIR> d-------- C:\LinhaDefensiva

2008-02-06 00:24 . 2008-02-06 00:24 <DIR> d-------- C:\Arquivos de programas\Sexy Dreams

2008-02-05 21:20 . 2008-02-05 21:20 <DIR> d-------- C:\WINDOWS\provisioning

2008-02-05 21:20 . 2004-08-04 00:37 424,960 --------- C:\WINDOWS\system32\html.iec

2008-02-05 21:20 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2008-02-05 21:20 . 2004-07-17 11:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod

2008-02-05 21:14 . 2008-02-05 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-02-05 20:57 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002397_.tmp

2008-02-05 16:02 . 2008-02-05 16:02 <DIR> d-------- C:\Arquivos de programas\SpeederXP

2008-02-04 22:33 . 2008-02-06 00:30 <DIR> d-------- C:\Documents and Settings\Pedro\Contacts

2008-02-04 21:02 . 2008-02-04 21:02 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-02-03 19:03 . 2008-02-03 20:58 <DIR> d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-02-03 19:01 . 2008-02-03 19:01 <DIR> d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Styler

2008-02-03 19:00 . 2003-01-26 00:27 <DIR> d--h----- C:\Documents and Settings\Pedro\Modelos

2008-02-03 19:00 . 2008-02-07 16:18 <DIR> dr------- C:\Documents and Settings\Pedro\Meus documentos

2008-02-03 19:00 . 2003-01-26 01:17 <DIR> dr------- C:\Documents and Settings\Pedro\Menu Iniciar

2008-02-03 19:00 . 2008-02-05 23:40 <DIR> dr------- C:\Documents and Settings\Pedro\Favoritos

2008-02-03 19:00 . 2008-02-05 23:39 <DIR> dr-h----- C:\Documents and Settings\Pedro\Dados de aplicativos

2008-02-03 19:00 . 2008-02-03 19:00 <DIR> d--h----- C:\Documents and Settings\Pedro\Configurações locais

2008-02-03 19:00 . 2003-01-26 01:17 <DIR> d--h----- C:\Documents and Settings\Pedro\Ambiente de rede

2008-02-03 19:00 . 2003-01-26 01:17 <DIR> d--h----- C:\Documents and Settings\Pedro\Ambiente de impressão

2008-02-03 18:48 . 2008-02-03 18:49 <DIR> d-------- C:\Vistart

2008-02-03 18:31 . 2008-02-03 18:32 <DIR> d-------- C:\Documents and Settings\adm\Dados de aplicativos\ViStart

2008-02-02 13:29 . 2008-02-02 13:30 960,470 --a------ C:\WINDOWS\system32\z4123xff

2008-01-30 18:40 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-01-30 18:40 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-01-30 18:40 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-01-30 18:40 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-01-19 18:29 . 2008-01-19 18:36 <DIR> d-------- C:\Documents and Settings\adm\.jSMS

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 02:24 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-03 18:11 --------- d-----w C:\Arquivos de programas\BitTorrent

2008-02-03 16:54 --------- d-----w C:\Arquivos de programas\MediaCoder

2008-01-22 22:15 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\MegauploadToolbar

2008-01-09 02:47 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\uTorrent

2008-01-06 21:09 --------- d-----w C:\Arquivos de programas\Winamp

2007-12-29 01:14 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\MEGAUPLOADTOOLBAR

2007-12-19 22:48 --------- d-----w C:\Documents and Settings\adm\Dados de aplicativos\BitTorrent

2005-08-18 03:21 18,491 ----a-w C:\WINDOWS\Fonts\charmed.zip

2005-08-16 02:00 16,505 ----a-w C:\WINDOWS\Fonts\HOOG0555.zip

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]

"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 15:08 13312]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2002-07-10 00:49 167936 C:\WINDOWS\system32\pctspk.exe]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2005-05-07 02:17 180269]

"LClock"="C:\Arquivos de programas\LClock\LClock.exe" [2004-09-20 01:27 65536]

"Styler"="C:\Arquivos de programas\Styler\Styler.exe" [2006-05-03 10:48 307200]

"avgnt"="C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 17:47 249896]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2005-04-19 23:27 98304]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 22:38 208953]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-10-28 13:06 44032]

"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 20:22 35328]

"SmartSync - ScheduleSync"="C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-10-21 16:20 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"hedgie"="C:\WINDOWS\System32\hedgie.exe" [ ]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-07 13:33 171448]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2007-08-30 22:52:24 110592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2002-09-09 15:08 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2002-08-28 22:38 208953 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-11-15 16:18 1670144 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

--a------ 2002-08-28 22:39 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2002-08-28 22:39 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2002-08-28 22:39 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-04-19 23:27 98304 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]

--a------ 2004-05-12 16:22 249856 C:\WINDOWS\System32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]

--a------ 2002-07-12 08:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2004-02-09 06:54 65024 C:\WINDOWS\SOUNDMAN.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-08 14:30:40

Windows 5.1.2600 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0