[Arquivado] I.E. fechando quase sempre...

vgomespt · Fevereiro 7, 2008

Boas...

Meu I.E. vai e volta e fecha todas as páginas abertas, a versão é 6.0 no meu firefox tudo tranquilo...Alguma idéia de alguma praga que tá fazendo isso ?! Alguma atualização do microsoft para esta versão ? Não tô muito afim de instalar a ver. 7.

Hã, não dá nenhuma msg de erro, simplesmente fecham...uso o avg e o spybot e parece estar ok, mas, vou postar aqui,...

Logfile of HijackThis v1.99.1

Scan saved at 14:40:31, on 07-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.pt/s/v/24.11/uploader2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF635BC-10ED-43F6-BD45-801C307B9558}: NameServer = 195.245.176.19 194.38.131.19

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

jgarcia · Fevereiro 9, 2008

Opa vgomespt,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

vgomespt · Fevereiro 12, 2008

beleza JGarcia !

Eu já tinha instalado o I.E. 7 e algumas actualizações que não iam pelo automático, ainda fiz manualmente, mas persistiu o problema....passei combofix agora...

ComboFix 08-02-12.1 - Vladmir 2008-02-12 9:12:33.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.202 [GMT 0:00]

Executando de: C:\Documents and Settings\Vladmir\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\drivers\down

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

hxxp://go.microsoft.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))

.

2008-02-11 15:32 . 2008-02-11 15:32 <DIR> d-------- C:\Arquivos de programas\VIGOS Gsitemap 0.97a

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-02-11 14:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-02-11 14:50 . 2008-02-11 14:50 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-02-09 09:46 . 2008-02-09 09:46 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-02-09 09:43 . 2008-02-09 10:50 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-02-06 20:31 . 1999-10-12 14:36 137,572 --a------ C:\WINDOWS\cep1unin.exe

2008-02-06 20:31 . 2008-02-08 22:09 258 --a------ C:\WINDOWS\coolmp3.ini

2008-02-06 20:29 . 2008-02-08 22:44 18,428 --a------ C:\WINDOWS\Cool.ini

2008-02-06 20:29 . 2008-02-08 22:44 10,705 --a------ C:\WINDOWS\coolcust.ini

2008-02-06 20:29 . 2008-02-08 22:44 0 --a------ C:\WINDOWS\COOLSYS.INI

2008-02-06 13:45 . 2008-02-06 13:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nullsoft

2008-01-30 18:15 . 2008-01-30 18:16 12,366,732 --------- C:\avg7qt.dat

2008-01-28 11:10 . 2008-01-28 11:10 <DIR> d-------- C:\Arquivos de programas\SourceTec

2008-01-28 11:10 . 2008-01-28 11:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec

2008-01-17 13:37 . 2008-01-17 13:37 <DIR> d-------- C:\Arquivos de programas\Whiz FTP

2008-01-15 23:41 . 2008-01-15 23:41 <DIR> dr-h----- C:\$VAULT$.AVG

2008-01-15 20:03 . 2008-01-15 20:03 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\AVG7

2008-01-15 20:02 . 2008-01-15 20:02 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Vladmir\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\vlad\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\rosely\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Administrador.MASTER-BDEFA930\Configuraþ§es locais

2008-01-14 12:54 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-01-14 12:53 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\mtbraaoaoolx.sys

2008-01-14 02:19 . 2008-01-14 02:19 <DIR> d-------- C:\Arquivos de programas\Unlocker

2008-01-14 01:07 . 2008-01-14 01:07 140,288 --a------ C:\vcleaner.exe

2008-01-13 21:51 . 2008-01-13 21:51 <DIR> d-------- C:\Documents and Settings\Vladmir\.housecall6.6

2008-01-13 20:59 . 2008-01-13 20:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-01-13 13:02 . 2008-01-13 13:03 351,612 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-01-13 11:00 . 2008-01-13 11:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-13 11:00 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab

2008-01-13 01:41 . 2008-01-13 01:41 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\Simply Super Software

2008-01-13 01:41 . 2008-01-13 01:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Simply Super Software

2008-01-13 01:41 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-01-13 01:41 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-01-13 01:41 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-01-13 01:41 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-01-13 01:41 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-13 01:21 . 2008-01-13 01:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2008-01-12 21:55 . 2008-01-12 21:55 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\Uniblue

2008-01-12 21:29 . 2008-01-12 21:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

2008-01-12 17:14 . 2008-01-12 17:14 <DIR> d-------- C:\!KillBox

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-21 13:52 160,349 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe

2007-12-20 15:28 --------- d-----w C:\Documents and Settings\Vladmir\Dados de aplicativos\Wings3D

2007-12-18 21:44 88,376 ----a-w C:\Documents and Settings\Vladmir\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-12-11 12:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-12-11 12:27 286,720 ------w C:\WINDOWS\Setup1.exe

2007-12-10 23:50 56,976 ----a-w C:\WINDOWS\system32\GenSvcInst.exe

2007-12-10 23:50 122,512 ----a-w C:\WINDOWS\system32\bgsvcgen.exe

2007-10-13 16:35 36,868 ----a-w C:\Arquivos de programas\uninst-Particular.exe

2004-01-31 19:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe

2003-07-14 23:54 205,734,144 ----a-w C:\Documents and Settings\Vladimir\videocd.bin

2006-01-28 09:57 80 --sha-r C:\WINDOWS\Ct4set.bin

2007-09-19 21:43 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-09-19 21:43 88 --sh--r C:\WINDOWS\system32\5DEDD50FB4.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

"SpybotSD TeaTimer"="E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 20:02 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-01-15 20:02 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vladmir^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Vladmir\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vladmir^Menu Iniciar^Programas^Inicializar^WinMySQLadmin.lnk]

path=C:\Documents and Settings\Vladmir\Menu Iniciar\Programas\Inicializar\WinMySQLadmin.lnk

backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-01-15 20:02 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelCorelDRAW10 Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy PDF Creator]

--a------ 2004-02-09 09:50 463872 E:\Arquivos de programas\Easy PDF Creator\EasyPDFCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2002-11-03 22:13 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Arquivos de programas\MSN Apps\Updater\01.02.0002.1001\pt-br\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2006-01-24 20:31 7094272 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

C:\ARQUIV~1\NEWDOT~1\NEWDOT~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-08-17 21:48 439872 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-24 03:24 282624 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]

--a------ 2003-01-13 14:15 86016 C:\Arquivos de programas\Arquivos comuns\Roxio Shared\Upgrade\RoxAssist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

--a------ 2003-01-09 09:21 253952 C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2003-01-13 10:19 757760 C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

--a------ 2003-01-13 14:05 69632 C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]

--a------ 2002-06-06 11:15 861184 C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 16:46 1460560 E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StillImageMonitor]

C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2004-02-22 23:44 32881 C:\Arquivos de programas\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

E:\Arquivos de programas\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2006-09-07 17:19 15872 C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

C:\Arquivos de programas\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

E:\Arquivos de programas\windows_defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WinDefend"=2 (0x2)

"XAMPP"=2 (0x2)

"SoundMAX Agent Service (default)"=2 (0x2)

"Service1"=2 (0x2)

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"ProtexisLicensing"=2 (0x2)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"CCALib8"=2 (0x2)

"Bonjour Service"=2 (0x2)

"bgsvcgen"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"Adobe LM Service"=3 (0x3)

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]

R2 HWiNFO32;HWiNFO32 Kernel Driver;E:\Programas\HWiNFO32\HWiNFO32.SYS [2005-11-03 13:44]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-12 09:16:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-02-12 9:19:40

ComboFix2.txt 2008-01-15 19:56:10

ComboFix-quarantined-files.txt 2008-02-12 09:19:38

.

2008-02-09 10:42:56 --- E O F ---

------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 09:29, on 2008-02-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe