[Arquivado]PC sempre reiniciando sozinho

Beloc · Junho 5, 2007

Meu PC está reiniciando sozinho, começou estre problema depois q a CPU passou a demorar a ligar (às vezes cerca de 1-2 minutos!). Segue o log do Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 21:14:16, on 4/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

F:\Arquivos de programas\QuickTime\qttask.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\BitTorrent\bittorrent.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

F:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\DOCUME~1\Egline\CONFIG~1\Temp\Diretório temporário 2 para hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Arquivos de programas\Orbit\orbitcth.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - F:\Arquivos de programas\NavExcel Search Toolbar\NavExcelBar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - F:\Arquivos de programas\NavExcel Search Toolbar\NavExcelBar.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Office XP crack (nao remover)] F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [HP Software Update] F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eSnips] "F:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Picasa Media Detector] F:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WrCtrl] "F:\Arquivos de programas\Kerio\WinRoute Firewall\WrCtrl.exe"

O4 - HKCU\..\Run: [bitTorrent] "F:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: BrOffice.org 2.0.lnk = F:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://F:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?25ee46cbbdc94a53b82bdaaea1fc9912

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?25ee46cbbdc94a53b82bdaaea1fc9912

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: F:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl220bf2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egline.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{86E68754-F89F-4DFE-9D57-9576C16A385D}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

DigRam · Junho 7, 2007

Bom Dia Beloc!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Beloc · Junho 7, 2007

configurei p não reiniciar em caso de erro, e agora aparece a famosa tela azul c o erro nv4_disp (loop infinito). Já desisnstalei a placa e reinstalei a nova versão do driver, mas o erro persiste. Estou baixando o Combofix e em breve posto o relatório.Obrigada.

Beloc · Junho 7, 2007

COMBOFIX

"Bel" - 2007-06-07 13:27:08 Service Pack 2 NTFS

ComboFix 07-06-3B - Running from: "F:\Documents and Settings\Bel\Desktop\"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

F:\WINDOWS\system32\installer.exe

F:\WINDOWS\system32\packet.dll

F:\WINDOWS\system32\pthreadVC.dll

F:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NPF

-------\NPF

((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))

2007-06-07 13:04 1,950 --a------ F:\WINDOWS\system32\drivers\REGISTER.SYS

2007-06-07 13:04 <DIR> d-------- F:\Arquivos de programas\Your Company Name

2007-06-07 12:12 <DIR> d-------- F:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-06-07 12:04 208,896 --a------ F:\WINDOWS\system32\NVUNINST.EXE

2007-06-07 12:04 208,896 --a------ F:\WINDOWS\system32\nvudisp.exe

2007-06-07 12:04 <DIR> d-------- F:\WINDOWS\nview

2007-06-07 11:45 8 --a------ F:\WINDOWS\system32\nvModes.dat

2007-06-06 22:19 <DIR> d-------- F:\WINDOWS\system32\SoftwareDistribution

2007-06-06 21:51 <DIR> d-------- F:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

2007-06-06 21:48 664 --a------ F:\WINDOWS\system32\d3d9caps.dat

2007-06-06 21:00 552 --a------ F:\WINDOWS\system32\d3d8caps.dat

2007-06-05 16:21 94,208 --a------ F:\WINDOWS\amcap.exe

2007-06-05 16:21 53,248 --a------ F:\WINDOWS\system32\dsnpstd3.dll

2007-06-05 16:21 286,720 --a------ F:\WINDOWS\vsnpstd3.exe

2007-06-05 16:20 61,440 --a------ F:\WINDOWS\system32\csnpstd3.dll

2007-06-05 16:20 57,344 --a------ F:\WINDOWS\system32\rsnpstd3.dll

2007-06-05 16:20 419,200 --a------ F:\WINDOWS\system32\drivers\snpstd3.sys

2007-06-05 16:20 36,864 --a------ F:\WINDOWS\system32\vsnpstd3.dll

2007-06-05 16:20 20,480 --a------ F:\WINDOWS\usnpstd3.exe

2007-06-05 16:20 <DIR> d-------- F:\Arquivos de programas\Arquivos comuns\snpstd3

2007-05-30 21:09 63,488 --a------ F:\WINDOWS\system32\unam4ie.exe

2007-05-30 21:09 5,600 --a------ F:\WINDOWS\system\winaspi.dll

2007-05-30 21:09 4,672 --a------ F:\WINDOWS\system\wowpost.exe

2007-05-30 21:09 4,608 --a------ F:\WINDOWS\system32\w95inf32.dll

2007-05-30 21:09 38,160 --a------ F:\WINDOWS\system32\LMRTREND.dll

2007-05-30 21:09 23,936 --a------ F:\WINDOWS\system32\drivers\aspi32.sys

2007-05-30 21:09 2,272 --a------ F:\WINDOWS\system32\w95inf16.dll

2007-05-30 21:09 194,320 --a------ F:\WINDOWS\system32\qcut.dll

2007-05-30 21:09 182,032 --a------ F:\WINDOWS\system32\dxtmsft3.dll

2007-05-30 21:09 10,240 --a------ F:\WINDOWS\system32\vidx16.dll

2007-05-29 21:55 <DIR> d-------- F:\Arquivos de programas\DVD Decrypter

2007-05-29 21:50 57,344 --a------ F:\WINDOWS\remover.dll

2007-05-29 21:50 327,680 --a------ F:\WINDOWS\nxstinst.exe

2007-05-29 21:50 <DIR> d-------- F:\Arquivos de programas\NavExcel Search Toolbar

2007-05-29 21:50 <DIR> d-------- F:\Arquivos de programas\Burn4Free

2007-05-18 22:11 <DIR> d-------- F:\DOCUME~1\Egline\DADOSD~1\BitTorrent

2007-05-18 21:05 <DIR> d-------- F:\DOCUME~1\Renato\DADOSD~1\SecondLife

2007-05-12 09:57 <DIR> d-------- F:\DOCUME~1\Egline\DADOSD~1\CyberLink

2007-05-12 09:45 <DIR> d-------- F:\Arquivos de programas\USBToolbox

2007-05-08 19:58 <DIR> d-------- F:\DOCUME~1\Egline\DADOSD~1\Media Player Classic

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 14:46:37 -------- d-----w F:\Arquivos de programas\Mozilla Thunderbird

2007-06-07 13:39:41 -------- d-----w F:\DOCUME~1\Bel\DADOSD~1\BrOffice.org2

2007-06-07 01:20:08 -------- d--h--w F:\Arquivos de programas\WindowsUpdate

2007-06-06 23:49:57 -------- d-----w F:\Arquivos de programas\BitTorrent

2007-06-06 23:49:33 -------- d-----w F:\DOCUME~1\Bel\DADOSD~1\Lavasoft

2007-06-06 23:49:22 -------- d-----w F:\Arquivos de programas\Yahoo!

2007-06-05 22:29:18 -------- d-----w F:\Arquivos de programas\EA GAMES

2007-06-05 19:20:57 -------- d--h--w F:\Arquivos de programas\InstallShield Installation Information

2007-05-31 00:09:37 -------- d-----w F:\Arquivos de programas\CyberLink

2007-05-30 00:44:07 -------- d-----w F:\Arquivos de programas\DVD Region+CSS Free

2007-05-30 00:17:54 -------- d-----w F:\Arquivos de programas\lg_fwupdate

2007-05-24 00:27:11 -------- d-----w F:\Arquivos de programas\LimeWire

2007-05-19 00:16:29 -------- d-----w F:\Arquivos de programas\Messenger Plus! Live

2007-05-19 00:04:29 -------- d-----w F:\Arquivos de programas\KAIZEN Games

2007-05-07 00:52:59 -------- d-----w F:\DOCUME~1\Bel\DADOSD~1\Skype

2007-05-04 13:59:37 -------- d-----w F:\Arquivos de programas\QuickTime

2007-05-04 13:48:52 -------- d-----w F:\Arquivos de programas\Apple Software Update

2007-04-25 21:23:26 -------- d-----w F:\Arquivos de programas\Picasa2

2007-04-24 22:01:09 -------- d-----w F:\Arquivos de programas\Google

2007-04-24 21:59:03 -------- d-----w F:\Arquivos de programas\Paint.NET

2007-04-22 10:56:40 -------- d-----w F:\Arquivos de programas\Programas SRF

2007-04-17 15:51:10 -------- d-----w F:\Arquivos de programas\Windows Live Toolbar

2007-04-17 15:51:10 -------- d-----w F:\Arquivos de programas\Super DVD Creator4.0

2007-04-17 15:51:09 -------- d-----w F:\Arquivos de programas\Real Alternative

2007-04-17 01:47:36 33,624 ----a-w F:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w F:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w F:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w F:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w F:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w F:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w F:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w F:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{000123B4-9B42-4900-B3F7-F4B073EFC214}=F:\Arquivos de programas\Orbit\orbitcth.dll []

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=F:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=F:\Arquivos de programas\Windows Live Toolbar\msntb.dll [2006-07-07 17:27]

{D80C4E21-C346-4E21-8E64-20746AA20AEB}=F:\Arquivos de programas\NavExcel Search Toolbar\NavExcelBar.dll [2007-05-29 21:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"Adobe Photo Downloader"="F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]

"Office XP crack (nao remover)"="F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe" [2001-06-16 22:21]

"HP Software Update"="F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"ClientGW"="" []

"eSnips"="F:\Arquivos de programas\eSnips\ClientGW.exe" []

"avgnt"="F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-19 21:32]

"InCD"="F:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"Picasa Media Detector"="F:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-01-31 23:52]

"QuickTime Task"="F:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]

"nwiz"="nwiz.exe" [2006-10-22 12:22 F:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"BitTorrent"="F:\Arquivos de programas\BitTorrent\bittorrent.exe" []

"Free Download Manager"="F:\Arquivos de programas\Free Download Manager\fdm.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"="F:\ARQUIV~1\DVDREG~1\DVDShell.dll" [2004-10-09 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"F:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder

2007-06-01 13:37:01 F:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-06-07 16:28:07 F:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-07 13:35:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-07 13:37:12 - machine was rebooted

F:\ComboFix-quarantined-files.txt ... 2007-06-07 13:37

--- E O F ---

HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 13:41:49, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

F:\Arquivos de programas\QuickTime\qttask.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\notepad.exe

F:\DOCUME~1\Bel\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe