[Resolvido!]Generic Host process for win32 service!

[aspdeco 0]

Pessoal, aparece essa msg quando entro na net!

me ajudem!..

 

log...

 

Logfile of HijackThis v1.99.1

Scan saved at 00:15:48, on 13/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa aspdeco,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado;

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[aspdeco 0]

Ola Jgarcia...

 

segue o conteúdo do ComboFix.txt ...

 

ComboFix 07-06-18.2 - F:\ComboFix.exe

"Deco" - 2007-06-22 19:40:16 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\install.exe

C:\WINDOWS\system32\msxml3a.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))

 

 

2007-06-22 19:40 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-20 15:05 <DIR> d-------- C:\DOCUME~1\Deco\WINDOWS

2007-06-20 15:05 <DIR> d-------- C:\Arquivos de programas\hp48 Explorer

2007-06-16 19:59 <DIR> d-------- C:\WINDOWS\pss

2007-06-15 16:14 <DIR> d-------- C:\DOCUME~1\Deco\DADOSD~1\Real

2007-06-15 16:14 <DIR> d-------- C:\Arquivos de programas\Real

2007-06-15 16:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-06-15 16:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-06-15 16:08 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe

2007-06-15 16:08 5,600 --a------ C:\WINDOWS\system\winaspi.dll

2007-06-15 16:08 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll

2007-06-15 16:08 4,672 --a------ C:\WINDOWS\system\wowpost.exe

2007-06-15 16:08 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll

2007-06-15 16:08 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll

2007-06-15 16:08 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-06-15 16:08 23,936 --a------ C:\WINDOWS\system32\drivers\aspi32.sys

2007-06-15 16:08 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll

2007-06-15 16:08 194,320 --a------ C:\WINDOWS\system32\qcut.dll

2007-06-15 16:08 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll

2007-06-15 16:08 10,240 --a------ C:\WINDOWS\system32\vidx16.dll

2007-06-15 16:08 <DIR> d-------- C:\Arquivos de programas\CyberLink

2007-06-14 11:47 <DIR> d-------- C:\Arquivos de programas\RM to AVI MPEG WMV VCD SVCD DVD Converter

2007-06-13 00:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-06-13 00:15 <DIR> d-------- C:\HijackThis

2007-06-13 00:02 <DIR> d-------- C:\DOCUME~1\Deco\Contacts

2007-06-12 22:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-06-12 22:46 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-06-12 18:38 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2007-06-12 18:35 <DIR> d-------- C:\Arquivos de programas\WinAVIVideoConverter

2007-06-12 13:24 <DIR> d-------- C:\Arquivos de programas\AnswerWorks 4.0

2007-06-12 13:20 <DIR> d-------- C:\DOCUME~1\Deco\DADOSD~1\Autodesk

2007-06-12 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Autodesk

2007-06-12 13:20 <DIR> d-------- C:\Arquivos de programas\AutoCAD 2006

2007-06-12 13:19 <DIR> d-------- C:\Arquivos de programas\Autodesk

2007-06-12 13:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2007-06-12 13:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-06-12 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

2007-06-12 11:54 <DIR> d-------- C:\DOCUME~1\Deco\DADOSD~1\Ahead

2007-06-12 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-06-12 11:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-12 11:32 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-06-12 11:30 <DIR> dr-h----- C:\MSOCache

2007-06-12 11:04 <DIR> d-------- C:\DOCUME~1\Deco\DADOSD~1\AdobeUM

2007-06-12 00:05 0 --a------ C:\WINDOWS\nsreg.dat

2007-06-11 23:45 <DIR> d-------- C:\Program Files

2007-06-11 23:44 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-06-11 23:44 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe

2007-06-11 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

2007-06-11 23:43 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-06-11 23:43 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-06-11 23:43 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-06-11 23:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-06-11 23:43 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-06-11 23:43 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-06-11 23:43 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-06-11 23:43 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll

2007-06-11 23:43 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-06-11 23:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-11 23:43 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-06-11 23:40 737,280 --a------ C:\WINDOWS\iun6002.exe

2007-06-11 23:40 <DIR> d-------- C:\DOCUME~1\Deco\DADOSD~1\BSplayer Pro

2007-06-11 23:40 <DIR> d-------- C:\Arquivos de programas\Webteh

2007-06-11 23:40 <DIR> d-------- C:\Arquivos de programas\Codec Pack - All In 1

2007-06-11 23:37 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-06-11 23:37 <DIR> d-------- C:\NVIDIA

2007-06-11 23:36 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-06-11 23:36 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-06-11 23:36 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-06-11 23:36 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-06-11 23:36 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-06-11 23:36 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-06-11 23:36 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-06-11 23:36 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-06-11 23:36 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-06-11 23:35 <DIR> d-------- C:\Arquivos de programas\Discador itelefonica

2007-06-11 23:34 <DIR> d--hs---- C:\RECYCLER

2007-06-11 23:32 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-06-11 23:27 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys

2007-06-11 23:23 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-06-11 23:23 <DIR> d-------- C:\WINDOWS\nview

2007-06-11 23:21 602,265 -ra------ C:\WINDOWS\system32\drivers\IntelC52.sys

2007-06-11 23:21 51,269 -ra------ C:\WINDOWS\system32\drivers\IntelC53.sys

2007-06-11 23:21 31,472 -ra------ C:\WINDOWS\system32\drivers\mohfilt.sys

2007-06-11 23:21 20,133 -ra------ C:\WINDOWS\system32\IntelCci.dll

2007-06-11 23:21 163,840 -ra------ C:\WINDOWS\system32\intelmoh.dll

2007-06-11 23:21 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2007-06-11 23:21 1,086,933 -ra------ C:\WINDOWS\system32\drivers\IntelC51.sys

2007-06-11 23:16 55,808 -ra------ C:\WINDOWS\system32\EtCoInst.dll

2007-06-11 23:16 19,456 -ra------ C:\WINDOWS\system32\IntelNic.dll

2007-06-11 23:16 176,128 -ra------ C:\WINDOWS\system32\drivers\e1000325.sys

2007-06-11 23:16 163,840 -ra------ C:\WINDOWS\system32\e1000msg.dll

2007-06-11 23:16 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe

2007-06-11 23:14 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-06-11 23:14 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2007-06-11 23:14 65,536 --a------ C:\WINDOWS\system32\a3d.dll

2007-06-11 23:14 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-06-11 23:14 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-06-11 23:14 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-06-11 23:14 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-06-11 23:14 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-12 16:19:08 61,618 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-06-12 16:19:08 413,480 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-06-12 02:00:55 -------- d-----w C:\Arquivos de programas\Serviços on-line

2007-06-12 02:00:00 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" []

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 14:40]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-06-15 16:14]

 

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-22 19:40:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-22 19:41:18

C:\ComboFix-quarantined-files.txt ... 2007-06-22 19:41

 

--- E O F ---

 

 

 

abraços...

[jgarcia 1]

Opa aspdeco,

 

O problema persiste?

[aspdeco 0]

Ola Jgarcia...aparentemente, o problema acabou!...uma duvida: isso tem a ver com o Firewall do windows?? pois o deixo desabilitado!...e se tem problema não usá-lo?abraços...

[jgarcia 1]

Opa aspdeco,

 

Fico feliz por saber que o problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

... quanto às suas dúvidas:

uma duvida: isso tem a ver com o Firewall do windows?? pois o deixo desabilitado!

O problema não possui relação com o Firewall do Windows.

 

...e se tem problema não usá-lo?

Não, mas sugiro que instale um Firewall em sua máquina -> Comodo Firewall Pro. Este é eficaz, leve e gratuito. ;)

 

Abraços.

[aspdeco 0]

Obrigado por responder!...e agora tá tudo certo aqui....Valeu amigo!...

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.

[Pantoja 5]

me ajudou aqui... tive o mesmo problema e to passando o Combofix para ver se resolve... abraços grande Garcia!