[Resolvido!]status 203 e services.exe

marrucci · Julho 21, 2007

Estou tendo problemas no meu computador, que, depois de um tempo ele da um aviso que vai reiniciar por causa do status 203/204 e services.exe

Ele nao reinicia rapido, quer dizer, tem vez que eu to mexendo nele por 2 3 hrs e renicia, mas tem vez que leva 10 15 mins.

Mesmo nao reiniciando, ele fica EXTREMAMENTE lento,a ponto de eu precisar mandar reinicia, trava os programas,principalmente o firefox, etc...

Ja passei 3 antivirus diferentes (avg,avast e kaspersky) e eles nao encontram nada...

Levei 1hr+ pra consegui o log do hijackthis por msn do meu pc pra esse oO

Log do hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 17:12 Lucas, on 21/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SpeedItUpExtreme\SpeedItUpEx.exe

C:\Arquivos de programas\Arquivos comuns\Authentium\AntiVirus\dvpapi.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\windows\system32\nvsvc32.exe

C:\Arquivos de programas\Pure Networks\Network Magic\nmsrvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

C:\windows\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)

O2 - BHO: (no name) - {6BD7ED1D-550D-4A22-AA45-21266D969254} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe" -autorun

O4 - HKLM\..\Run: [seePassword] C:\Arquivos de programas\SeePassword\SeePassword.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [speedItUpEX] "C:\Arquivos de programas\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://onecare.live.com

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160588460290

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDC01C9-B7E1-4309-AD30-EFA28DE9EFD5}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\puresp3.dll

O20 - Winlogon Notify: awvtt - C:\windows\

O20 - Winlogon Notify: klogon - C:\windows\system32\klogon.dll

O20 - Winlogon Notify: rqrspol - rqrspol.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: DomainService - Unknown owner - C:\windows\system32\fcrygudt.exe (file missing)

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Arquivos de programas\Arquivos comuns\Authentium\AntiVirus\dvpapi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Arquivos de programas\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Arquivos de programas\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

jgarcia · Julho 23, 2007

Opa marrucci,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

marrucci · Julho 24, 2007

"Usuario" - 2007-07-23 23:58:23 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Arquivos de programas\download plugin

C:\Arquivos de programas\download plugin\DlPlugin-Moz\buddy.dat

C:\Arquivos de programas\download plugin\DlPlugin-Moz\vendor.txt

C:\DOCUME~1\Usuario\MEUSDO~1.\racle~1

C:\windows\system32\xpdx.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

-------\DomainService

-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

2007-07-23 23:55 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-23 14:52 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\TransRender

2007-07-23 14:52 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\Temporary

2007-07-23 14:52 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\ConvertTemp

2007-07-23 04:07 <DIR> d-------- C:\LinhaDefensiva

2007-07-20 04:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-07-20 04:41 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-07-20 04:41 163,840 --a------ C:\WINDOWS\system32\unrar.dll

2007-07-20 04:41 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-07-20 04:20 129,024 --a------ C:\WINDOWS\UNWISE.EXE

2007-07-19 20:56 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-07-19 20:56 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-19 20:56 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-19 20:56 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-19 20:56 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-19 20:56 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-19 20:56 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-19 20:55 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-07-19 20:28 <DIR> d-------- C:\Arquivos de programas\Bug Doctor

2007-07-19 14:03 <DIR> d-------- C:\DOCUME~1\Usuario\.SunDownloadManager

2007-07-16 22:47 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-07-16 22:47 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\Hamachi

2007-07-16 03:03 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\Azureus

2007-07-16 03:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Azureus

2007-07-16 03:02 <DIR> d-------- C:\Arquivos de programas\Azureus

2007-07-15 02:40 <DIR> d-------- C:\Arquivos de programas\EA SPORTS

2007-07-11 23:22 <DIR> d-------- C:\Arquivos de programas\SystemRequirementsLab

2007-07-09 17:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2007-07-09 17:24 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2007-07-09 17:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2007-07-09 16:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-09 16:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-09 16:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-09 16:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-09 16:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-09 16:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-09 16:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-09 16:05 740,442 --a------ C:\WINDOWS\system32\DivX.dll

2007-07-09 16:05 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-09 16:05 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-09 16:05 57,344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-09 16:05 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-09 16:05 344,064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-09 16:05 294,912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-09 16:05 294,912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-09 16:05 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-09 16:05 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-07-09 16:05 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-04 19:03 <DIR> d-------- C:\Arquivos de programas\Stardock

2007-07-04 19:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

2007-06-27 19:22 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2007-06-27 19:10 <DIR> d-------- C:\ConvertTemp

2007-06-27 19:08 <DIR> d-------- C:\DOCUME~1\Usuario\DADOSD~1\Samsung

2007-06-27 18:11 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys

2007-06-27 18:11 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys

2007-06-27 18:11 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys

2007-06-27 18:11 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys

2007-06-27 18:11 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys

2007-06-27 18:11 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys

2007-06-27 18:11 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys

2007-06-27 18:11 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2007-06-27 18:11 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs

2007-06-27 18:11 <DIR> d-------- C:\Arquivos de programas\Samsung

2007-06-25 01:39 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat

2007-06-25 01:39 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat

2007-06-25 01:38 475,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2007-06-25 01:38 12,067,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-06-25 01:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

2007-06-25 01:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

2007-06-25 01:38 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 03:37:10 42,356 --sha-w C:\windows\system32\drivers\fidbox2.idx

2007-07-24 03:37:10 162,644 --sha-w C:\windows\system32\drivers\fidbox.idx

2007-07-23 19:47:07 -------- d-----w C:\Arquivos de programas\Warcraft III

2007-07-23 17:58:18 -------- d-----w C:\Arquivos de programas\eMule

2007-07-20 07:41:42 -------- d-----w C:\Arquivos de programas\DivX

2007-07-18 21:30:09 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-07-18 21:30:09 -------- d-----w C:\Arquivos de programas\Atari

2007-07-16 06:24:31 359,808 ----a-w C:\windows\system32\drivers\TCPIP.SYS

2007-07-14 01:59:31 -------- d-----w C:\Arquivos de programas\Full Tilt Poker

2007-07-08 07:18:03 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\BitTorrent

2007-06-29 21:52:20 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Atari

2007-06-29 21:34:31 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Ahead

2007-06-28 21:54:10 180,224 ----a-w C:\windows\system32\xvidvfw.dll

2007-06-28 21:52:18 765,952 ----a-w C:\windows\system32\xvidcore.dll

2007-06-27 22:21:32 560,640 ----a-w C:\windows\system32\qedit.dll

2007-06-27 22:17:32 359,808 ----a-w C:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2007-06-25 17:02:34 920,933 --sh--w C:\windows\system32\ttvwa.ini2

2007-06-24 21:48:02 976,384 --sh--w C:\windows\system32\ttvwa.bak2

2007-06-22 00:53:13 918,609 --sh--w C:\windows\system32\ttvwa.bak1

2007-06-20 17:08:39 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-06-20 17:06:11 -------- d-----w C:\Arquivos de programas\Nero

2007-06-19 03:17:48 -------- d-----w C:\Arquivos de programas\iTunes

2007-06-19 03:17:36 -------- d-----w C:\Arquivos de programas\iPod

2007-06-19 03:17:09 -------- d-----w C:\Arquivos de programas\QuickTime Alternative

2007-06-19 03:16:37 -------- d-----w C:\Arquivos de programas\Apple Software Update

2007-06-19 03:13:47 -------- d-----w C:\Arquivos de programas\Media Player Classic

2007-06-19 02:49:01 -------- d-----w C:\Arquivos de programas\Google

2007-06-19 00:53:54 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Media Player Classic

2007-06-19 00:53:34 5 --sha-w C:\windows\system32\ffdfbdbe7_d.dll

2007-06-19 00:13:08 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Apple Computer

2007-06-18 02:51:44 -------- d-----w C:\Arquivos de programas\Styler

2007-06-18 02:51:39 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Styler

2007-06-18 02:48:11 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Stardock

2007-06-18 02:48:11 -------- d-----w C:\Arquivos de programas\VisualTooltip

2007-06-18 02:47:55 -------- d-----w C:\Arquivos de programas\LClock

2007-06-17 18:46:26 108,765 ----a-w C:\windows\War3Unin.dat

2007-06-17 14:22:17 -------- d-----w C:\Arquivos de programas\Ocean Technology

2007-06-16 02:14:08 2,829 ----a-w C:\windows\War3Unin.pif

2007-06-16 02:14:08 139,264 ----a-w C:\windows\War3Unin.exe

2007-06-13 15:27:12 -------- d--h--r C:\DOCUME~1\Usuario\DADOSD~1\SecuROM

2007-06-10 01:01:33 -------- d-----w C:\Arquivos de programas\VstPlugins

2007-06-09 23:04:35 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Propellerhead Software

2007-06-09 23:04:28 233,472 ----a-w C:\windows\system32\REX Shared Library.dll

2007-06-09 21:57:46 -------- d-----w C:\Arquivos de programas\Ad Muncher

2007-06-09 21:54:42 -------- d-----w C:\Arquivos de programas\TGTSoft

2007-06-09 17:41:51 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Ethereal

2007-06-09 17:40:15 -------- d-----w C:\Arquivos de programas\WinPcap

2007-06-09 17:35:45 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\SurfSecret

2007-06-09 00:19:26 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Authentium

2007-06-09 00:13:59 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\iolo

2007-06-07 14:37:25 5,638 ----a-w C:\windows\mozver.dat

2007-06-06 16:35:09 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-06-04 14:55:03 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\GetRightToGo

2007-06-02 23:24:03 -------- d-----w C:\Arquivos de programas\Multi_Media

2007-05-30 12:10:42 10,872 ----a-w C:\windows\system32\drivers\AvgAsCln.sys

2007-05-28 19:58:52 206,352 ----a-w C:\windows\system32\klogon.dll

2007-05-28 19:58:06 22,354 ----a-w C:\windows\system32\drivers\klop.dat

2007-05-25 22:47:36 -------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-05-24 16:54:57 98,304 ----a-w C:\windows\system32\CmdLineExt.dll

2007-05-24 16:50:29 -------- d-----w C:\DOCUME~1\Usuario\DADOSD~1\Leadertech

2007-05-24 16:20:45 682,232 ----a-w C:\windows\system32\drivers\sptd.sys

2007-05-24 16:13:57 -------- d-----w C:\Arquivos de programas\WinISO

2007-05-20 19:38:53 724,992 ----a-w C:\windows\iun6002.exe

2007-05-18 22:20:00 0 ----a-w C:\windows\system32\Ultra.dll

2007-05-17 18:52:01 0 ----a-r C:\logwmemory.bin

2007-05-16 12:42:22 972,336 ----a-w C:\windows\UNNeroMediaHome.exe

2007-05-15 12:45:14 972,336 ----a-w C:\windows\UNNeroVision.exe

2004-10-01 18:00:16 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD7ED1D-550D-4A22-AA45-21266D969254}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nmapp"="C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 23:04]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-07-19 14:43]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-10-27 13:23]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-28 16:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspol]

rqrspol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]

winrvc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=C:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Run Google Web Accelerator.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Run Google Web Accelerator.lnk

backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Usuario^Menu Iniciar^Programas^Inicializar^Yahoo! Widget Engine.lnk]

path=C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Yahoo! Widget Engine.lnk

backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

C:\Arquivos de programas\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "C:\windows\system32\yaewsuec.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

"C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Arquivos de programas\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

C:\Arquivos de programas\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]

C:\Arquivos de programas\SeePassword\SeePassword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]

"C:\Arquivos de programas\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"C:\Arquivos de programas\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

C:\Arquivos de programas\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]

C:\Arquivos de programas\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

C:\Arquivos de programas\VisualTooltip\VisualToolTip.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

"Microsoft Office Outlook"=C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle

Contents of the 'Scheduled Tasks' folder

2007-07-20 20:15:00 C:\windows\tasks\1-Click Maintenance.job

2007-07-17 16:35:00 C:\windows\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-24 00:39:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E14CF661-338A-C97D-7316-813A911E2B63}]

"iakgogpkefjmlfpbgh"=hex:6b,61,64,69,6f,6d,67,64,63,68,6a,6b,63,66,6c,61,65,63,69,69,6c,..

"haehikeopniklebj"=hex:6b,61,64,69,6f,6d,67,64,62,68,64,61,62,61,70,62,6b,6b,65,62,6b,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-24 1:13:23 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-24 01:01

--- E O F ---

jgarcia · Julho 24, 2007

Opa marrucci,

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

Abraços.

marrucci · Julho 24, 2007

nao sei se tem problema, so que fui passa o programa e ele nao abria de maneira nenhuma... reiniciei 2x o pc... ate que fiquei bravo de ctrl alt del e fechei um monte de coisa... dai foi de boa o pclog07/24/07 20:00:51 [info]: BlackLight Engine 1.0.64 initialized07/24/07 20:00:51 [info]: OS: 5.1 build 2600 (Service Pack 2)07/24/07 20:00:51 [Note]: 7019 407/24/07 20:00:51 [Note]: 7005 007/24/07 20:00:55 [Note]: 7006 007/24/07 20:00:55 [Note]: 7011 50007/24/07 20:01:07 [Note]: 7026 007/24/07 20:01:07 [Note]: 7026 007/24/07 20:01:12 [Note]: FSRAW library version 1.7.102207/24/07 20:09:49 [Note]: 7007 0

jgarcia · Julho 25, 2007

Opa marrucci,

Vamos lá.

* Baixe o VundoFix.

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Abraços.

marrucci · Julho 25, 2007

O vundofix nao achou nada..

log

VundoFix V6.5.6

Checking Java version...

Sun Java not detected

Scan started at 18:25:30 Lucas 25/7/2007

Listing files found while scanning....

Logfile of HijackThis v1.99.1

Scan saved at 19:28 Lucas, on 25/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

hijackthis

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\windows\system32\nvsvc32.exe

C:\Arquivos de programas\Pure Networks\Network Magic\nmsrvc.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe