[Resolvido!]erro no services.exe - pc reinicia em 1 min.

[edvirtuais 0]

Tópico unido

 

Olá pessoal

 

Meu computador toda hora está dando erro no services.exe, aparecendo uma janela dizendo para salvar os documentos q a máquina reiniciará em 1 minuto.

Alguém pode me ajudar por favor!!!

 

Ai está o log:

 

"Silent Runners.vbs", revision R51, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"{A820B7E0-0686-1046-0210-030803010037}" = ""C:\Arquivos de programas\Arquivos comuns\{A820B7E0-0686-1046-0210-030803010037}\Update.exe" te-110-12-0000059" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"PCTVOICE" = "pctspk.exe" ["PCtel, Inc."]

"SunJavaUpdateSched" = ""C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"PRONoMgr.exe" = "C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]

"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"BigDog305" = "C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" ["Vimicro"]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"

\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2E3C3651-B19C-4DD9-A979-901EC3E930AF}\(Default) = "CompSegIB"

-> {HKLM...CLSID} = "ssh2 Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Scpad\scpsssh2.dll" ["Scopus Tecnologia Ltda"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{5D5D984B-948E-46A9-A3B0-FA4B45C32F1F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\AppPatch\smvcacb.dll" [file not found]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbieh.dll" ["Banco do Brasil"]

{C41A1C0E-EA6C-11D4-B1B8-444553540003}\(Default) = "G-Buster Browser Defense CEF"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

{C41A1C0E-EA6C-11D4-B1B8-444553540007}\(Default) = "G-Buster Browser Defense ABN AMRO"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehabn.dll" ["Banco ABN AMRO"]

{C41A1C0E-EA6C-11D4-B1B8-444553540008}\(Default) = "G-Buster Browser Defense Unibanco"

-> {HKLM...CLSID} = "GbIehObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbiehuni.dll" ["Banco Unibanco"]

{FB936D4B-E1F5-4345-A9B3-D05971F30C4E}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\byxyaxv.dll" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [file not found]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbieh.dll" ["Banco do Brasil"]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehabn.dll" ["Banco ABN AMRO"]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\TROJAN~1\Trshlex.dll" [file not found]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbiehuni.dll" ["Banco Unibanco"]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{A3717295-941D-416F-9384-ED1736729F1C}" = "scpLIB"

-> {HKLM...CLSID} = "compIB Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Scpad\scpLIB.dll" ["Scopus Tecnologia Ltda"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbieh.dll" ["Banco do Brasil"]

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399007}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehabn.dll" ["Banco ABN AMRO"]

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399008}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbiehuni.dll" ["Banco Unibanco"]

<<!>> "{E37CB5F0-51F5-4395-A808-5FA49E399003}" = "GbPlugin ShlObj"

-> {HKLM...CLSID} = "GbPluginObj Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\GbPlugin\gbiehCef.dll" ["Caixa Economica Federal"]

<<!>> "{FB936D4B-E1F5-4345-A9B3-D05971F30C4E}" = "*b" (unwritable string)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\byxyaxv.dll" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"CompIBBrd" = "{A3717295-941D-416F-9384-ED1736729F1C}"

-> {HKLM...CLSID} = "compIB Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Scpad\scpLIB.dll" ["Scopus Tecnologia Ltda"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> byxyaxv\DLLName = "byxyaxv.dll" [file not found]

<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

<<!>> smvcacb\DLLName = "C:\WINDOWS\AppPatch\smvcacb.dll" [file not found]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\TROJAN~1\Trshlex.dll" [file not found]

VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"

-> {HKLM...CLSID} = "AmvTransform Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\AmvTransform.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\TROJAN~1\Trshlex.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Joana\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)

-> {HKLM...CLSID} = "&Pesquisar"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

[strings]: SAFESITE_VALUE="search.msn.com.br"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

Gbp Service, GbpSv, "C:\Arquivos de programas\GbPlugin\GbpSv.exe" [empty string]

Serviço de publicação FTP, MSFtpsvc, "C:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]

PDFConverter\Driver = "pdfmonnt.dll" [null data]

 

 

---------- (launch time: 2007-07-28 01:05:58)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 139 seconds, including 11 seconds for message boxes)

[edvirtuais 0]

Log do F-Secure Blacklight :07/28/07 00:08:15 [info]: BlackLight Engine 1.0.64 initialized07/28/07 00:08:15 [info]: OS: 5.1 build 2600 (Service Pack 2)07/28/07 00:08:17 [Note]: 7019 407/28/07 00:08:17 [Note]: 7005 007/28/07 00:08:23 [Note]: 7006 007/28/07 00:08:24 [Note]: 7027 107/28/07 00:08:24 [Note]: 7027 007/28/07 00:08:25 [Note]: 7026 007/28/07 00:08:25 [Note]: 7026 007/28/07 00:08:37 [Note]: FSRAW library version 1.7.102207/28/07 00:41:41 [info]: Hidden file: c:\WINDOWS\system32:lzx32.sys07/28/07 00:41:41 [Note]: 7002 207/28/07 00:41:41 [Note]: 7003 107/28/07 01:05:08 [Note]: 7007 0

[edvirtuais 0]

Olá pessoal

 

meu pc está o tempo todo dando um erro no services.exe...aparece uma mensagem mandando eu salvar meus arquivos abertos, com uma contagem de 1 minuto para o computador ser reiniciado.

Se alguém poder me ajudar agradeço!!

 

obs: o erro aparece quando acesso a internet.

 

log do hijack:

-----

Logfile of HijackThis v1.99.1

Scan saved at 09:30:20, on 28/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\VM305_STI.EXE

C:\Hijack\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibahia.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.caixa.gov.br

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4299B640-1E9A-4A89-8CE5-2AF57E4C78EA}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: byxyaxv - byxyaxv.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: smvcacb - C:\WINDOWS\AppPatch\smvcacb.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

[Sam Spade 2]

Olá edvirtuais! Baixe > RustbFix

 

Dê um duplo-clique no rustbfix.exe. Se uma infecção pelo Rustock.b for encontrada, será pedido que reinicie o PC.

 

Pode acontecer de ser necessário mais de um reboot, mas isso será feito automaticamente.

 

A ferramenta depois de completar a remoção, gerará dois logs:

 

C\avenger.txt

C\rustbfix\pelog.txt

 

Poste os dois logs.

[djffuma 0]

Olá edvirtuais! Baixe > RustbFix

 

Dê um duplo-clique no rustbfix.exe. Se uma infecção pelo Rustock.b for encontrada, será pedido que reinicie o PC.

 

Pode acontecer de ser necessário mais de um reboot, mas isso será feito automaticamente.

 

A ferramenta depois de completar a remoção, gerará dois logs:

 

C\avenger.txt

C\rustbfix\pelog.txt

 

Poste os dois logs.

 

 

 

Estou tendo o mesmo problema, por favor me ajudem !!!

 

 

 

 

Segue logs:

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\fsneynkm

 

*******************

 

Script file located at: \??\C:\Program Files\idxvvfbs.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Driver xpdx unloaded successfully.

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

 

 

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************

ter 31/07/2007 17:48:37,68

 

******************* Pre-run Status of system *******************

 

Rootkit driver xpdx is found. Starting the unload-procedure....

 

Rustock.b-ADS attached to the System32-folder:

No streams found.

 

Looking for Rustock.b-files in the System32-folder:

system32\xpdx.sys FOUND!

attempting to delete xpdx.sys from system32-folder

 

 

******************* Post-run Status of system *******************

 

Rustock.b-driver on the system: NONE!

 

Rustock.b-ADS attached to the System32-folder:

No System32-ADS found.

 

Looking for Rustock.b-files in the System32-folder:

No Rustock.b-files found in system32

 

 

******************************* End of Logfile ********************************

[edvirtuais 0]

Oi ,

 

meu problema foi resolvido.

vai no link:

http://forum.clubedohardware.com.br/erro-services-exe/452677

e segue os passos que o problema para!

 

---

 

Olá edvirtuais! Baixe > RustbFix

 

Dê um duplo-clique no rustbfix.exe. Se uma infecção pelo Rustock.b for encontrada, será pedido que reinicie o PC.

 

Pode acontecer de ser necessário mais de um reboot, mas isso será feito automaticamente.

 

A ferramenta depois de completar a remoção, gerará dois logs:

 

C\avenger.txt

C\rustbfix\pelog.txt

 

Poste os dois logs.

 

 

 

Estou tendo o mesmo problema, por favor me ajudem !!!

 

 

 

 

Segue logs:

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\fsneynkm

 

*******************

 

Script file located at: \??\C:\Program Files\idxvvfbs.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Driver xpdx unloaded successfully.

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

 

 

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************

ter 31/07/2007 17:48:37,68

 

******************* Pre-run Status of system *******************

 

Rootkit driver xpdx is found. Starting the unload-procedure....

 

Rustock.b-ADS attached to the System32-folder:

No streams found.

 

Looking for Rustock.b-files in the System32-folder:

system32\xpdx.sys FOUND!

attempting to delete xpdx.sys from system32-folder

 

 

******************* Post-run Status of system *******************

 

Rustock.b-driver on the system: NONE!

 

Rustock.b-ADS attached to the System32-folder:

No System32-ADS found.

 

Looking for Rustock.b-files in the System32-folder:

No Rustock.b-files found in system32

 

 

******************************* End of Logfile ********************************

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.