[Resolvido!]Problemas com services.exe (2)

waart · Julho 31, 2007

Bom dia!

Estou com um problemão com o services.exe

Li um tópico a respeito mais resolvi postar um tópico porque nada resolveu.

"O services.exe encontrou um problema e precisa ser fechado."

daí logo aparece isso:

Desligamento do sistema

O sistema está sendo desligado. Salve os trabalhos em andamento e faça logoff. As alterações não salvas serão perdidas. Esta operação foi iniciada por AUTORIDADE NT/SYSTEM

Tempo de desligamento: 00:00:XX

Mensagem

O processo do sistema "C:\WINDOWS\system32\services.exe" terminou inesperadamente com o código de status - 1073741819. O sistema será agora desligado e reiniciado.

Logfile of HijackThis v1.99.1

Scan saved at 10:49:46, on 31/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\qwerty12.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\dwwin.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {c6f03bb4-7b7c-4434-9d24-e486ec0c776f} - C:\WINDOWS\system32\kbdher.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\utorrent.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176257646468

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll

O20 - Winlogon Notify: kbdher - kbdher.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Não consigo fazer nada que leve mais do que 5 minutos no pc. Espero ajuda.

Obrigado

jgarcia · Agosto 2, 2007

Opa waart,

Baixe o ComboFix em:

ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

Abraços.

waart · Agosto 2, 2007

Valeu jgarcia...

Conforme o solicitado, segue o log abaixo:

ComboFix 07-07-30.2 - "Wanderlei" 2007-08-02 13:02:59.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

* Created a new restore point

Rootkit driver xpdt is present. ... attempting disinfection

xpdt ...... driver unloaded successfully.

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\tmp29B.tmp.dll

C:\WINDOWS\system32\tmp43.tmp.dll

C:\WINDOWS\system32\tmp4C.tmp.dll

C:\WINDOWS\khgggh.dll

C:\WINDOWS\khijge.dll

C:\WINDOWS\wvwwwv.dll

C:\WINDOWS\hggghk.ini

C:\WINDOWS\egjihk.ini

C:\WINDOWS\vwwwvw.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\qwerty12.exe

C:\WINDOWS\system32\tmp16.tmp.dll

C:\WINDOWS\system32\tmp19C.tmp.dll

C:\WINDOWS\system32\tmp1F00.tmp.dll

C:\WINDOWS\system32\tmp23E.tmp.dll

C:\WINDOWS\system32\tmp24.tmp.dll

C:\WINDOWS\system32\tmp29B.tmp.dll

C:\WINDOWS\system32\tmp4.tmp.dll

C:\WINDOWS\system32\tmp43.tmp.dll

C:\WINDOWS\system32\tmp4C.tmp.dll

C:\WINDOWS\system32\tmp6D.tmp.dll

C:\WINDOWS\system32\tmp7.tmp.dll

C:\WINDOWS\system32\tmp81.tmp.dll

C:\WINDOWS\system32\xpdt.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

2007-08-02 13:01 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-31 22:43 <DIR> d-------- C:\CDisplay

2007-07-31 22:31 <DIR> d-------- C:\FIFA 07

2007-07-31 10:15 <DIR> d-------- C:\WINDOWS\CSC

2007-07-31 10:13 <DIR> d-------- C:\backups

2007-07-31 10:09 218,112 --a------ C:\HijackThis.exe

2007-07-31 09:53 8,354 --a------ C:\dnsbak.reg

2007-07-31 09:38 <DIR> d-------- C:\!KillBox

2007-07-31 03:01 <DIR> d-------- C:\WINDOWS\NV24002104.TMP

2007-07-26 22:15 <DIR> d-------- C:\Pro Evolution Soccer 6

2007-07-24 14:45 131,797 --a------ C:\WINDOWS\hgfeed.dll

2007-07-08 18:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Test Drive Unlimited

2007-07-08 18:02 <DIR> d-------- C:\Test Drive Unlimited

2007-07-07 13:36 <DIR> d-------- C:\WINDOWS\pss

2007-07-07 12:52 <DIR> d-------- C:\WINDOWS\system32\rserver30

2007-07-07 12:24 <DIR> dr-h----- C:\DOCUME~1\WANDER~1\DADOSD~1\SecuROM

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 19:04 --------- d-------- C:\DOCUME~1\WANDER~1\DADOSD~1\Hamachi

2007-08-01 18:59 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-07-31 22:45 --------- d-------- C:\DOCUME~1\WANDER~1\DADOSD~1\uTorrent

2007-07-31 09:53 --------- d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-07-26 22:16 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-16 20:21 --------- d-------- C:\Arquivos de programas\Avast4

2007-07-11 04:49 67232 --a------ C:\WINDOWS\system32\perfc016.dat

2007-07-11 04:49 425072 --a------ C:\WINDOWS\system32\perfh016.dat

2007-07-08 18:16 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-07-02 21:25 --------- d-------- C:\Arquivos de programas\GG E-Sports Platform

2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvunrm.exe

2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll

2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe

2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll

2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll

2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll

2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll

2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll

2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll

2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll

2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll

2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll

2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll

2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll

2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe

2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll

2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe

2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll

2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll

2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin

2007-06-21 04:21 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-06-16 18:43 1 --a------ C:\WINDOWS\system32\SI.bin

2007-06-16 01:09 967 --a------ C:\WINDOWS\ScUnin.pif

2007-06-16 01:09 94208 --a------ C:\WINDOWS\ScUnin.exe

2007-06-16 01:09 28140 --a------ C:\WINDOWS\scunin.dat

2007-06-07 07:39 --------- d-------- C:\Arquivos de programas\Windows Live

2007-06-07 07:39 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-06-07 07:39 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-06-06 15:10 196608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-06-06 15:10 1040384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-25 12:35 1536 --a------ C:\cwainda.exe

2007-05-16 12:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6f03bb4-7b7c-4434-9d24-e486ec0c776f}]

C:\WINDOWS\system32\kbdher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdher]

kbdher.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= ,C:\WINDOWS\system32\rserver30\r3god.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RServer3"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

R1 raddrvv3;raddrvv3;\??\C:\WINDOWS\system32\rserver30\raddrvv3.sys

R1 SASDIFSV;SASDIFSV;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys

R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys

R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys

R3 ZSMC301b;A4 Tech USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

S2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe

S3 SASENUM;SASENUM;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS

S4 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\autorun6e.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-02 13:06:17

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-02 13:07:19 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-02 13:07

--- E O F ---

Abraços

jgarcia · Agosto 2, 2007

Opa waart,

Vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

1ª Etapa

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS\system32\tmp29B.tmp.dll

C:\WINDOWS\system32\tmp43.tmp.dll

C:\WINDOWS\system32\tmp4C.tmp.dll

C:\WINDOWS\system32\kbdher.dll

C:\WINDOWS\khgggh.dll

C:\WINDOWS\khijge.dll

C:\WINDOWS\wvwwwv.dll

C:\WINDOWS\hggghk.ini

C:\WINDOWS\egjihk.ini

C:\WINDOWS\vwwwvw.ini

C:\WINDOWS\NV24002104.TMP

C:\cwainda.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {c6f03bb4-7b7c-4434-9d24-e486ec0c776f} - C:\WINDOWS\system32\kbdher.dll (file missing)
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\rserver30\r3god.dll

O20 - Winlogon Notify: kbdher - kbdher.dll (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Retorne com novos logs do HijackThis e ComboFix.

Aguardo retorno.

Um abraço.

waart · Agosto 2, 2007

Bom jgarcia, fiz quase tudo que você pediu exceto assinalar essa linha de comando

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

Ela não estava na triagem do Hijackthis, algum problema??

Quanto aos logs, estão aí:

Logfile of HijackThis v1.99.1

Scan saved at 18:00, on 2007-08-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

C:\WINDOWS\system32\findstr.exe

ComboFix 07-07-30.2 - "Wanderlei" 2007-08-02 17:58:50.2 [GMT -3:00] - NTFS