[Resolvido] Problemas com services.exe

[Minhoca11 0]

Olá amigos, boa tarde.

Estou tendo problemas com o services.exe

 

Aparece a seguinte mensagem:

 

services.exe - Erro de aplicativo

 

A instrução no "0x7c913396" fez referência à memória no "0x00960000". A memória não pôde ser "read".

Clique em OK para encerrar o programa

Clique em Cancelar para depurar o programa.

 

Ao clicar em OK aparece uma janela e diz q o computador será desligado em 1 minuto.

Ao clicar em Cancelar o computador pára de responder.

 

A seguir colocarei o log do Hijackthis.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:30:15, on 16/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Documents and Settings\ANDRE\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120086846593

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

 

 

 

 

Agradeço demais a ajuda que vocês possam me dar.

 

Abraços

[DigRam 144]

Bom Dia Minhoca11!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite a proteção residente do Spybot.

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Evite tocar no Mouse ou teclado!

_____________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Minhoca11 0]

Olá DigRam, tudo bem?

 

Desde já agradeço pela ajuda.

 

Conforme solicitado segue o log do Combofix:

 

ComboFix 08-01-18.4 - ANDRE 2008-01-18 0:54:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.651 [GMT -3:00]

Executando de: C:\Documents and Settings\ANDRE\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))

.

 

2008-01-18 00:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-18 18:48 . 2008-01-08 10:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-18 18:48 . 2007-12-18 18:48 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 03:53 --------- d-----w C:\Documents and Settings\ANDRE\Dados de aplicativos\Skype

2008-01-17 18:22 --------- d-----w C:\Arquivos de programas\AVG Free

2008-01-16 20:00 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-09 05:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-01-06 11:00 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-01-06 10:11 --------- d-----w C:\Documents and Settings\ANDRE\Dados de aplicativos\AVG7

2008-01-04 23:03 --------- d-----w C:\Documents and Settings\ANDRE\Dados de aplicativos\LimeWire

2007-12-07 17:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-06 20:01 --------- d-----w C:\Documents and Settings\ANDRE\Dados de aplicativos\uTorrent

2007-12-06 20:00 --------- d-----w C:\Arquivos de programas\Jogos

2007-11-28 03:13 --------- d-----w C:\Arquivos de programas\Doom 3 Demo

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 12:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-24 04:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

2007-10-24 04:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

2007-10-24 04:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

2007-10-24 04:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Arquivos de programas\Skype\Skype.exe" [2007-02-22 23:31 25388584]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-05-07 19:56 5674352]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:32 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56 159800]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-27 00:57 4640768]

"nwiz"="nwiz.exe" [2003-06-27 00:57 323584 C:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon.exe" [2005-10-23 14:02 2458664]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:\Arquivos de programas\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"AVG7_CC"="C:\ARQUIV~1\AVGFRE~1\avgcc.exe" [2007-12-21 12:28 579072]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\AVGFRE~1\avgw.exe" [2007-10-31 17:50 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2007-11-19 19:02 341928]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2007-10-08 17:27 336800]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 16:30 347976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]

LogonDll.dll 2006-07-22 13:38 49152 C:\WINDOWS\system32\LogonDll.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginAbn]

C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2007-11-19 19:02 341928 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2006-07-22 13:33]

R1 GhPciScan;GhostPciScanner;C:\Arquivos de programas\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]

R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2003-01-16 17:14]

R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2003-01-16 17:14]

R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2003-01-16 17:14]

R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" [2001-07-23 17:00]

S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-16 10:42]

S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-16 10:42]

S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-16 10:42]

S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-16 10:42]

S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-16 10:42]

 

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-18 00:59:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\LogonDll.dll

.

Tempo para conclusão: 2008-01-18 1:00:11

.

2007-12-12 15:56:03 --- E O F ---

 

 

 

 

E em seguida o log novo do HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:04:40, on 18/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\ANDRE\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120086846593

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

 

 

Ainda não reiniciei o sistema para ver se o problema foi resolvido.

Desculpe a ignorância, mas o problema deveria ser resolvido até então?

 

 

Mais uma vez agradeço a ajuda.

 

 

[]'s

 

Minhoca11

[DigRam 144]

Bom Dia Minhoca11!

 

>@< Faça uma pesquisa,pelo Jotti,ao arquivo:

 

lsasrv.dll

 

>@< Em File to upload,coloque o caminho: C:\WINDOWS\system32\lsasrv.dll

>@< Em seguida,clique em Submit.

>@< Copie e poste,o relatório desta análise.

______________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

______________________

 

>@< Poste,então: Relatório do BitDefender + Relatório do Jotti + HijackThis,atualizado.

 

Abraços!

[Minhoca11 0]

Olá DigRam,

 

Segue os logs:

 

Jotti

 

 

Scan taken on 22 Jan 2008 12:25:21 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

BitDefender

 

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Tue, Jan 22, 2008 - 12:21:55

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:43:08

 

Files

365301

 

Folders

8715

 

Boot Sectors

4

 

Archives

6079

 

Packed Files

14891

 

 

 

 

Results

 

Identified Viruses

0

 

Infected Files

0

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

0

 

 

 

 

Engines Info

 

Virus Definitions

892805

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

No virus found.

 

 

HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:26:15, on 22/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\PowerS.exe

C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Skype\Skype.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\r_server.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\Arquivos de programas\Skype\Plugin Manager\SkypePM.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\ANDRE\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Arquivos de programas\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120086846593

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\AVGFRE~1\avgupsvc.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Arquivos de programas\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

 

 

 

O problema continua acontecendo. Só que desta vez ele é intermitente, ou seja, quando ligo o computador as vezes aparece o erro, as vezes não. Todos estes logs foram gerados com o problema acontecendo.

 

 

Obrigado,

 

 

Minhoca11

[DigRam 144]

Boa Noite Minhoca11!

 

O problema continua acontecendo. Só que desta vez ele é intermitente, ou seja, quando ligo o computador as vezes aparece o erro, as vezes não. Todos estes logs foram gerados com o problema acontecendo.

>@< O Log está limpo.E,parece-me que o problema,não está relacionado à malware.

_________________________

 

>@< Muitos usuários,têm solucionado êste erro,de Generic Hosts,instalando patches de atualização.

>@< Caso possa,procure atualizar o computador.

>@< Tente,também,uma limpeza no registro.

>@< Faça o download do RegSeeker.

>@< Abra o RegSeeker e clique em Limpar registro.

>@< Clique em Ok! >> Aguarde!

>@< Terminando,clique em Select >> Selecionar tudo >> Action >> Apagar entradas selecionadas >> Ok.

>@< Aceite a sugestão de ter backups,e os nomeie! << Para que ocorra,uma fácil identificação!

_________________________

 

>@< Aguardo retorno!

 

Abraços!

[Minhoca11 0]

Olá DigRam, tudo bem?

 

Então, esses patches de atualização seriam no windows update? Ou é outra coisa?

Se for isso, o meu PC está atualizado. Possuo a versão original do windows e a atualização é automática.

 

Quanto a essa limpeza de registro, eu posso sair apagando as entradas aleatoriamente ou devo apagar alguma específica?

Como posso fazer um backup do registro antes de apagar as entradas?

 

Obrigado pela força.

 

Abração

 

Minhoca11

[DigRam 144]

Boa Noite Minhoca11!

 

Então, esses patches de atualização seriam no windows update? Ou é outra coisa?

Se for isso, o meu PC está atualizado. Possuo a versão original do windows e a atualização é automática.

>@< Seriam no Windows Update...mas,mesmo assim,poderá haver falhas ou lacunas,no processo de atualização. ( Atualização automática! )

>@< Voçê possui essa atualização? < KB 921883-x86-PTB >

_______________________

 

Quanto a essa limpeza de registro, eu posso sair apagando as entradas aleatoriamente ou devo apagar alguma específica?

Como posso fazer um backup do registro antes de apagar as entradas?

>@< Ao clicar em: Apagar entradas selecionadas,a ferramenta lhe perguntará se quer salvar os ( .reg ).Aceite os backups,e procure nomeá-los.

 

Abraços!

[Minhoca11 0]

Olá DigRam, boa noite.

 

A atualização está instalada sim.

Regularmente eu entro no site do Windows Update para verificar as atualizações opcionais e de hardware.

 

Quanto ao registro do windows eu vou deixar pra fazer amanhã com mais calma. Hoje estou muito cansado e preciso trabalhar amanhã cedo.

Assim que eu fizer a limpeza eu te digo se o problema sumiu de vez.

 

Obrigado,

 

 

Minhoca11

[DigRam 144]

Boa Noite Minhoca11!

 

OK,Bom descanso!

 

>@< Complemente a limpeza,com este outro utilitário: < MVRegClean5-br.zip >

>@< Neste caso,antes de executá-la,crie um Ponto de Restauração do sistema.

 

Abraços!

[Minhoca11 0]

Olá DigRam, tudo bem?

 

Finalmente o problema desapareceu, mas agora estou com outro tipo de problema e não sei se tem relação com o problema que estava enfrentando anteriormente.

 

Quando ligo o PC aparece a tela " O windows está sendo inicializado " e trava nessa tela.

 

Estou começando a desconfiar de algum problema de hardware... será?

 

Mais uma vez, obrigado pela ajuda.

 

Abração

 

 

Minhoca11

[DigRam 144]

Boa Noite Minhoca11!

 

>@< Substitua os pentes de memória,já que,estatisticamente,são os maiores causadores deste tipo de problema.

____________________

 

>@< O problema com o services.exe,foi resolvido com o procedimento de limpeza?

 

Abraços!

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.