Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde amigos
meu pc ta estranho apareceram 3 pastas q nao consigo excluir na minha partição D. as vezes da um erro no windows quando reinicio ai quando acabar de carregar aparece uma tela azul ai reinicia o pc ou desliga as vezes
=/ aqui vai o log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:46, on 28/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5493 bytes
bom dia wings
aqui vai o log
Autoscan: malfunction (events: 6, objects: , time: 00:00:00)
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Autoscan: malfunction (events: 1, objects: 0, time: Unknown)
29/6/2010 23:36:51 Task started
Autoscan: completed 4 minutes ago (events: 6, objects: 355506, time: 04:15:12)
30/6/2010 00:03:33 Task started
30/6/2010 02:56:28 Detected: Trojan-Dropper.Win32.Halk.cz D:\anderson arquivos\anderson arquivos\doc\aknust\arquivos\arq winrar\FF8 All 5 CD + Goodies.rar/Goodies.rar/Goodies/FMV Movie Extract/binkplay.exe/Shrinker
30/6/2010 02:56:40 Untreated: Trojan-Dropper.Win32.Halk.cz D:\anderson arquivos\anderson arquivos\doc\aknust\arquivos\arq winrar\FF8 All 5 CD + Goodies.rar/Goodies.rar/Goodies/FMV Movie Extract/binkplay.exe/Shrinker Write not supported
30/6/2010 03:41:18 Detected: Trojan-PSW.Win32.VB.bur D:\System Volume Information\_restore{61865DA7-6C12-4140-AA1F-0849A40D4D6D}\RP279\A0162673.exe/YouTubeCatcher_1_0_setup.msi/_97A1165E4FD07563A3B925A98F2CB0AB/_9A65EFD64A6B407E9CB7642B78E9CFDB
30/6/2010 03:41:23 Untreated: Trojan-PSW.Win32.VB.bur D:\System Volume Information\_restore{61865DA7-6C12-4140-AA1F-0849A40D4D6D}\RP279\A0162673.exe/YouTubeCatcher_1_0_setup.msi/_97A1165E4FD07563A3B925A98F2CB0AB/_9A65EFD64A6B407E9CB7642B78E9CFDB Write not supported
30/6/2010 04:18:46 Task completed
Bom dia....
Quais são os nomes das pastas?
Se elas estiverem em D:\System Volume Information, esta pasta pertence ao sistema correspondendo a restauração da referida partição (D:\). Caso seja isto, basta desativar a restauração do sistema para todas as unidades.
1. Clique com o botão direito do mouse em Meu Computador
2. Selecione Propriedades
3. Clique em Restauração do Sistema
4. Marque Desativar Restauração do Sistema > Aplicar > OK
5. Depois desmarque novamente. Aplicar > OK.
Boa tarde wings!
na verdade são pastas q são letras e numeros misturados
parece ate um virus
8a560253006c441ba03d30
28d7bef4504d7fd7fd
29b2ca13addc3944e859
esses são os nomes delas
aqui vai uma imagem delas
http://img810.imageshack.us/img810/8751/imagemba.png
obs: ja fiz isso que você falou sobre a restauração do sistema, nao deu certo, elas nao sumiram e tbm nao conseguir exclui-las.
E sobre o pc reiniciar sozinho? porq tipo quando inicio o pc quando acabar de carregar o WINDOWS XP da uma tela azul ai trava e reinicia de novo!tenhu que esperar uns 15 minutos pra poder ligar o pc de novo e ele ligar normalmente =/ isso nao e virus ou uma entrada maliciosa?
Abraços!
*Baixe o SystemLook e salve-o no desktop
*Duplo clique em SystemLook.exe
*Cole o código abaixo no espaço em branco:
:dirD:\8a560253006c441ba03d30
D:\28d7bef4504d7fd7fd
D:\29b2ca13addc3944e859
*Clique em [Look]
*Cole o relatório apresentado em SystemLook.txt localizado no desktop
Boa noite wings
aqui vai o log gerado
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:53 on 30/06/2010 by ANDKNUST (Administrator - Elevation successful)
========== dir ==========
D:\8a560253006c441ba03d30 - Parameters: "(none)"
---Files---
$shtdwn$.req --ah-- 788 bytes [17:30 24/06/2010] [17:30 24/06/2010]
baseline.dat --a--- 50872 bytes [03:27 09/11/2007] [03:27 09/11/2007]
BITS_Text.htm --a--- 1084 bytes [10:38 08/11/2007] [10:38 08/11/2007]
CustomText.1033.dll --a--- 52752 bytes [03:32 09/11/2007] [03:32 09/11/2007]
deffactory.dat --a--- 746 bytes [03:27 09/11/2007] [03:27 09/11/2007]
DeleteTemp.exe --a--- 97280 bytes [19:26 07/11/2007] [19:26 07/11/2007]
dlmgr.dll --a--- 276472 bytes [19:26 07/11/2007] [19:26 07/11/2007]
DW20.EXE --a--- 633848 bytes [20:53 07/11/2007] [20:53 07/11/2007]
DWINTL20.DLL --a--- 111616 bytes [20:53 07/11/2007] [20:53 07/11/2007]
eula.1033.txt --a--- 25882 bytes [03:27 09/11/2007] [03:27 09/11/2007]
ExpressRes.dll --a--- 270336 bytes [02:54 09/11/2007] [02:54 09/11/2007]
ExpressUI.dll --a--- 820736 bytes [02:54 09/11/2007] [02:54 09/11/2007]
gencomp.dll --a--- 1059328 bytes [19:26 07/11/2007] [19:26 07/11/2007]
HtmlLite.dll --a--- 177152 bytes [19:26 07/11/2007] [19:26 07/11/2007]
IA64block_text.htm --a--- 162 bytes [00:41 08/11/2007] [00:41 08/11/2007]
ie6sp_help.htm --a--- 2112 bytes [11:02 08/11/2007] [11:02 08/11/2007]
ie6sp_text.htm --a--- 370 bytes [11:02 08/11/2007] [11:02 08/11/2007]
locdata.ini --a--- 6718 bytes [03:27 09/11/2007] [03:27 09/11/2007]
logo.bmp --a--- 80164 bytes [03:27 09/11/2007] [03:27 09/11/2007]
readme.htm --a--- 30633 bytes [02:51 09/11/2007] [02:51 09/11/2007]
setup.exe --a--- 269304 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setup.sdb --a--- 68314 bytes [03:27 09/11/2007] [03:27 09/11/2007]
setupres.dll --a--- 109568 bytes [19:26 07/11/2007] [19:26 07/11/2007]
Silverlight_EULA.htm --a--- 19813 bytes [02:51 09/11/2007] [02:51 09/11/2007]
Silverlight_privacy.htm --a--- 17398 bytes [02:51 09/11/2007] [02:51 09/11/2007]
SITSetup.dll --a--- 1361920 bytes [19:26 07/11/2007] [19:26 07/11/2007]
Thumbs.db --ahs- 5120 bytes [06:40 30/06/2010] [06:40 30/06/2010]
Troubleshoot_Guide.htm --a--- 15923 bytes [10:38 08/11/2007] [10:38 08/11/2007]
vs70uimgr.dll --a--- 627712 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vsbasereqs.dll --a--- 411136 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vsscenario.dll --a--- 687104 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vs_setup.dll --a--- 1045504 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vs_setup.MS_ --a--- 2516992 bytes [04:36 09/11/2007] [04:36 09/11/2007]
vs_setup.pdi --a--- 4886 bytes [03:27 09/11/2007] [03:27 09/11/2007]
windows2000sp_help.htm --a--- 2156 bytes [11:02 08/11/2007] [11:02 08/11/2007]
windows2000sp_text.htm --a--- 422 bytes [11:02 08/11/2007] [11:02 08/11/2007]
windows2003sp_help.htm --a--- 2133 bytes [11:02 08/11/2007] [11:02 08/11/2007]
windows2003sp_text.htm --a--- 386 bytes [11:02 08/11/2007] [11:02 08/11/2007]
windowsXPsp_help.htm --a--- 2179 bytes [11:02 08/11/2007] [11:02 08/11/2007]
windowsXPsp_text.htm --a--- 382 bytes [11:02 08/11/2007] [11:02 08/11/2007]
---Folders---
None found.
D:\28d7bef4504d7fd7fd - Parameters: "(none)"
---Files---
baseline.dat --a--- 210834 bytes [22:00 07/11/2007] [22:00 07/11/2007]
deffactory.dat --a--- 784 bytes [22:00 07/11/2007] [22:00 07/11/2007]
DeleteTemp.exe --a--- 97280 bytes [19:26 07/11/2007] [19:26 07/11/2007]
dlmgr.dll --a--- 276472 bytes [19:26 07/11/2007] [19:26 07/11/2007]
DW20.EXE --a--- 633848 bytes [22:39 07/11/2007] [22:39 07/11/2007]
DWINTL20.DLL --a--- 111616 bytes [22:39 07/11/2007] [22:39 07/11/2007]
eula.1025.rtf --a--- 7768 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1028.rtf --a--- 5768 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1029.rtf --a--- 3669 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1030.rtf --a--- 3316 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1031.rtf --a--- 3316 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1032.rtf --a--- 9304 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1033.rtf --a--- 3109 bytes [16:16 07/11/2007] [16:16 07/11/2007]
eula.1035.rtf --a--- 3732 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1036.rtf --a--- 3175 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1037.rtf --a--- 8324 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1038.rtf --a--- 4179 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1040.rtf --a--- 3336 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1041.rtf --a--- 9375 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1042.rtf --a--- 11076 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1043.rtf --a--- 3439 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1044.rtf --a--- 3333 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1045.rtf --a--- 4413 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1046.rtf --a--- 3315 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1049.rtf --a--- 9647 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1053.rtf --a--- 3267 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.1055.rtf --a--- 4254 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.2052.rtf --a--- 5117 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.2070.rtf --a--- 3808 bytes [22:00 07/11/2007] [22:00 07/11/2007]
eula.3082.rtf --a--- 3068 bytes [22:00 07/11/2007] [22:00 07/11/2007]
gencomp.dll --a--- 1059328 bytes [19:26 07/11/2007] [19:26 07/11/2007]
HtmlLite.dll --a--- 177152 bytes [19:26 07/11/2007] [19:26 07/11/2007]
locdata.1025.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1028.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1029.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1030.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1031.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1032.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1035.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1036.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1037.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1038.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1040.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1041.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1042.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1043.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1044.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1045.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1046.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1049.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1053.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.1055.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.2052.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.2070.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.3082.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
locdata.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]
logo.bmp --a--- 5208 bytes [19:20 07/11/2007] [19:20 07/11/2007]
setup.exe --a--- 269304 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setup.sdb --a--- 73128 bytes [22:00 07/11/2007] [22:00 07/11/2007]
setupres.1025.dll --a--- 112128 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1028.dll --a--- 84992 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1029.dll --a--- 124416 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1030.dll --a--- 125440 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1031.dll --a--- 129536 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1032.dll --a--- 136192 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1035.dll --a--- 120832 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1036.dll --a--- 132096 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1037.dll --a--- 110080 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1038.dll --a--- 131072 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1040.dll --a--- 127488 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1041.dll --a--- 96768 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1042.dll --a--- 93696 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1043.dll --a--- 127488 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1044.dll --a--- 120320 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1045.dll --a--- 126976 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1046.dll --a--- 121856 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1049.dll --a--- 122368 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1053.dll --a--- 120320 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.1055.dll --a--- 119808 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.2052.dll --a--- 83456 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.2070.dll --a--- 130048 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.3082.dll --a--- 130560 bytes [19:26 07/11/2007] [19:26 07/11/2007]
setupres.dll --a--- 109568 bytes [19:26 07/11/2007] [19:26 07/11/2007]
SITSetup.dll --a--- 1361920 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vs70uimgr.dll --a--- 627712 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vsbasereqs.dll --a--- 411136 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vsscenario.dll --a--- 687104 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vs_setup.dll --a--- 1045504 bytes [19:26 07/11/2007] [19:26 07/11/2007]
vs_setup.MS_ --a--- 617472 bytes [22:39 07/11/2007] [22:39 07/11/2007]
vs_setup.pdi --a--- 20796 bytes [22:00 07/11/2007] [22:00 07/11/2007]
WapRes.1025.dll --a--- 102904 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1028.dll --a--- 90104 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1029.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1030.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1031.dll --a--- 111608 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1032.dll --a--- 113656 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1035.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1036.dll --a--- 112120 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1037.dll --a--- 101368 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1038.dll --a--- 111096 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1040.dll --a--- 110072 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1041.dll --a--- 95736 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1042.dll --a--- 92664 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1043.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1044.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1045.dll --a--- 109048 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1046.dll --a--- 107512 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1049.dll --a--- 107000 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1053.dll --a--- 105976 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.1055.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.2052.dll --a--- 89080 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.2070.dll --a--- 110072 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.3082.dll --a--- 111096 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapRes.dll --a--- 107512 bytes [19:26 07/11/2007] [19:26 07/11/2007]
WapUI.dll --a--- 982008 bytes [19:26 07/11/2007] [19:26 07/11/2007]
---Folders---
None found.
D:\29b2ca13addc3944e859 - Parameters: "(none)"
---Files---
None found.
---Folders---
1025 d----- [21:21 14/03/2010]
1028 d----- [21:21 14/03/2010]
1029 d----- [21:21 14/03/2010]
1030 d----- [21:21 14/03/2010]
1031 d----- [21:21 14/03/2010]
1032 d----- [21:21 14/03/2010]
1033 d----- [21:21 14/03/2010]
1035 d----- [21:21 14/03/2010]
1036 d----- [21:21 14/03/2010]
1037 d----- [21:21 14/03/2010]
1038 d----- [21:21 14/03/2010]
1040 d----- [21:21 14/03/2010]
1041 d----- [21:21 14/03/2010]
1042 d----- [21:21 14/03/2010]
1043 d----- [21:21 14/03/2010]
1044 d----- [21:21 14/03/2010]
1045 d----- [21:21 14/03/2010]
1046 d----- [21:21 14/03/2010]
1049 d----- [21:21 14/03/2010]
1053 d----- [21:21 14/03/2010]
1055 d----- [21:21 14/03/2010]
2052 d----- [21:21 14/03/2010]
2070 d----- [21:21 14/03/2010]
3076 d----- [21:21 14/03/2010]
3082 d----- [21:21 14/03/2010]
-=End Of File=-
Nada de anormal nas pastas....
Muitos arquivos do Microsoft Visual Studio.
Acredito que a tela azul possa ser decorrente de Hardware.
1.
*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start
*A tela principal do Kaspersky será aberta novamente
*Clique em [Exit] > [Yes] > [sim] > [sim]
*O PC será reiniciado
*Delete o arquivo setup do Kaspersky e o log salvo no desktop
2.
*Baixe o RootKit Unhooker LE e salve-o no desktop
*Execute o programa
*Clique em [Report] > [scan]
*Desmarque as opções:
[] Files[] Code Hooks
[] SSDT
*Clique [OK]
*Ao término será apresentado um relatório
*Clique em [File] > [save Report] e salve-o no desktop
*Clique em [Close] > [Yes]
*Cole-o na sua próxima resposta
Boa tarde wings!
você tinha razão sobre a tela azul hehehe era o slot da placa mãe eu acho q ta corrompido, troquei ai voltou a funcionar normalmente =)
aqui vai o log gerado!
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x867C49C8 [4] System
0x8615FDA0 [172] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 71.25)
0x860EFDA0 [188] C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java Quick Starter Service)
0x864CF860 [236] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x864146A0 [244] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation, Windows Live Device Manager Executable)
0x861EA328 [260] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java Update Scheduler)
0x8640AC68 [272] C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc., -)
0x864C4860 [296] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)
0x861484C0 [364] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Executa uma DLL como um aplicativo)
0x86430A28 [376] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x86431B88 [404] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)
0x86414DA0 [448] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x86483020 [636] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Gerenciador de Sessão do Windows NT)
0x864F3940 [684] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86344DA0 [708] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Aplicativo de logon do Windows NT)
0x866A94B0 [752] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Aplicativo de serviços e controle)
0x86698928 [764] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86379DA0 [960] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x861647A8 [968] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86284DA0 [1024] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86349BE0 [1120] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x865522F0 [1160] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8610EDA0 [1204] C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies, Skype Extras Manager)
0x861E3DA0 [1240] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x860F8A20 [1360] C:\Documents and Settings\ANDKNUST\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x861DFDA0 [1384] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86366A20 [1588] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x864FD528 [1668] C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x860EE530 [1876] C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x8620F4E0 [1932] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x861C9860 [1940] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8608DDA0 [2248] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x860FB870 [2280] C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x860C49C8 [2780] C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x860249F0 [3292] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4034560 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 71.25 )
0xF7300000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3334144 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.25 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, Núcleo e sistema do NT)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Driver Win32 multiusuário)
0xF71E6000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 712704 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF76BD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5730000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7030000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF583B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1D1E000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF1A16000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF712E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7814000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF231D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7690000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF055E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF57A0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5813000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF77BE000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF57ED000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4DAA000 C:\WINDOWS\System32\Drivers\TP6800.sys 151552 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xF58E1000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 147456 bytes (Roxio, DVDVR XP Filesystem Reader Driver)
0xF71C2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7294000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF72B8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF57CB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7786000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77E4000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver de disco com tolerância a falhas)
0xF5601000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF7676000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77A6000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3CEF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF775D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7197000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2DDD000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF2398000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF2E6B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF71AE000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver de porta paralela)
0xF72EC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF5894000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF774A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7774000 sr.sys 73728 bytes (Microsoft Corporation, Driver de filtro do sistema de arquivos da restauração do sistema)
0xF72DB000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 69632 bytes (Roxio, CDR4_XP CDR Helper)
0xF7803000 pci.sys 69632 bytes (Microsoft Corporation, Enumerador NT Plug and Play PCI)
0xF715E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF4BB7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78F3000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7923000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver de dispositivo serial)
0xF7913000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7903000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2CB5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF711E000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF79B3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7933000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver de porta i8042)
0xF78A3000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7943000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A73000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7883000 VolSnap.sys 53248 bytes (Microsoft Corporation, Driver de cópia de sombra de volume)
0xF7983000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7963000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A23000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78E3000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7873000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7953000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF78B3000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF7AD3000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver de dispositivo de processador)
0xF7863000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF79A3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7993000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7893000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF710E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7973000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7A13000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF182E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A03000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C4B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AFB000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7BCB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BDB000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7BD3000 C:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF7B33000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7BF3000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver de classe teclado)
0xF7AE3000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7C63000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7BBB000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 24576 bytes (Roxio, CDRAL for Windows 2000 Kernel Driver)
0xF7BEB000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver de classe modem)
0xF7C53000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7BC3000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C3B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BE3000 C:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)
0xF7C43000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AEB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7C0B000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BFB000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7C13000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7C03000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF4D5A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF1F4D000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)
0xF7D4F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2E83000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D27000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF4A54000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF717B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7D2B000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF7D37000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7D03000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7DA1000 C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D99000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D69000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DEB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D97000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D9B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7E1F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Driver paralelo VDM)
0xF7D9D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D93000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D95000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D67000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D65000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7ECC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7EF9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F96000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
abraços!
OK...o PC está limpo :)
1.
*Delete o SystemLook e seu relatório
2.
*Delete o Rootkit Unhooker LE e seu relatório
3.
*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start
*A tela principal do Kaspersky será aberta novamente
*Clique em [Exit] > [Yes] > [sim] > [sim]
*O PC será reiniciado
*Delete o arquivo setup do Kaspersky e o log salvos no desktop
Um abraço.
Ok wings
obrigado por tudo!
abraços
=)
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop
*Instale o programa
*A tela principal do programa será aberta automaticamente
*Selecione a opção:
*Clique em [start scan]....aguarde. Pode demorar.
*Caso encontre algo, clique em [skip]
*Ao término do scan, clique em [Report]
*Uma janela chamada "Detailed report" será aberta
*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados