Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá
Bom, há um tempo atrás eu postei esse problema de reinicialização do computador + Blue Screen e obtive a informação de que não era nada, BUT! De uns tempos pra cá isso se tornou extremamente frequente. Ok, isso mostra um problema de hardware, mas notei que algumas vezes que acesso a alguns sites recebo um aviso de que meu computador pode ser um zumbi (?) e eu, leiga como sou, apelei para o Sr. Google e ele me disse que isso pode ter relação com o meu problema de tela azul.
Fiz um log do HiJackThis mas tive um problema e o log não sai completo, segue a mensagem e o log:
"For some reason your system denied write accessto the Hosts file. If any hijacked domains are in thisfile, HijackThis may NOT be able to fix this."
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:37, on 02/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Vivo 3G\Vivo 3G.exe
C:\Program Files\Vivo 3G\CMUpdater.exe
C:\Windows\system32\taskeng.exe
C:\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [D-Link D-Link DWA-525] C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3988E2E1-EC4E-4351-9201-BB6C1F28BAAD}: NameServer = 200.142.132.32 200.220.227.57
O17 - HKLM\System\CCS\Services\Tcpip\..\{93D4286C-D95D-4966-9F99-058C75FC8DAB}: NameServer = 208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) - Wireless Service - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Realtek8185 - Realtek - C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe
--
End of file - 4404 bytes
Olá, wings
Entao, eu instalei o malwarebytes e coloquei pra fazer uma análise, mas estou com um problema, meu computador nao consegue terminar nenhuma análise sem ser desligado pela tela azul, seja em modo normal ou de seguranca. Eu realmente nao sei o que fazer. Enfim, aguardo sua resposta.
Gabi.
Tente fazer o scan desconectada da internet.
Eu tentei já, na verdade, eu até desativei minha placa de rede sem fio e nada, ele sempre reinicia com menos de 5 minutos de análise. Comolidar#
>
Eu tentei já, na verdade, eu até desativei minha placa de rede sem fio e nada, ele sempre reinicia com menos de 5 minutos de análise. Comolidar#
Realmente fica difícil.
*Baixe o DDS e salve-o no desktop
*Execute-o e salve os relatórios no desktop (DDS.txt e Attach.txt)
*Cole apenas o relatório DDS.txt
Aqui, o relatório do DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Ivanildo at 22:14:57 on 2011-11-06
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3039.2293 [GMT -2:00]
.
AV: Avira Desktop Enabled/Outdated {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop Enabled/Outdated {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe
C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Vivo 3G\Vivo 3G.exe
C:\Program Files\Vivo 3G\CMUpdater.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160
uDefault_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\ivanildo\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [D-Link D-Link DWA-525] c:\program files\d-link\dwa-525 reva\AirNCFG.exe
mRun: [WZCSLDR2] c:\program files\d-link\dwa-525 reva\WZCSLDR2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: Interfaces\{28EC040A-8F52-46C2-9E1A-A274CB93F71C} : DhcpNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{3988E2E1-EC4E-4351-9201-BB6C1F28BAAD} : NameServer = 200.142.132.32 200.220.227.57
TCP: Interfaces\{93D4286C-D95D-4966-9F99-058C75FC8DAB} : NameServer = 208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ivanildo\appdata\roaming\mozilla\firefox\profiles\24mf45hy.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&instlRef=sst&affID=17160&q=
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\users\ivanildo\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ivanildo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-10-19 12800]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-23 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-30 218688]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-23 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-23 74640]
R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\d-link\dwa-525 reva\ANIWConnService.exe [2011-10-19 40960]
R2 Realtek8185;Realtek8185;c:\program files\realtek\rtl8185 wireless lan utility\RtlService.exe [2011-10-13 40960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 22216]
S2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\d-link\dwa-525 reva\ANIWZCSdS.exe [2011-10-19 126976]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-3 41272]
S3 netr28;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\Dnetr28.sys [2011-10-19 668160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 1183232]
S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== Created Last 30 ================
.
2011-11-03 23:46:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-03 23:29:44 -------- d-----w- c:\users\ivanildo\appdata\roaming\Malwarebytes
2011-11-03 23:29:38 -------- d-----w- c:\programdata\Malwarebytes
2011-11-03 23:29:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 23:29:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 22:50:24 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c6ce2788-7369-438a-8281-1eb68ff6e8f9}\offreg.dll
2011-11-03 00:41:47 -------- d-----w- C:\HiJackThis
2011-10-30 04:00:57 -------- d-----w- c:\program files\CCleaner
2011-10-28 21:33:24 556735 ----a-w- c:\windows\Janes Hotel Mania Uninstaller.exe
2011-10-27 18:27:36 -------- d-----r- c:\program files\Skype
2011-10-26 01:08:38 -------- d-sh--w- C:\found.000
2011-10-23 20:58:30 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-10-23 20:58:28 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c6ce2788-7369-438a-8281-1eb68ff6e8f9}\mpengine.dll
2011-10-23 20:37:16 -------- d-----w- c:\users\ivanildo\appdata\roaming\Avira
2011-10-23 20:36:47 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-23 20:36:47 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-23 20:36:44 -------- d-----w- c:\programdata\Avira
2011-10-23 20:36:44 -------- d-----w- c:\program files\Avira
2011-10-19 13:57:48 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys
2011-10-19 13:57:47 668160 ----a-w- c:\windows\system32\drivers\Dnetr28.sys
2011-10-19 13:57:47 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-10-19 13:57:46 -------- d-----w- c:\program files\D-Link
2011-10-13 20:17:24 -------- d-----w- c:\programdata\GoBoingo
2011-10-13 20:06:56 -------- d-----w- c:\windows\Downloaded Installations
2011-10-13 16:04:53 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2011-10-13 16:04:53 380928 ----a-w- c:\windows\RtlUI2.exe
2011-10-13 16:04:53 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2011-10-13 16:04:53 -------- d-----w- c:\program files\REALTEK
2011-10-13 16:04:52 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
.
==================== Find3M ====================
.
2011-10-13 16:03:25 1183232 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2011-09-22 13:35:20 1520589 ----a-w- c:\windows\Plants vs Zombies - Game of the Year Uninstaller.exe
.
============= FINISH: 22:15:31,53 ===============
Faça um backup dos seus arquivos pessoais antes de continuar com o procedimento, pois como seu PC está com problema de hardware, o Windows poderá ser afetado e necessitar de uma nova reinstalação.
1.
*Delete o DDS e seus relatórios
2.
*Baixe o ERUNT e salve-o no desktop
*Crie uma pasta em C:\ chamada ERUNT e extraia para ela
*Execute o arquivo C:\ERUNT\ERUNT.exe
*Clique [OK] > [OK] > [sim] > [OK]
3.
*Desative temporariamente seu antivírus
*Baixe o ComboFix e salve-o no desktop
*Execute-o, aceite o contrato e aguarde a conclusão das etapas
Algumas observações:
1) Não use o mouse nem o teclado durante as etapas!!
2) Para interromper o scan, tecle N
*Cole o relatório apresentado
Aqui, o relatório do ComboFix:
ComboFix 11-11-07.03 - Ivanildo 07/11/2011 18:16:43.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3039.2339 [GMT -2:00]
Executando de: c:\users\Ivanildo\Desktop\ComboFix.exe
AV: Avira Desktop Disabled/Outdated {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop Disabled/Outdated {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-10-07 to 2011-11-07 ))))))))))))))))))))))))))))
.
.
2011-11-07 20:20 . 2011-11-07 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 19:13 . 2011-11-07 19:13 -------- d-----w- c:\users\Ivanildo\AppData\Local\ElevatedDiagnostics
2011-11-03 23:46 . 2011-11-07 00:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Malwarebytes
2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\programdata\Malwarebytes
2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 23:29 . 2011-08-31 19:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 04:00 . 2011-10-30 04:00 -------- d-----w- c:\program files\CCleaner
2011-10-28 21:33 . 2011-10-28 21:33 556735 ----a-w- c:\windows\Janes Hotel Mania Uninstaller.exe
2011-10-27 18:27 . 2011-10-27 20:40 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Skype
2011-10-27 18:27 . 2011-10-27 18:27 -------- d-----r- c:\program files\Skype
2011-10-27 18:27 . 2011-10-27 18:27 -------- d-----w- c:\programdata\Skype
2011-10-26 01:08 . 2011-10-26 01:08 -------- d-----w- C:\found.000
2011-10-23 20:58 . 2011-10-18 04:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6CE2788-7369-438A-8281-1EB68FF6E8F9}\mpengine.dll
2011-10-23 20:37 . 2011-10-23 20:37 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Avira
2011-10-23 20:36 . 2011-10-11 17:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-23 20:36 . 2011-10-11 17:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-23 20:36 . 2011-10-11 17:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-23 20:36 . 2011-10-23 20:36 -------- d-----w- c:\programdata\Avira
2011-10-23 20:36 . 2011-10-23 20:36 -------- d-----w- c:\program files\Avira
2011-10-19 13:57 . 2009-03-06 20:09 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys
2011-10-19 13:57 . 2009-11-09 14:04 668160 ----a-w- c:\windows\system32\drivers\Dnetr28.sys
2011-10-19 13:57 . 2009-11-09 13:56 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\program files\D-Link
2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\InstallShield
2011-10-13 20:17 . 2011-10-13 20:32 -------- d-----w- c:\programdata\GoBoingo
2011-10-13 20:06 . 2011-10-13 20:06 -------- d-----w- c:\windows\Downloaded Installations
2011-10-13 16:04 . 2011-10-13 16:04 -------- d-----w- c:\program files\REALTEK
2011-10-13 16:04 . 2009-04-02 13:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2011-10-13 16:04 . 2009-03-31 17:31 380928 ----a-w- c:\windows\RtlUI2.exe
2011-10-13 16:04 . 2008-07-01 15:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2011-10-13 16:04 . 2009-02-05 05:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 16:03 . 2009-06-10 21:18 1183232 ----a-w- c:\windows\system32\drivers\RTL85n86.sys
2011-09-22 13:35 . 2011-09-22 13:35 1520589 ----a-w- c:\windows\Plants vs Zombies - Game of the Year Uninstaller.exe
2011-07-03 17:24 . 2011-04-30 04:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-525"="c:\program files\D-Link\DWA-525 revA\AirNCFG.exe" [2009-11-24 995328]
"WZCSLDR2"="c:\program files\D-Link\DWA-525 revA\WZCSLDR2.exe" [2009-11-03 122880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-25 19:05 136176 ----atw- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 10:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 05:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 MpKsl052b82d9;MpKsl052b82d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DB6FBBF-C860-4F80-A696-C7D2CFADE47C}\MpKsl052b82d9.sys [x]
R1 MpKsl10c10c9e;MpKsl10c10c9e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67A88633-6BBB-4210-BD7C-7A6A01128A1E}\MpKsl10c10c9e.sys [x]
R1 MpKsl4fb67f6d;MpKsl4fb67f6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A878AE54-8E56-4942-9EE3-258AAB55F7DB}\MpKsl4fb67f6d.sys [x]
R1 MpKslc5209147;MpKslc5209147;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC596601-7C84-4AFC-ACCE-A63F27F5AC05}\MpKslc5209147.sys [x]
R2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\D-Link\DWA-525 revA\ANIWZCSdS.exe [2009-11-03 126976]
R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\D-Link\DWA-525 revA\ANIWConnService.exe [2009-07-07 40960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 netr28;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\Dnetr28.sys [2009-11-09 668160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2011-10-13 1183232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-30 218688]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Realtek8185;Realtek8185;c:\program files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522802805-4246047042-242764459-1000Core.job
- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 19:05]
.2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522802805-4246047042-242764459-1000UA.job
- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 19:05]
.
.------- Scan Suplementar -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{28EC040A-8F52-46C2-9E1A-A274CB93F71C}: DhcpNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{93D4286C-D95D-4966-9F99-058C75FC8DAB}: NameServer = 208.67.222.222
TCP: Interfaces\{D1786496-CB97-402F-B0F2-5EA936E594A4}: NameServer = 200.142.132.32 200.220.227.57
FF - ProfilePath - c:\users\Ivanildo\AppData\Roaming\Mozilla\Firefox\Profiles\24mf45hy.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&instlRef=sst&affID=17160&q=
.
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-11-07 18:21:50
ComboFix-quarantined-files.txt 2011-11-07 20:21
.
Pré-execução: 65.034.162.176 bytes disponíveis
Pós execução: 65.397.678.080 bytes disponíveis
.
O log está limpo..
*Clique [iniciar] > [Todos os programas] > [Acessórios] > [Executar] > copie e cole:
c:\users\Ivanildo\Desktop\ComboFix.exe /uninstall
*Clique [OK] e aguarde a mensagem: "ComboFix está desinstalado"
Pronto, desinstalado.
Agora que meu log está limpo, pra resolver esse problema de hardware só ir no outro fórum, né? Porque olha.. Está MUITO difícil aqui haha
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Olá Yukko~
1.
*Baixe e instale o MalwareBytes
*Aguarde a atualização e o programa será aberto automaticamente
*Na aba [Verificação], selecione [Verificação completa]
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
Caso já tenhas o Malwarebytes instalado....
*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]
*Na aba [Verificação], selecione Verificação completa
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
2.
*Baixe o OTL e salve-o no desktop
*Execute-o e selecione as opções:
Verificar All Users
Ignorar Arquivos Microsoft
Usar WhiteList para Nomes de Companhias
Verificar Lop
Verificar Purity
*Selecione, copie e cole o código no espaço abaixo de Exames Personalizados/Correções
netsvcs
**%ALLUSERSPROFILE%\*.***
**%ALLUSERSPROFILE%\Dados de aplicativos\*.***
**%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.***
%SYSTEMDRIVE%\*
**%SYSTEMDRIVE%\*.***
CREATERESTOREPOINT
*Clique [Verificar]
*Cole apenas o relatório OTL.txt
Caso o relatório fique demasiadamente grande...
*Acesse este link
*Clique [Enviar arquivo]
*Localize o arquivo OTL.txt no desktop
*Clique [Abrir] > [Créer le lien Cjoint]
*Cole o endereço criado