Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

danmex

[Resolvido!] Analise de log =/

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

danmex    0

danmex
Postado

Boa tarde amigos

meu pc ta estranho apareceram 3 pastas q nao consigo excluir na minha partição D. as vezes da um erro no windows quando reinicio ai quando acabar de carregar aparece uma tela azul ai reinicia o pc ou desliga as vezes

=/ aqui vai o log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:23:46, on 28/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5493 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

bom dia wings

aqui vai o log

 

Autoscan: malfunction (events: 6, objects: , time: 00:00:00)

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Autoscan: malfunction (events: 1, objects: 0, time: Unknown)

29/6/2010 23:36:51 Task started

Autoscan: completed 4 minutes ago (events: 6, objects: 355506, time: 04:15:12)

30/6/2010 00:03:33 Task started

30/6/2010 02:56:28 Detected: Trojan-Dropper.Win32.Halk.cz D:\anderson arquivos\anderson arquivos\doc\aknust\arquivos\arq winrar\FF8 All 5 CD + Goodies.rar/Goodies.rar/Goodies/FMV Movie Extract/binkplay.exe/Shrinker

30/6/2010 02:56:40 Untreated: Trojan-Dropper.Win32.Halk.cz D:\anderson arquivos\anderson arquivos\doc\aknust\arquivos\arq winrar\FF8 All 5 CD + Goodies.rar/Goodies.rar/Goodies/FMV Movie Extract/binkplay.exe/Shrinker Write not supported

30/6/2010 03:41:18 Detected: Trojan-PSW.Win32.VB.bur D:\System Volume Information\_restore{61865DA7-6C12-4140-AA1F-0849A40D4D6D}\RP279\A0162673.exe/YouTubeCatcher_1_0_setup.msi/_97A1165E4FD07563A3B925A98F2CB0AB/_9A65EFD64A6B407E9CB7642B78E9CFDB

30/6/2010 03:41:23 Untreated: Trojan-PSW.Win32.VB.bur D:\System Volume Information\_restore{61865DA7-6C12-4140-AA1F-0849A40D4D6D}\RP279\A0162673.exe/YouTubeCatcher_1_0_setup.msi/_97A1165E4FD07563A3B925A98F2CB0AB/_9A65EFD64A6B407E9CB7642B78E9CFDB Write not supported

30/6/2010 04:18:46 Task completed

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Bom dia....

 

 

Quais são os nomes das pastas?

 

Se elas estiverem em D:\System Volume Information, esta pasta pertence ao sistema correspondendo a restauração da referida partição (D:\). Caso seja isto, basta desativar a restauração do sistema para todas as unidades.

 

1. Clique com o botão direito do mouse em Meu Computador

2. Selecione Propriedades

3. Clique em Restauração do Sistema

4. Marque Desativar Restauração do Sistema > Aplicar > OK

5. Depois desmarque novamente. Aplicar > OK.

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Boa tarde wings!

na verdade são pastas q são letras e numeros misturados

parece ate um virus

 

8a560253006c441ba03d30

28d7bef4504d7fd7fd

29b2ca13addc3944e859

 

esses são os nomes delas

aqui vai uma imagem delas

 

http://img810.imageshack.us/img810/8751/imagemba.png

 

obs: ja fiz isso que você falou sobre a restauração do sistema, nao deu certo, elas nao sumiram e tbm nao conseguir exclui-las.

 

E sobre o pc reiniciar sozinho? porq tipo quando inicio o pc quando acabar de carregar o WINDOWS XP da uma tela azul ai trava e reinicia de novo!tenhu que esperar uns 15 minutos pra poder ligar o pc de novo e ele ligar normalmente =/ isso nao e virus ou uma entrada maliciosa?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Baixe o SystemLook e salve-o no desktop

 

*Duplo clique em SystemLook.exe

*Cole o código abaixo no espaço em branco:

 

:dir

D:\8a560253006c441ba03d30

D:\28d7bef4504d7fd7fd

D:\29b2ca13addc3944e859

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Boa noite wings

 

aqui vai o log gerado

 

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 23:53 on 30/06/2010 by ANDKNUST (Administrator - Elevation successful)

 

========== dir ==========

 

D:\8a560253006c441ba03d30 - Parameters: "(none)"

 

---Files---

$shtdwn$.req --ah-- 788 bytes [17:30 24/06/2010] [17:30 24/06/2010]

baseline.dat --a--- 50872 bytes [03:27 09/11/2007] [03:27 09/11/2007]

BITS_Text.htm --a--- 1084 bytes [10:38 08/11/2007] [10:38 08/11/2007]

CustomText.1033.dll --a--- 52752 bytes [03:32 09/11/2007] [03:32 09/11/2007]

deffactory.dat --a--- 746 bytes [03:27 09/11/2007] [03:27 09/11/2007]

DeleteTemp.exe --a--- 97280 bytes [19:26 07/11/2007] [19:26 07/11/2007]

dlmgr.dll --a--- 276472 bytes [19:26 07/11/2007] [19:26 07/11/2007]

DW20.EXE --a--- 633848 bytes [20:53 07/11/2007] [20:53 07/11/2007]

DWINTL20.DLL --a--- 111616 bytes [20:53 07/11/2007] [20:53 07/11/2007]

eula.1033.txt --a--- 25882 bytes [03:27 09/11/2007] [03:27 09/11/2007]

ExpressRes.dll --a--- 270336 bytes [02:54 09/11/2007] [02:54 09/11/2007]

ExpressUI.dll --a--- 820736 bytes [02:54 09/11/2007] [02:54 09/11/2007]

gencomp.dll --a--- 1059328 bytes [19:26 07/11/2007] [19:26 07/11/2007]

HtmlLite.dll --a--- 177152 bytes [19:26 07/11/2007] [19:26 07/11/2007]

IA64block_text.htm --a--- 162 bytes [00:41 08/11/2007] [00:41 08/11/2007]

ie6sp_help.htm --a--- 2112 bytes [11:02 08/11/2007] [11:02 08/11/2007]

ie6sp_text.htm --a--- 370 bytes [11:02 08/11/2007] [11:02 08/11/2007]

locdata.ini --a--- 6718 bytes [03:27 09/11/2007] [03:27 09/11/2007]

logo.bmp --a--- 80164 bytes [03:27 09/11/2007] [03:27 09/11/2007]

readme.htm --a--- 30633 bytes [02:51 09/11/2007] [02:51 09/11/2007]

setup.exe --a--- 269304 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setup.sdb --a--- 68314 bytes [03:27 09/11/2007] [03:27 09/11/2007]

setupres.dll --a--- 109568 bytes [19:26 07/11/2007] [19:26 07/11/2007]

Silverlight_EULA.htm --a--- 19813 bytes [02:51 09/11/2007] [02:51 09/11/2007]

Silverlight_privacy.htm --a--- 17398 bytes [02:51 09/11/2007] [02:51 09/11/2007]

SITSetup.dll --a--- 1361920 bytes [19:26 07/11/2007] [19:26 07/11/2007]

Thumbs.db --ahs- 5120 bytes [06:40 30/06/2010] [06:40 30/06/2010]

Troubleshoot_Guide.htm --a--- 15923 bytes [10:38 08/11/2007] [10:38 08/11/2007]

vs70uimgr.dll --a--- 627712 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vsbasereqs.dll --a--- 411136 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vsscenario.dll --a--- 687104 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vs_setup.dll --a--- 1045504 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vs_setup.MS_ --a--- 2516992 bytes [04:36 09/11/2007] [04:36 09/11/2007]

vs_setup.pdi --a--- 4886 bytes [03:27 09/11/2007] [03:27 09/11/2007]

windows2000sp_help.htm --a--- 2156 bytes [11:02 08/11/2007] [11:02 08/11/2007]

windows2000sp_text.htm --a--- 422 bytes [11:02 08/11/2007] [11:02 08/11/2007]

windows2003sp_help.htm --a--- 2133 bytes [11:02 08/11/2007] [11:02 08/11/2007]

windows2003sp_text.htm --a--- 386 bytes [11:02 08/11/2007] [11:02 08/11/2007]

windowsXPsp_help.htm --a--- 2179 bytes [11:02 08/11/2007] [11:02 08/11/2007]

windowsXPsp_text.htm --a--- 382 bytes [11:02 08/11/2007] [11:02 08/11/2007]

 

---Folders---

None found.

 

D:\28d7bef4504d7fd7fd - Parameters: "(none)"

 

---Files---

baseline.dat --a--- 210834 bytes [22:00 07/11/2007] [22:00 07/11/2007]

deffactory.dat --a--- 784 bytes [22:00 07/11/2007] [22:00 07/11/2007]

DeleteTemp.exe --a--- 97280 bytes [19:26 07/11/2007] [19:26 07/11/2007]

dlmgr.dll --a--- 276472 bytes [19:26 07/11/2007] [19:26 07/11/2007]

DW20.EXE --a--- 633848 bytes [22:39 07/11/2007] [22:39 07/11/2007]

DWINTL20.DLL --a--- 111616 bytes [22:39 07/11/2007] [22:39 07/11/2007]

eula.1025.rtf --a--- 7768 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1028.rtf --a--- 5768 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1029.rtf --a--- 3669 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1030.rtf --a--- 3316 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1031.rtf --a--- 3316 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1032.rtf --a--- 9304 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1033.rtf --a--- 3109 bytes [16:16 07/11/2007] [16:16 07/11/2007]

eula.1035.rtf --a--- 3732 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1036.rtf --a--- 3175 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1037.rtf --a--- 8324 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1038.rtf --a--- 4179 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1040.rtf --a--- 3336 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1041.rtf --a--- 9375 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1042.rtf --a--- 11076 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1043.rtf --a--- 3439 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1044.rtf --a--- 3333 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1045.rtf --a--- 4413 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1046.rtf --a--- 3315 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1049.rtf --a--- 9647 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1053.rtf --a--- 3267 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.1055.rtf --a--- 4254 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.2052.rtf --a--- 5117 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.2070.rtf --a--- 3808 bytes [22:00 07/11/2007] [22:00 07/11/2007]

eula.3082.rtf --a--- 3068 bytes [22:00 07/11/2007] [22:00 07/11/2007]

gencomp.dll --a--- 1059328 bytes [19:26 07/11/2007] [19:26 07/11/2007]

HtmlLite.dll --a--- 177152 bytes [19:26 07/11/2007] [19:26 07/11/2007]

locdata.1025.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1028.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1029.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1030.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1031.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1032.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1035.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1036.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1037.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1038.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1040.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1041.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1042.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1043.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1044.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1045.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1046.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1049.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1053.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.1055.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.2052.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.2070.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.3082.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

locdata.ini --a--- 15888 bytes [22:00 07/11/2007] [22:00 07/11/2007]

logo.bmp --a--- 5208 bytes [19:20 07/11/2007] [19:20 07/11/2007]

setup.exe --a--- 269304 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setup.sdb --a--- 73128 bytes [22:00 07/11/2007] [22:00 07/11/2007]

setupres.1025.dll --a--- 112128 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1028.dll --a--- 84992 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1029.dll --a--- 124416 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1030.dll --a--- 125440 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1031.dll --a--- 129536 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1032.dll --a--- 136192 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1035.dll --a--- 120832 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1036.dll --a--- 132096 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1037.dll --a--- 110080 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1038.dll --a--- 131072 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1040.dll --a--- 127488 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1041.dll --a--- 96768 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1042.dll --a--- 93696 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1043.dll --a--- 127488 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1044.dll --a--- 120320 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1045.dll --a--- 126976 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1046.dll --a--- 121856 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1049.dll --a--- 122368 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1053.dll --a--- 120320 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.1055.dll --a--- 119808 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.2052.dll --a--- 83456 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.2070.dll --a--- 130048 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.3082.dll --a--- 130560 bytes [19:26 07/11/2007] [19:26 07/11/2007]

setupres.dll --a--- 109568 bytes [19:26 07/11/2007] [19:26 07/11/2007]

SITSetup.dll --a--- 1361920 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vs70uimgr.dll --a--- 627712 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vsbasereqs.dll --a--- 411136 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vsscenario.dll --a--- 687104 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vs_setup.dll --a--- 1045504 bytes [19:26 07/11/2007] [19:26 07/11/2007]

vs_setup.MS_ --a--- 617472 bytes [22:39 07/11/2007] [22:39 07/11/2007]

vs_setup.pdi --a--- 20796 bytes [22:00 07/11/2007] [22:00 07/11/2007]

WapRes.1025.dll --a--- 102904 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1028.dll --a--- 90104 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1029.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1030.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1031.dll --a--- 111608 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1032.dll --a--- 113656 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1035.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1036.dll --a--- 112120 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1037.dll --a--- 101368 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1038.dll --a--- 111096 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1040.dll --a--- 110072 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1041.dll --a--- 95736 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1042.dll --a--- 92664 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1043.dll --a--- 108536 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1044.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1045.dll --a--- 109048 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1046.dll --a--- 107512 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1049.dll --a--- 107000 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1053.dll --a--- 105976 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.1055.dll --a--- 106488 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.2052.dll --a--- 89080 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.2070.dll --a--- 110072 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.3082.dll --a--- 111096 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapRes.dll --a--- 107512 bytes [19:26 07/11/2007] [19:26 07/11/2007]

WapUI.dll --a--- 982008 bytes [19:26 07/11/2007] [19:26 07/11/2007]

 

---Folders---

None found.

 

D:\29b2ca13addc3944e859 - Parameters: "(none)"

 

---Files---

None found.

 

---Folders---

1025 d----- [21:21 14/03/2010]

1028 d----- [21:21 14/03/2010]

1029 d----- [21:21 14/03/2010]

1030 d----- [21:21 14/03/2010]

1031 d----- [21:21 14/03/2010]

1032 d----- [21:21 14/03/2010]

1033 d----- [21:21 14/03/2010]

1035 d----- [21:21 14/03/2010]

1036 d----- [21:21 14/03/2010]

1037 d----- [21:21 14/03/2010]

1038 d----- [21:21 14/03/2010]

1040 d----- [21:21 14/03/2010]

1041 d----- [21:21 14/03/2010]

1042 d----- [21:21 14/03/2010]

1043 d----- [21:21 14/03/2010]

1044 d----- [21:21 14/03/2010]

1045 d----- [21:21 14/03/2010]

1046 d----- [21:21 14/03/2010]

1049 d----- [21:21 14/03/2010]

1053 d----- [21:21 14/03/2010]

1055 d----- [21:21 14/03/2010]

2052 d----- [21:21 14/03/2010]

2070 d----- [21:21 14/03/2010]

3076 d----- [21:21 14/03/2010]

3082 d----- [21:21 14/03/2010]

 

-=End Of File=-

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Nada de anormal nas pastas....

 

Muitos arquivos do Microsoft Visual Studio.

 

Acredito que a tela azul possa ser decorrente de Hardware.

 

1.

*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start

*A tela principal do Kaspersky será aberta novamente

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete o arquivo setup do Kaspersky e o log salvo no desktop

 

2.

*Baixe o RootKit Unhooker LE e salve-o no desktop

*Execute o programa

*Clique em [Report] > [scan]

*Desmarque as opções:

 

[] Files

[] Code Hooks

[] SSDT

*Clique [OK]

*Ao término será apresentado um relatório

*Clique em [File] > [save Report] e salve-o no desktop

*Clique em [Close] > [Yes]

*Cole-o na sua próxima resposta

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Boa tarde wings!

 

você tinha razão sobre a tela azul hehehe era o slot da placa mãe eu acho q ta corrompido, troquei ai voltou a funcionar normalmente =)

 

aqui vai o log gerado!

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x867C49C8 [4] System

0x8615FDA0 [172] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 71.25)

0x860EFDA0 [188] C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java Quick Starter Service)

0x864CF860 [236] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)

0x864146A0 [244] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation, Windows Live Device Manager Executable)

0x861EA328 [260] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java Update Scheduler)

0x8640AC68 [272] C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc., -)

0x864C4860 [296] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)

0x861484C0 [364] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Executa uma DLL como um aplicativo)

0x86430A28 [376] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)

0x86431B88 [404] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)

0x86414DA0 [448] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )

0x86483020 [636] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Gerenciador de Sessão do Windows NT)

0x864F3940 [684] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x86344DA0 [708] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Aplicativo de logon do Windows NT)

0x866A94B0 [752] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Aplicativo de serviços e controle)

0x86698928 [764] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))

0x86379DA0 [960] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x861647A8 [968] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x86284DA0 [1024] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x86349BE0 [1120] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x865522F0 [1160] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x8610EDA0 [1204] C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies, Skype Extras Manager)

0x861E3DA0 [1240] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x860F8A20 [1360] C:\Documents and Settings\ANDKNUST\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)

0x861DFDA0 [1384] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x86366A20 [1588] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x864FD528 [1668] C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)

0x860EE530 [1876] C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)

0x8620F4E0 [1932] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)

0x861C9860 [1940] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)

0x8608DDA0 [2248] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)

0x860FB870 [2280] C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)

0x860C49C8 [2780] C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)

0x860249F0 [3292] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4034560 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 71.25 )

0xF7300000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3334144 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.25 )

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, Núcleo e sistema do NT)

0x804D7000 PnpManager 2265088 bytes

0x804D7000 RAW 2265088 bytes

0x804D7000 WMIxWDM 2265088 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Driver Win32 multiusuário)

0xF71E6000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 712704 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xF76BD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF5730000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF7030000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF583B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xF1D1E000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF1A16000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF712E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF7814000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF231D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7690000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF055E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF57A0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF5813000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF77BE000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xF57ED000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF4DAA000 C:\WINDOWS\System32\Drivers\TP6800.sys 151552 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)

0xF58E1000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 147456 bytes (Roxio, DVDVR XP Filesystem Reader Driver)

0xF71C2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF7294000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF72B8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF57CB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80700000 ACPI_HAL 134400 bytes

0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7786000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF77E4000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver de disco com tolerância a falhas)

0xF5601000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)

0xF7676000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF77A6000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF3CEF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF775D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF7197000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF2DDD000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)

0xF2398000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF2E6B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)

0xF71AE000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver de porta paralela)

0xF72EC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF5894000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF774A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7774000 sr.sys 73728 bytes (Microsoft Corporation, Driver de filtro do sistema de arquivos da restauração do sistema)

0xF72DB000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 69632 bytes (Roxio, CDR4_XP CDR Helper)

0xF7803000 pci.sys 69632 bytes (Microsoft Corporation, Enumerador NT Plug and Play PCI)

0xF715E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF4BB7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF78F3000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7923000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver de dispositivo serial)

0xF7913000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7903000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF2CB5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF711E000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)

0xF79B3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7933000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver de porta i8042)

0xF78A3000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7943000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7A73000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xF7883000 VolSnap.sys 53248 bytes (Microsoft Corporation, Driver de cópia de sombra de volume)

0xF7983000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)

0xF7963000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7A23000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF78E3000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7873000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7953000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF78B3000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)

0xF7AD3000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver de dispositivo de processador)

0xF7863000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF79A3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7993000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7893000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF710E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF7973000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7A13000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF182E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7A03000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7C4B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7AFB000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7BCB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7BDB000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7BD3000 C:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)

0xF7B33000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7BF3000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver de classe teclado)

0xF7AE3000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7C63000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF7BBB000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 24576 bytes (Roxio, CDRAL for Windows 2000 Kernel Driver)

0xF7BEB000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver de classe modem)

0xF7C53000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF7BC3000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7C3B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7BE3000 C:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)

0xF7C43000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7AEB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7C0B000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7BFB000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)

0xF7C13000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7C03000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF4D5A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF1F4D000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)

0xF7D4F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF2E83000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7D27000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7C73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF4A54000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF717B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7D2B000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)

0xF7D37000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7D03000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7DA1000 C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7D99000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7D69000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7DEB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7D97000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7D63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D9B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7E1F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Driver paralelo VDM)

0xF7D9D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7D93000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7D95000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7D67000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7D65000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7ECC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7EF9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7F96000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7E2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

 

abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...o PC está limpo :)

 

1.

*Delete o SystemLook e seu relatório

 

2.

*Delete o Rootkit Unhooker LE e seu relatório

 

3.

*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start

*A tela principal do Kaspersky será aberta novamente

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete o arquivo setup do Kaspersky e o log salvos no desktop

 

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito