[Resolvido] &nbspBlue Screen + Aviso de Computador Zumbi.

[Yukko~ 0]

Olá

 

Bom, há um tempo atrás eu postei esse problema de reinicialização do computador + Blue Screen e obtive a informação de que não era nada, BUT! De uns tempos pra cá isso se tornou extremamente frequente. Ok, isso mostra um problema de hardware, mas notei que algumas vezes que acesso a alguns sites recebo um aviso de que meu computador pode ser um zumbi (?) e eu, leiga como sou, apelei para o Sr. Google e ele me disse que isso pode ter relação com o meu problema de tela azul.

 

Fiz um log do HiJackThis mas tive um problema e o log não sai completo, segue a mensagem e o log:

 

"For some reason your system denied write accessto the Hosts file. If any hijacked domains are in thisfile, HijackThis may NOT be able to fix this."

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:04:37, on 02/11/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Vivo 3G\Vivo 3G.exe

C:\Program Files\Vivo 3G\CMUpdater.exe

C:\Windows\system32\taskeng.exe

C:\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [D-Link D-Link DWA-525] C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Google Update] "C:\Users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3988E2E1-EC4E-4351-9201-BB6C1F28BAAD}: NameServer = 200.142.132.32 200.220.227.57

O17 - HKLM\System\CCS\Services\Tcpip\..\{93D4286C-D95D-4966-9F99-058C75FC8DAB}: NameServer = 208.67.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) - Wireless Service - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Realtek8185 - Realtek - C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe

 

--

End of file - 4404 bytes

[wings 22]

Olá Yukko~

 

 

1.

*Baixe e instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Baixe o OTL e salve-o no desktop

*Execute-o e selecione as opções:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

 

*Selecione, copie e cole o código no espaço abaixo de Exames Personalizados/Correções

netsvcs

%ALLUSERSPROFILE%\*.*

%ALLUSERSPROFILE%\Dados de aplicativos\*.*

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

CREATERESTOREPOINT

 

*Clique [Verificar]

*Cole apenas o relatório OTL.txt

 

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[Yukko~ 0]

Olá, wings

 

Entao, eu instalei o malwarebytes e coloquei pra fazer uma análise, mas estou com um problema, meu computador nao consegue terminar nenhuma análise sem ser desligado pela tela azul, seja em modo normal ou de seguranca. Eu realmente nao sei o que fazer. Enfim, aguardo sua resposta.

 

Gabi.

[wings 22]

Tente fazer o scan desconectada da internet.

[Yukko~ 0]

Eu tentei já, na verdade, eu até desativei minha placa de rede sem fio e nada, ele sempre reinicia com menos de 5 minutos de análise. Comolidar#

[wings 22]

Eu tentei já, na verdade, eu até desativei minha placa de rede sem fio e nada, ele sempre reinicia com menos de 5 minutos de análise. Comolidar#

Realmente fica difícil.

 

*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios no desktop (DDS.txt e Attach.txt)

*Cole apenas o relatório DDS.txt

[Yukko~ 0]

Aqui, o relatório do DDS:

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Ivanildo at 22:14:57 on 2011-11-06

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3039.2293 [GMT -2:00]

.

AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe

C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWlan.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe

C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Vivo 3G\Vivo 3G.exe

C:\Program Files\Vivo 3G\CMUpdater.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160

uDefault_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL

mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Google Update] "c:\users\ivanildo\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [D-Link D-Link DWA-525] c:\program files\d-link\dwa-525 reva\AirNCFG.exe

mRun: [WZCSLDR2] c:\program files\d-link\dwa-525 reva\WZCSLDR2.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: Interfaces\{28EC040A-8F52-46C2-9E1A-A274CB93F71C} : DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{3988E2E1-EC4E-4351-9201-BB6C1F28BAAD} : NameServer = 200.142.132.32 200.220.227.57

TCP: Interfaces\{93D4286C-D95D-4966-9F99-058C75FC8DAB} : NameServer = 208.67.222.222

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ivanildo\appdata\roaming\mozilla\firefox\profiles\24mf45hy.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: c:\users\ivanildo\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\ivanildo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-10-19 12800]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-23 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-30 218688]

R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-23 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-23 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-23 74640]

R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\d-link\dwa-525 reva\ANIWConnService.exe [2011-10-19 40960]

R2 Realtek8185;Realtek8185;c:\program files\realtek\rtl8185 wireless lan utility\RtlService.exe [2011-10-13 40960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 22216]

S2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\d-link\dwa-525 reva\ANIWZCSdS.exe [2011-10-19 126976]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 366152]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-3 41272]

S3 netr28;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\Dnetr28.sys [2011-10-19 668160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 1183232]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

.

=============== Created Last 30 ================

.

2011-11-03 23:46:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-03 23:29:44 -------- d-----w- c:\users\ivanildo\appdata\roaming\Malwarebytes

2011-11-03 23:29:38 -------- d-----w- c:\programdata\Malwarebytes

2011-11-03 23:29:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-03 23:29:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-03 22:50:24 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c6ce2788-7369-438a-8281-1eb68ff6e8f9}\offreg.dll

2011-11-03 00:41:47 -------- d-----w- C:\HiJackThis

2011-10-30 04:00:57 -------- d-----w- c:\program files\CCleaner

2011-10-28 21:33:24 556735 ----a-w- c:\windows\Janes Hotel Mania Uninstaller.exe

2011-10-27 18:27:36 -------- d-----r- c:\program files\Skype

2011-10-26 01:08:38 -------- d-sh--w- C:\found.000

2011-10-23 20:58:30 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-10-23 20:58:28 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c6ce2788-7369-438a-8281-1eb68ff6e8f9}\mpengine.dll

2011-10-23 20:37:16 -------- d-----w- c:\users\ivanildo\appdata\roaming\Avira

2011-10-23 20:36:47 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-23 20:36:47 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-23 20:36:44 -------- d-----w- c:\programdata\Avira

2011-10-23 20:36:44 -------- d-----w- c:\program files\Avira

2011-10-19 13:57:48 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys

2011-10-19 13:57:47 668160 ----a-w- c:\windows\system32\drivers\Dnetr28.sys

2011-10-19 13:57:47 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2011-10-19 13:57:46 -------- d-----w- c:\program files\D-Link

2011-10-13 20:17:24 -------- d-----w- c:\programdata\GoBoingo

2011-10-13 20:06:56 -------- d-----w- c:\windows\Downloaded Installations

2011-10-13 16:04:53 614400 ----a-w- c:\windows\system32\Rtlihvs.dll

2011-10-13 16:04:53 380928 ----a-w- c:\windows\RtlUI2.exe

2011-10-13 16:04:53 188416 ----a-w- c:\windows\system32\RTLExtUI.dll

2011-10-13 16:04:53 -------- d-----w- c:\program files\REALTEK

2011-10-13 16:04:52 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe

.

==================== Find3M ====================

.

2011-10-13 16:03:25 1183232 ----a-w- c:\windows\system32\drivers\RTL85n86.sys

2011-09-22 13:35:20 1520589 ----a-w- c:\windows\Plants vs Zombies - Game of the Year Uninstaller.exe

.

============= FINISH: 22:15:31,53 ===============

[wings 22]

Faça um backup dos seus arquivos pessoais antes de continuar com o procedimento, pois como seu PC está com problema de hardware, o Windows poderá ser afetado e necessitar de uma nova reinstalação.

 

1.

*Delete o DDS e seus relatórios

 

2.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

3.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o, aceite o contrato e aguarde a conclusão das etapas

 

Algumas observações:

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

[Yukko~ 0]

Aqui, o relatório do ComboFix:

 

 

ComboFix 11-11-07.03 - Ivanildo 07/11/2011 18:16:43.2.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3039.2339 [GMT -2:00]

Executando de: c:\users\Ivanildo\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-10-07 to 2011-11-07 ))))))))))))))))))))))))))))

.

.

2011-11-07 20:20 . 2011-11-07 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-07 19:13 . 2011-11-07 19:13 -------- d-----w- c:\users\Ivanildo\AppData\Local\ElevatedDiagnostics

2011-11-03 23:46 . 2011-11-07 00:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Malwarebytes

2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\programdata\Malwarebytes

2011-11-03 23:29 . 2011-11-03 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-03 23:29 . 2011-08-31 19:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-30 04:00 . 2011-10-30 04:00 -------- d-----w- c:\program files\CCleaner

2011-10-28 21:33 . 2011-10-28 21:33 556735 ----a-w- c:\windows\Janes Hotel Mania Uninstaller.exe

2011-10-27 18:27 . 2011-10-27 20:40 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Skype

2011-10-27 18:27 . 2011-10-27 18:27 -------- d-----r- c:\program files\Skype

2011-10-27 18:27 . 2011-10-27 18:27 -------- d-----w- c:\programdata\Skype

2011-10-26 01:08 . 2011-10-26 01:08 -------- d-----w- C:\found.000

2011-10-23 20:58 . 2011-10-18 04:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6CE2788-7369-438A-8281-1EB68FF6E8F9}\mpengine.dll

2011-10-23 20:37 . 2011-10-23 20:37 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\Avira

2011-10-23 20:36 . 2011-10-11 17:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-23 20:36 . 2011-10-11 17:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-23 20:36 . 2011-10-11 17:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-10-23 20:36 . 2011-10-23 20:36 -------- d-----w- c:\programdata\Avira

2011-10-23 20:36 . 2011-10-23 20:36 -------- d-----w- c:\program files\Avira

2011-10-19 13:57 . 2009-03-06 20:09 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys

2011-10-19 13:57 . 2009-11-09 14:04 668160 ----a-w- c:\windows\system32\drivers\Dnetr28.sys

2011-10-19 13:57 . 2009-11-09 13:56 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\program files\D-Link

2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\users\Ivanildo\AppData\Roaming\InstallShield

2011-10-13 20:17 . 2011-10-13 20:32 -------- d-----w- c:\programdata\GoBoingo

2011-10-13 20:06 . 2011-10-13 20:06 -------- d-----w- c:\windows\Downloaded Installations

2011-10-13 16:04 . 2011-10-13 16:04 -------- d-----w- c:\program files\REALTEK

2011-10-13 16:04 . 2009-04-02 13:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll

2011-10-13 16:04 . 2009-03-31 17:31 380928 ----a-w- c:\windows\RtlUI2.exe

2011-10-13 16:04 . 2008-07-01 15:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll

2011-10-13 16:04 . 2009-02-05 05:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-13 16:03 . 2009-06-10 21:18 1183232 ----a-w- c:\windows\system32\drivers\RTL85n86.sys

2011-09-22 13:35 . 2011-09-22 13:35 1520589 ----a-w- c:\windows\Plants vs Zombies - Game of the Year Uninstaller.exe

2011-07-03 17:24 . 2011-04-30 04:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link D-Link DWA-525"="c:\program files\D-Link\DWA-525 revA\AirNCFG.exe" [2009-11-24 995328]

"WZCSLDR2"="c:\program files\D-Link\DWA-525 revA\WZCSLDR2.exe" [2009-11-03 122880]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-25 19:05 136176 ----atw- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2007-08-24 10:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 05:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

R1 MpKsl052b82d9;MpKsl052b82d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DB6FBBF-C860-4F80-A696-C7D2CFADE47C}\MpKsl052b82d9.sys [x]

R1 MpKsl10c10c9e;MpKsl10c10c9e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67A88633-6BBB-4210-BD7C-7A6A01128A1E}\MpKsl10c10c9e.sys [x]

R1 MpKsl4fb67f6d;MpKsl4fb67f6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A878AE54-8E56-4942-9EE3-258AAB55F7DB}\MpKsl4fb67f6d.sys [x]

R1 MpKslc5209147;MpKslc5209147;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC596601-7C84-4AFC-ACCE-A63F27F5AC05}\MpKslc5209147.sys [x]

R2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\D-Link\DWA-525 revA\ANIWZCSdS.exe [2009-11-03 126976]

R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\D-Link\DWA-525 revA\ANIWConnService.exe [2009-07-07 40960]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 netr28;D-Link 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\Dnetr28.sys [2009-11-09 668160]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2011-10-13 1183232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-30 218688]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 Realtek8185;Realtek8185;c:\program files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522802805-4246047042-242764459-1000Core.job

- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 19:05]

.

2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522802805-4246047042-242764459-1000UA.job

- c:\users\Ivanildo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 19:05]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&affID=17160

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{28EC040A-8F52-46C2-9E1A-A274CB93F71C}: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{93D4286C-D95D-4966-9F99-058C75FC8DAB}: NameServer = 208.67.222.222

TCP: Interfaces\{D1786496-CB97-402F-B0F2-5EA936E594A4}: NameServer = 200.142.132.32 200.220.227.57

FF - ProfilePath - c:\users\Ivanildo\AppData\Roaming\Mozilla\Firefox\Profiles\24mf45hy.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6476f14700000000000000064f68d55f&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-11-07 18:21:50

ComboFix-quarantined-files.txt 2011-11-07 20:21

.

Pré-execução: 65.034.162.176 bytes disponíveis

Pós execução: 65.397.678.080 bytes disponíveis

.

- - End Of File - - 7EAB3DFC9F338C85085A27C586E100B6

[wings 22]

O log está limpo..

 

*Clique [iniciar] > [Todos os programas] > [Acessórios] > [Executar] > copie e cole:

c:\users\Ivanildo\Desktop\ComboFix.exe /uninstall

 

*Clique [OK] e aguarde a mensagem: "ComboFix está desinstalado"

[Yukko~ 0]

Pronto, desinstalado.

 

Agora que meu log está limpo, pra resolver esse problema de hardware só ir no outro fórum, né? Porque olha.. Está MUITO difícil aqui haha

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.