Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Jeovane Martins

IExplorer não navega e Word não salva

Recommended Posts

Caros colegas,

Meu note tem o Vista Business, com office 2007 instalado e com as atualizações habilitadas. Anti virus Avira.

Há alguns dias minha barra lateral parou de funcionar. Ao carregar no início ela dava erro e dizia que não podia ser carregada. Tirei da inicialização.

Alguns dias depois o Word parou de salvar. Abre, fecha, edita, formata texto, mas não salva. Já procurei em suas configurações, fiz testes, desinstalei o office, reinstalei e não resolveu. Os outros programas estão normais.

Logo depois, atualizei o IE para a versão 8, e desde então ele não navega mais. As vezes a página inicial ele carrega. Já removi, reinstalei, removi novamente, reinstalei, tirei os complementos, compatibilidade, modo seguro, etc, nada funciona. Os botões parecem não responder.

Passei o kapersky on line mas ele não achou nada. Nem o spybot. Nem o ad aware.

Segue então os logs na esperança que vocês me ajudem:

1 - DDS

DDS (Ver_09-07-30.01) - NTFSx86

Run by Jeovane at 17:05:55,59 on 24/09/2009

Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.55.1046.18.1788.824 [GMT -3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Jeovane\Downloads\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Jeovane\Downloads\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [NWEReboot]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

TCP: {6B8FA9F0-6FDA-4679-A12A-1C77EA6095E2} = 200.165.132.147,200.165.132.155

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeovane\appdata\roaming\mozilla\firefox\profiles\y2io7wmb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\users\jeovane\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 PnmDrv4;Positivo Network Manager Support Driver;c:\program files\positivo informática\positivo network manager\eSysDrv.sys [2008-4-4 5632]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-25 77968]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-11-25 290304]

R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2009-7-27 454656]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-11-25 48128]

S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2008-12-25 240128]

=============== Created Last 30 ================

2009-09-24 16:19 <DIR> --d----- c:\program files\Panda Security

2009-09-22 16:12 <DIR> --d----- c:\program files\Lavasoft

2009-09-21 21:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-09-21 17:24 <DIR> --d----- c:\windows\system32\eu-ES

2009-09-21 17:24 <DIR> --d----- c:\windows\system32\ca-ES

2009-09-21 17:24 <DIR> --d----- c:\windows\system32\vi-VN

2009-09-21 17:07 <DIR> --d----- c:\windows\system32\EventProviders

2009-09-21 16:48 619,864 a------- c:\windows\system32\icardagt.exe

2009-09-21 16:46 643,072 a------- c:\windows\system32\autochk.exe

2009-09-21 16:45 185,856 a------- c:\windows\system32\SLLUA.exe

2009-09-21 16:44 705,536 a------- c:\windows\system32\SmiEngine.dll

2009-09-21 16:44 218,624 a------- c:\windows\system32\wdscore.dll

2009-09-21 16:44 130,560 a------- c:\windows\system32\PkgMgr.exe

2009-09-21 16:43 247,808 a------- c:\windows\system32\drvstore.dll

2009-09-17 21:01 <DIR> --d----- c:\program files\MSCad

2009-09-17 16:38 156,160 a------- c:\windows\system32\msls31.dll

2009-09-17 16:25 <DIR> --d----- c:\users\jeovane\Office Genuine Advantage

2009-09-16 09:30 <DIR> --d----- c:\program files\Microsoft Visual Studio 8

2009-09-11 20:21 <DIR> --d----- c:\users\jeovane\Tracing

2009-09-11 19:05 <DIR> --d----- c:\users\jeovane\appdata\roaming\Windows Sidebar Styler

2009-09-10 16:57 <DIR> --d----- c:\programdata\Office Genuine Advantage

2009-09-10 14:44 904,776 a------- c:\windows\system32\drivers\tcpip.sys

2009-09-10 14:44 105,984 a------- c:\windows\system32\netiohlp.dll

2009-09-10 14:44 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

2009-09-10 14:44 27,136 a------- c:\windows\system32\NETSTAT.EXE

2009-09-10 14:44 19,968 a------- c:\windows\system32\ARP.EXE

2009-09-10 14:44 11,264 a------- c:\windows\system32\MRINFO.EXE

2009-09-10 14:44 10,240 a------- c:\windows\system32\finger.exe

2009-09-10 14:44 9,728 a------- c:\windows\system32\TCPSVCS.EXE

2009-09-10 14:44 8,704 a------- c:\windows\system32\HOSTNAME.EXE

2009-09-10 14:44 17,920 a------- c:\windows\system32\ROUTE.EXE

2009-09-10 14:44 17,920 a------- c:\windows\system32\netevent.dll

2009-09-10 14:42 <DIR> --d----- c:\users\jeovane\Programas

2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\Retec

2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\Senai EAD

2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\SGPE

2009-09-10 14:38 2,501,921 a------- c:\windows\system32\wlan.tmf

2009-09-10 14:38 513,536 a------- c:\windows\system32\wlansvc.dll

2009-09-10 14:38 302,592 a------- c:\windows\system32\wlansec.dll

2009-09-10 14:38 293,376 a------- c:\windows\system32\wlanmsm.dll

2009-09-10 14:38 127,488 a------- c:\windows\system32\L2SecHC.dll

2009-09-10 14:38 68,096 a------- c:\windows\system32\wlanhlp.dll

2009-09-10 14:38 65,024 a------- c:\windows\system32\wlanapi.dll

2009-09-10 14:35 2,868,224 a------- c:\windows\system32\mf.dll

2009-09-10 14:35 98,816 a------- c:\windows\system32\mfps.dll

2009-09-10 14:35 53,248 a------- c:\windows\system32\rrinstaller.exe

2009-09-10 14:35 24,576 a------- c:\windows\system32\mfpmp.exe

2009-09-10 14:35 2,048 a------- c:\windows\system32\mferror.dll

2009-09-10 14:30 <DIR> --d----- c:\users\jeovane\Backup Outlook

2009-09-10 14:26 1,259,008 a------- c:\windows\system32\lsasrv.dll

2009-09-10 14:26 499,712 a------- c:\windows\system32\kerberos.dll

2009-09-10 14:26 218,624 a------- c:\windows\system32\msv1_0.dll

2009-09-10 14:26 175,104 a------- c:\windows\system32\wdigest.dll

2009-09-10 14:26 270,848 a------- c:\windows\system32\schannel.dll

2009-09-10 14:26 439,864 a------- c:\windows\system32\drivers\ksecdd.sys

2009-09-10 14:26 72,704 a------- c:\windows\system32\secur32.dll

2009-09-10 14:26 9,728 a------- c:\windows\system32\lsass.exe

2009-09-10 14:19 1,696,768 a------- c:\windows\system32\gameux.dll

2009-09-10 14:19 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-09-10 14:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-10 14:17 <DIR> a-d----- c:\users\jeovane\Apostilas informática

2009-09-10 14:17 <DIR> a-d----- c:\users\jeovane\Cursos Aprendizagem

2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\Cursos Técnicos

2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\custo

2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\EAD

2009-09-10 14:14 <DIR> --d----- c:\users\jeovane\Evento Covolan

2009-09-10 14:14 <DIR> a-d----- c:\users\jeovane\Fechamento Modatec

2009-09-10 14:14 <DIR> a-d----- c:\users\jeovane\Guias eficiência energética

2009-09-10 11:09 <DIR> --d----- c:\users\jeovane\appdata\roaming\Canneverbe_Limited

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Modelos

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Meus documentos

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Menu Iniciar

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Dados de aplicativos

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Configurações locais

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Ambiente de rede

2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Ambiente de impressão

2009-09-09 22:57 <DIR> --d----- c:\users\Jeovane

2009-09-08 10:28 2,048 a------- c:\windows\system32\tzres.dll

2009-08-28 10:09 71,680 a------- c:\windows\system32\atl.dll

2009-08-28 10:09 160,256 a------- c:\windows\system32\wkssvc.dll

2009-08-28 10:08 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-08-28 10:08 136,192 a------- c:\windows\system32\aaclient.dll

2009-08-28 10:08 53,248 a------- c:\windows\system32\tsgqec.dll

2009-08-28 10:07 91,136 a------- c:\windows\system32\avifil32.dll

2009-08-28 10:05 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-08-28 10:05 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-08-28 10:05 7,680 a------- c:\windows\system32\spwmp.dll

2009-08-28 10:05 4,096 a------- c:\windows\system32\msdxm.ocx

2009-08-28 10:05 4,096 a------- c:\windows\system32\dxmasf.dll

2009-08-28 10:05 43,520 a------- c:\windows\system32\msdxm.tlb

2009-08-28 10:05 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-09-24 13:19 649,340 a------- c:\windows\system32\prfh0416.dat

2009-09-24 13:19 126,750 a------- c:\windows\system32\prfc0416.dat

2009-09-21 17:32 143,360 a------- c:\windows\inf\infstrng.dat

2009-09-21 17:32 86,016 a------- c:\windows\inf\infstor.dat

2009-09-21 17:32 51,200 a------- c:\windows\inf\infpub.dat

2009-09-21 17:24 665,600 a------- c:\windows\inf\drvindex.dat

2009-09-14 21:10 411,368 a------- c:\windows\system32\deploytk.dll

2009-09-08 10:19 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

2009-08-28 23:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2009-08-28 23:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll

2009-08-28 23:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll

2009-08-28 23:30 542,720 a------- c:\windows\apppatch\AcLayers.dll

2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll

2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll

2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe

2009-07-21 18:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 18:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 18:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 17:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2009-07-05 21:33 85,504 a------- c:\windows\system32\ff_vfw.dll

2009-07-05 21:33 60,273 a------- c:\windows\system32\pthreadGC2.dll

2009-07-05 21:22 102,400 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT

2008-01-21 02:32 318,818 a------- c:\windows\inf\perflib\0416\perfi.dat

2008-01-21 02:32 318,818 a------- c:\windows\inf\perflib\0416\perfh.dat

2008-01-21 02:32 37,412 a------- c:\windows\inf\perflib\0416\perfd.dat

2008-01-21 02:32 37,412 a------- c:\windows\inf\perflib\0416\perfc.dat

2008-01-20 23:43 174 a--sh--- c:\program files\desktop.ini

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2008-06-20 17:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:07:54,86 ===============

2 - GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-24 18:32:36

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\Jeovane\AppData\Local\Temp\ugrdypob.sys

---- System - GMER 1.0.15 ----

SSDT AC8BE3BC ZwCreateThread

SSDT AC8BE3A8 ZwOpenProcess

SSDT AC8BE3AD ZwOpenThread

SSDT AC8BE3B7 ZwTerminateProcess

INT 0x51 ? 85470F00

INT 0x51 ? 85470F00

INT 0x51 ? 85470F00

INT 0x51 ? 85470F00

INT 0x51 ? 85470F00

INT 0x52 ? 8623CF00

INT 0x62 ? 8623CF00

INT 0x72 ? 8623CF00

INT 0xA2 ? 85471BF8

INT 0xB2 ? 85471BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 824BC964 4 Bytes [bC, E3, 8B, AC]

.text ntkrnlpa.exe!KeSetEvent + 3F1 824BCB34 4 Bytes [A8, E3, 8B, AC]

.text ntkrnlpa.exe!KeSetEvent + 40D 824BCB50 4 Bytes [AD, E3, 8B, AC] {LODSD ; JECXZ 0xffffffffffffff8e; LODSB }

.text ntkrnlpa.exe!KeSetEvent + 621 824BCD64 4 Bytes [b7, E3, 8B, AC]

? System32\Drivers\splj.sys O sistema não pode encontrar o caminho especificado. !

PAGE ataport.SYS!DllUnload 82B1BB2E 5 Bytes JMP 854711D8

.text USBPORT.SYS!DllUnload 8B36141B 5 Bytes JMP 8623C4E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D6] \SystemRoot\System32\Drivers\splj.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E042] \SystemRoot\System32\Drivers\splj.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E800] \SystemRoot\System32\Drivers\splj.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0C0] \SystemRoot\System32\Drivers\splj.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13E] \SystemRoot\System32\Drivers\splj.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069DE9C] \SystemRoot\System32\Drivers\splj.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 854771F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 854731F8

Device \Driver\netbt \Device\NetBT_Tcpip_{6B8FA9F0-6FDA-4679-A12A-1C77EA6095E2} 86537500

Device \Driver\usbohci \Device\USBPDO-0 862441F8

Device \Driver\usbohci \Device\USBPDO-1 862441F8

Device \Driver\usbehci \Device\USBPDO-2 86245500

Device \Driver\volmgr \Device\HarddiskVolume1 854731F8

Device \Driver\cdrom \Device\CdRom0 861C31F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854751F8

Device \Driver\atapi \Device\Ide\IdePort0 854751F8

Device \Driver\atapi \Device\Ide\IdePort1 854751F8

Device \Driver\atapi \Device\Ide\IdePort2 854751F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854751F8

Device \Driver\netbt \Device\NetBt_Wins_Export 86537500

Device \Driver\Smb \Device\NetbiosSmb 866441F8

Device \Driver\iScsiPrt \Device\RaidPort0 862EA2B8

Device \Driver\usbohci \Device\USBFDO-0 862441F8

Device \Driver\usbohci \Device\USBFDO-1 862441F8

Device \Driver\usbehci \Device\USBFDO-2 86245500

Device \Driver\netbt \Device\NetBT_Tcpip_{7D2CBEA5-7C2C-4CA9-8371-2BB053DF5422} 86537500

Device \Driver\JMCR \Device\Scsi\JMCR1 862E41F8

Device \Driver\JMCR \Device\Scsi\JMCR2 862E41F8

Device \Driver\JMCR \Device\Scsi\JMCR3 862E41F8

Device \Driver\JMCR \Device\Scsi\JMCR4 862E41F8

Device \FileSystem\cdfs \Cdfs 862741F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jeovane Martins

Se ainda precisar de ajuda por favor, refaça os logs pois preciso dos mesmos com datas atualizadas!

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Seguem novos logs:

    1 - DDS

    DDS (Ver_09-07-30.01) - NTFSx86

    Run by Jeovane at 15:08:35,75 on 28/09/2009

    Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16

    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.55.1046.18.1788.917 [GMT -3:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\CDBurnerXP\NMSAccessU.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Users\Jeovane\Downloads\dds.scr

    C:\Windows\system32\conime.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

    mRun: [NWEReboot]

    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [skytel] Skytel.exe

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    TCP: {6B8FA9F0-6FDA-4679-A12A-1C77EA6095E2} = 200.165.132.147,200.165.132.155

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jeovane\appdata\roaming\mozilla\firefox\profiles\y2io7wmb.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

    FF - plugin: c:\users\jeovane\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 PnmDrv4;Positivo Network Manager Support Driver;c:\program files\positivo informática\positivo network manager\eSysDrv.sys [2008-4-4 5632]

    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-25 77968]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-11-25 290304]

    R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2009-7-27 454656]

    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-11-25 48128]

    S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2008-12-25 240128]

    =============== Created Last 30 ================

    2009-09-24 16:19 <DIR> --d----- c:\program files\Panda Security

    2009-09-22 16:12 <DIR> --d----- c:\program files\Lavasoft

    2009-09-21 21:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy

    2009-09-21 17:24 <DIR> --d----- c:\windows\system32\eu-ES

    2009-09-21 17:24 <DIR> --d----- c:\windows\system32\ca-ES

    2009-09-21 17:24 <DIR> --d----- c:\windows\system32\vi-VN

    2009-09-21 17:07 <DIR> --d----- c:\windows\system32\EventProviders

    2009-09-21 16:48 619,864 a------- c:\windows\system32\icardagt.exe

    2009-09-21 16:46 643,072 a------- c:\windows\system32\autochk.exe

    2009-09-21 16:45 185,856 a------- c:\windows\system32\SLLUA.exe

    2009-09-21 16:44 705,536 a------- c:\windows\system32\SmiEngine.dll

    2009-09-21 16:44 218,624 a------- c:\windows\system32\wdscore.dll

    2009-09-21 16:44 130,560 a------- c:\windows\system32\PkgMgr.exe

    2009-09-21 16:43 247,808 a------- c:\windows\system32\drvstore.dll

    2009-09-17 21:01 <DIR> --d----- c:\program files\MSCad

    2009-09-17 16:38 156,160 a------- c:\windows\system32\msls31.dll

    2009-09-17 16:25 <DIR> --d----- c:\users\jeovane\Office Genuine Advantage

    2009-09-16 09:30 <DIR> --d----- c:\program files\Microsoft Visual Studio 8

    2009-09-11 20:21 <DIR> --d----- c:\users\jeovane\Tracing

    2009-09-11 19:05 <DIR> --d----- c:\users\jeovane\appdata\roaming\Windows Sidebar Styler

    2009-09-10 16:57 <DIR> --d----- c:\programdata\Office Genuine Advantage

    2009-09-10 14:44 904,776 a------- c:\windows\system32\drivers\tcpip.sys

    2009-09-10 14:44 105,984 a------- c:\windows\system32\netiohlp.dll

    2009-09-10 14:44 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

    2009-09-10 14:44 27,136 a------- c:\windows\system32\NETSTAT.EXE

    2009-09-10 14:44 19,968 a------- c:\windows\system32\ARP.EXE

    2009-09-10 14:44 11,264 a------- c:\windows\system32\MRINFO.EXE

    2009-09-10 14:44 10,240 a------- c:\windows\system32\finger.exe

    2009-09-10 14:44 9,728 a------- c:\windows\system32\TCPSVCS.EXE

    2009-09-10 14:44 8,704 a------- c:\windows\system32\HOSTNAME.EXE

    2009-09-10 14:44 17,920 a------- c:\windows\system32\ROUTE.EXE

    2009-09-10 14:44 17,920 a------- c:\windows\system32\netevent.dll

    2009-09-10 14:42 <DIR> --d----- c:\users\jeovane\Programas

    2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\Retec

    2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\Senai EAD

    2009-09-10 14:41 <DIR> --d----- c:\users\jeovane\SGPE

    2009-09-10 14:38 2,501,921 a------- c:\windows\system32\wlan.tmf

    2009-09-10 14:38 513,536 a------- c:\windows\system32\wlansvc.dll

    2009-09-10 14:38 302,592 a------- c:\windows\system32\wlansec.dll

    2009-09-10 14:38 293,376 a------- c:\windows\system32\wlanmsm.dll

    2009-09-10 14:38 127,488 a------- c:\windows\system32\L2SecHC.dll

    2009-09-10 14:38 68,096 a------- c:\windows\system32\wlanhlp.dll

    2009-09-10 14:38 65,024 a------- c:\windows\system32\wlanapi.dll

    2009-09-10 14:35 2,868,224 a------- c:\windows\system32\mf.dll

    2009-09-10 14:35 98,816 a------- c:\windows\system32\mfps.dll

    2009-09-10 14:35 53,248 a------- c:\windows\system32\rrinstaller.exe

    2009-09-10 14:35 24,576 a------- c:\windows\system32\mfpmp.exe

    2009-09-10 14:35 2,048 a------- c:\windows\system32\mferror.dll

    2009-09-10 14:30 <DIR> --d----- c:\users\jeovane\Backup Outlook

    2009-09-10 14:26 1,259,008 a------- c:\windows\system32\lsasrv.dll

    2009-09-10 14:26 499,712 a------- c:\windows\system32\kerberos.dll

    2009-09-10 14:26 218,624 a------- c:\windows\system32\msv1_0.dll

    2009-09-10 14:26 175,104 a------- c:\windows\system32\wdigest.dll

    2009-09-10 14:26 270,848 a------- c:\windows\system32\schannel.dll

    2009-09-10 14:26 439,864 a------- c:\windows\system32\drivers\ksecdd.sys

    2009-09-10 14:26 72,704 a------- c:\windows\system32\secur32.dll

    2009-09-10 14:26 9,728 a------- c:\windows\system32\lsass.exe

    2009-09-10 14:19 1,696,768 a------- c:\windows\system32\gameux.dll

    2009-09-10 14:19 28,672 a------- c:\windows\system32\Apphlpdm.dll

    2009-09-10 14:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

    2009-09-10 14:17 <DIR> a-d----- c:\users\jeovane\Apostilas informática

    2009-09-10 14:17 <DIR> a-d----- c:\users\jeovane\Cursos Aprendizagem

    2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\Cursos Técnicos

    2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\custo

    2009-09-10 14:16 <DIR> a-d----- c:\users\jeovane\EAD

    2009-09-10 14:14 <DIR> --d----- c:\users\jeovane\Evento Covolan

    2009-09-10 14:14 <DIR> a-d----- c:\users\jeovane\Fechamento Modatec

    2009-09-10 14:14 <DIR> a-d----- c:\users\jeovane\Guias eficiência energética

    2009-09-10 11:09 <DIR> --d----- c:\users\jeovane\appdata\roaming\Canneverbe_Limited

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Modelos

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Meus documentos

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Menu Iniciar

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Dados de aplicativos

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Configurações locais

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Ambiente de rede

    2009-09-09 22:57 <DIR> --dsh--- c:\users\jeovane\Ambiente de impressão

    2009-09-09 22:57 <DIR> --d----- c:\users\Jeovane

    2009-09-08 10:28 2,048 a------- c:\windows\system32\tzres.dll

    ==================== Find3M ====================

    2009-09-25 14:30 649,340 a------- c:\windows\system32\prfh0416.dat

    2009-09-25 14:30 126,750 a------- c:\windows\system32\prfc0416.dat

    2009-09-21 17:32 143,360 a------- c:\windows\inf\infstrng.dat

    2009-09-21 17:32 86,016 a------- c:\windows\inf\infstor.dat

    2009-09-21 17:32 51,200 a------- c:\windows\inf\infpub.dat

    2009-09-21 17:24 665,600 a------- c:\windows\inf\drvindex.dat

    2009-09-14 21:10 411,368 a------- c:\windows\system32\deploytk.dll

    2009-09-08 10:19 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

    2009-08-28 23:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

    2009-08-28 23:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll

    2009-08-28 23:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll

    2009-08-28 23:30 542,720 a------- c:\windows\apppatch\AcLayers.dll

    2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll

    2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll

    2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe

    2009-07-21 18:52 915,456 a------- c:\windows\system32\wininet.dll

    2009-07-21 18:47 109,056 a------- c:\windows\system32\iesysprep.dll

    2009-07-21 18:47 71,680 a------- c:\windows\system32\iesetup.dll

    2009-07-21 17:13 133,632 a------- c:\windows\system32\ieUnatt.exe

    2009-07-17 10:54 71,680 a------- c:\windows\system32\atl.dll

    2009-07-15 09:40 8,147,456 a------- c:\windows\system32\wmploc.DLL

    2009-07-15 09:39 313,344 a------- c:\windows\system32\wmpdxm.dll

    2009-07-15 09:39 4,096 a------- c:\windows\system32\dxmasf.dll

    2009-07-15 09:39 7,680 a------- c:\windows\system32\spwmp.dll

    2009-07-05 21:33 85,504 a------- c:\windows\system32\ff_vfw.dll

    2009-07-05 21:33 60,273 a------- c:\windows\system32\pthreadGC2.dll

    2009-07-05 21:22 102,400 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT

    2008-01-21 02:32 318,818 a------- c:\windows\inf\perflib\0416\perfi.dat

    2008-01-21 02:32 318,818 a------- c:\windows\inf\perflib\0416\perfh.dat

    2008-01-21 02:32 37,412 a------- c:\windows\inf\perflib\0416\perfd.dat

    2008-01-21 02:32 37,412 a------- c:\windows\inf\perflib\0416\perfc.dat

    2008-01-20 23:43 174 a--sh--- c:\program files\desktop.ini

    2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

    2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

    2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

    2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    2008-06-20 17:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 15:11:22,52 ===============

    2 - GEMER

    GMER 1.0.15.15087 - http://www.gmer.net

    Rootkit scan 2009-09-28 17:32:22

    Windows 6.0.6002 Service Pack 2

    Running: gmer.exe; Driver: C:\Users\Jeovane\AppData\Local\Temp\ugrdypob.sys

    ---- System - GMER 1.0.15 ----

    SSDT ACA8D9B4 ZwCreateThread

    SSDT ACA8D9A0 ZwOpenProcess

    SSDT ACA8D9A5 ZwOpenThread

    SSDT ACA8D9AF ZwTerminateProcess

    INT 0x51 ? 85470F00

    INT 0x51 ? 85470F00

    INT 0x51 ? 85470F00

    INT 0x51 ? 85470F00

    INT 0x51 ? 85470F00

    INT 0x52 ? 861C4BF8

    INT 0x62 ? 861C4BF8

    INT 0x72 ? 861C4BF8

    INT 0xA2 ? 85471BF8

    INT 0xB2 ? 85471BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 221 824FC964 4 Bytes [b4, D9, A8, AC] {MOV AH, 0xd9; TEST AL, 0xac}

    .text ntkrnlpa.exe!KeSetEvent + 3F1 824FCB34 4 Bytes [A0, D9, A8, AC]

    .text ntkrnlpa.exe!KeSetEvent + 40D 824FCB50 4 Bytes [A5, D9, A8, AC]

    .text ntkrnlpa.exe!KeSetEvent + 621 824FCD64 4 Bytes [AF, D9, A8, AC]

    ? System32\Drivers\spyr.sys O sistema não pode encontrar o caminho especificado. !

    .text USBPORT.SYS!DllUnload 8B36441B 5 Bytes JMP 861C41D8

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3632] kernel32.dll!SetUnhandledExceptionFilter 7658A84F 5 Bytes JMP 691F5436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spyr.sys

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spyr.sys

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spyr.sys

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spyr.sys

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spyr.sys

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FE9C] \SystemRoot\System32\Drivers\spyr.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 854771F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 854731F8

    Device \Driver\netbt \Device\NetBT_Tcpip_{6B8FA9F0-6FDA-4679-A12A-1C77EA6095E2} 86636500

    Device \Driver\usbohci \Device\USBPDO-0 861BC1F8

    Device \Driver\usbohci \Device\USBPDO-1 861BC1F8

    Device \Driver\usbehci \Device\USBPDO-2 861A61F8

    Device \Driver\volmgr \Device\HarddiskVolume1 854731F8

    Device \Driver\cdrom \Device\CdRom0 861921F8

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854751F8

    Device \Driver\atapi \Device\Ide\IdePort0 854751F8

    Device \Driver\atapi \Device\Ide\IdePort1 854751F8

    Device \Driver\atapi \Device\Ide\IdePort2 854751F8

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854751F8

    Device \Driver\netbt \Device\NetBt_Wins_Export 86636500

    Device \Driver\Smb \Device\NetbiosSmb 8662B1F8

    Device \Driver\iScsiPrt \Device\RaidPort0 862ED1F8

    Device \Driver\usbohci \Device\USBFDO-0 861BC1F8

    Device \Driver\usbohci \Device\USBFDO-1 861BC1F8

    Device \Driver\usbehci \Device\USBFDO-2 861A61F8

    Device \Driver\netbt \Device\NetBT_Tcpip_{7D2CBEA5-7C2C-4CA9-8371-2BB053DF5422} 86636500

    Device \Driver\JMCR \Device\Scsi\JMCR1 861C81F8

    Device \Driver\JMCR \Device\Scsi\JMCR2 861C81F8

    Device \Driver\JMCR \Device\Scsi\JMCR3 861C81F8

    Device \Driver\JMCR \Device\Scsi\JMCR4 861C81F8

    Device \FileSystem\cdfs \Cdfs 862581F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x54 0xBE 0x18 ...

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x4B 0x41 0xD9 ...

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x80 0x35 0xB2 ...

    ---- EOF - GMER 1.0.15 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Jeovane Martins

    Clique AQUI para ser efectuado um online scan no Clipboard06.jpg ActiveScan

    • Quando estiver no site da Panda, clique no botão 33ptol3.gif
    • Uma nova janela será aberta:
    • Selecione o seu País
    • Coloque o seu Distrito/região
    • Coloque o seu E-mail válido e clique em send
    • Selecione Utilizador em casa ou Empresa
    • Clique no botão buttoninijf4.gif
    • Se aparecer uma janela perguntando para instalar um componente ActiveX, aceite
    • Começará o download dos arquivos necessários para o scan ser efectuado. (Nota: Poderá demorar alguns minutos. Seja paciente)
    • Quando o download estiver completo, clique em pandamycomputer.gif para iniciar o scan
    • Quando o scan terminar, e caso sejam detectados arquivos maliciosos, clique no botão pandaseereport.gif, depois em pandasavereport.gif e salve esse resultado no seu PC.
    • Na sua próxima resposta, gere e cole um novo log do HijackThis e o resultado do Panda ActiveScan

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Não consigo baixar os arquivos do panda. Tentei mais de uma dezena de vezes em horários diferentes. Dá a seguinte mensagem: ActiveScan 2.0 transferir: Erro de transferência.

    Mas, há alguns dias eu consegui passar o kaspersky e ele não achou nada.

    De qualquer forma, segue o log o hijack:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:44:41, on 29/09/2009

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.18813)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Jeovane\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O13 - Gopher Prefix:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B8FA9F0-6FDA-4679-A12A-1C77EA6095E2}: NameServer = 200.165.132.147,200.165.132.155

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --

    End of file - 4482 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Jeovane Martins

    Mas, há alguns dias eu consegui passar o kaspersky e ele não achou nada.
    Não vi nada de anormal nos logs, queria fazer um scan sem ser com o Kaspersky, mas não vai ter jeito então. Peço que refaça o scan com o Kaspersky e poste aqui o resultado.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ssegue o log do kaspersky:

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7.0: scan report

    Wednesday, September 30, 2009

    Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002)

    Kaspersky Online Scanner version: 7.0.26.13

    Last database update: Wednesday, September 30, 2009 14:41:47

    Records in database: 2936511

    --------------------------------------------------------------------------------

    Scan settings:

    scan using the following database: extended

    Scan archives: yes

    Scan e-mail databases: yes

    Scan area - My Computer:

    C:\

    D:\

    Scan statistics:

    Objects scanned: 114894

    Threats found: 0

    Infected objects found: 0

    Suspicious objects found: 0

    Scan duration: 02:54:11

    No threats found. Scanned area is clean.

    Selected area has been scanned.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Jeovane Martins

    Pelo visto seu problema não está relacionado com malwares. Vamos dar um última verificada :)

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Segue o log:

    Malwarebytes' Anti-Malware 1.41

    Versão do banco de dados: 2873

    Windows 6.0.6002 Service Pack 2

    30/09/2009 11:45:54

    mbam-log-2009-09-30 (11-45-54).txt

    Tipo de Verificação: Completa (C:\|)

    Objetos verificados: 227986

    Tempo decorrido: 1 hour(s), 16 minute(s), 13 second(s)

    Processos da Memória infectados: 0

    Módulos de Memória Infectados: 0

    Chaves do Registro infectadas: 0

    Valores do Registro infectados: 0

    Ítens do Registro infectados: 0

    Pastas infectadas: 0

    Arquivos infectados: 0

    Processos da Memória infectados:

    (Nenhum ítem malicioso foi detectado)

    Módulos de Memória Infectados:

    (Nenhum ítem malicioso foi detectado)

    Chaves do Registro infectadas:

    (Nenhum ítem malicioso foi detectado)

    Valores do Registro infectados:

    (Nenhum ítem malicioso foi detectado)

    Ítens do Registro infectados:

    (Nenhum ítem malicioso foi detectado)

    Pastas infectadas:

    (Nenhum ítem malicioso foi detectado)

    Arquivos infectados:

    (Nenhum ítem malicioso foi detectado)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Jeovane Martins

    Realmente amigo, seu problema não está relacionado à malwares, sugiro que abra um tópico no fórum na área de seu problema :)

    <<@>> Instale o CCleaner

    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

    Faça o download dele aqui CCleaner


    • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    • Abra o programa e clique em Executar Limpeza;
    • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
      Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×