[Arquivado]Aspire 5000 - Teclado não funciona

[MG1 0]

Boa noite.

O teclado do meu notebook Acer Aspire 5000 parou de funcionar de uma hora pra outra. O Mais estranho é que ele funciona normalmente no Ubuntu e também no Modo de Segurança. Formatei a máquina e reisntalei todos os drivers baixados direto do site deles e não sei mais como proceder. O McAfee não detectou nada, assim como os scans online que fiz e o do SpyBot.

Após o problema toda vez que seleciono as opções de reiniciar ou desligar a máquina, ou inicio algum programa do Windows como Restauração do Sistema ou algum instalador o note também trava.

 

Analisei o log do hijackthis no site deles e não consta nada. Segue o log abaixo, mas será que alguém tem idéia do que possa ser?

 

Valeu

 

 

LOG:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:57:42, on 31/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Arcade\PCMService.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Launchy\Launchy.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\sistray.exe

C:\DOCUME~1\moe\CONFIG~1\Temp\RtkBtMnt.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wpabaln.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld-nt.exe

C:\Arquivos de programas\eclipse\eclipse.exe

C:\WINDOWS\system32\javaw.exe

C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\moe\Desktop\hijackthis_199\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [update] C:\Arquivos de programas\AntiVir\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Launchy.lnk = C:\Arquivos de programas\Launchy\Launchy.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

[jgarcia 1]

Opa MG1,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[MG1 0]

José Carlos.Acabei de executar o ComboFix, segue abaixo o LogComboFix 07-08-04.3 - "moe" 2007-08-06 21:01:48.1 [GMT -3:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro * Created a new restore point((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))2007-08-06 21:00 51,200 --a------ C:\WINDOWS\nircmd.exe2007-08-06 20:46 <DIR> d-------- C:\WINDOWS\network diagnostic2007-08-06 20:44 <DIR> d-------- C:\WINDOWS\LastGood2007-08-06 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage2007-08-06 20:05 <DIR> d---s---- C:\DOCUME~1\moe\UserData2007-08-06 19:55 <DIR> d-------- C:\Arquivos de programas\RegCleaner2007-08-01 08:21 88,363 -ra------ C:\WINDOWS\AGRSMMSG.exe2007-08-01 08:21 64,512 -ra------ C:\WINDOWS\agrsmdel.exe2007-08-01 08:21 64,512 --------- C:\WINDOWS\system32\agrsmdel.exe2007-08-01 08:21 1,270,540 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys2007-07-31 01:00 <DIR> d-------- C:\Arquivos de programas\MySQL2007-07-31 00:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy2007-07-31 00:50 <DIR> d--hs---- C:\RECYCLER2007-07-31 00:06 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT2007-07-31 00:06 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos2007-07-31 00:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo2007-07-31 00:06 <DIR> d-------- C:\WINDOWS\system32\appmgmt2007-07-31 00:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos2007-07-31 00:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos2007-07-30 22:41 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys2007-07-30 22:41 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys2007-07-30 22:41 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys2007-07-30 22:41 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys2007-07-30 22:41 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys2007-07-30 22:40 107,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\McAfee.com2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\McAfee2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee2007-07-30 21:10 8,576 --a------ C:\WINDOWS\system32\drivers\ywkraymdnsde.sys2007-07-30 20:58 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\Google2007-07-28 11:30 <DIR> d-------- C:\DOCUME~1\Aline\DADOSD~1\Google2007-07-28 11:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google2007-07-28 11:26 <DIR> d-------- C:\Arquivos de programas\Google2007-07-28 10:01 <DIR> d-------- C:\Arquivos de programas\MSXML 4.02007-07-27 20:26 <DIR> d-------- C:\DOCUME~1\Aline\Contacts2007-07-27 20:20 <DIR> d-------- C:\DOCUME~1\Aline\DADOSD~1\Launchy2007-07-27 00:46 221,184 --a------ C:\WINDOWS\system32\wmpns.dll2007-07-27 00:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin2007-07-27 00:35 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\DBDesigner42007-07-27 00:05 <DIR> d-------- C:\Arquivos de programas\WinSCP2007-07-27 00:04 <DIR> d-------- C:\Arquivos de programas\Putty2007-07-26 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee2007-07-26 23:49 <DIR> d-------- C:\Arquivos de programas\netbeans-5.5.12007-07-26 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems2007-07-26 23:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared2007-07-26 23:34 <DIR> d-------- C:\Arquivos de programas\eclipse2007-07-26 23:21 <DIR> d-------- C:\Arquivos de programas\FileZilla2007-07-26 23:08 <DIR> d-------- C:\Arquivos de programas\Apache Software Foundation2007-07-26 23:03 <DIR> d-------- C:\Atalhos2007-07-26 23:02 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys2007-07-26 23:02 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\Launchy2007-07-26 23:02 <DIR> d-------- C:\Arquivos de programas\Launchy2007-07-26 22:59 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS2007-07-26 22:59 28,672 --------- C:\WINDOWS\system32\SiSHook.dll2007-07-26 22:59 20,480 --------- C:\WINDOWS\system32\LCDMode.exe2007-07-26 22:59 176,128 --------- C:\WINDOWS\system32\SiSApCom.dll2007-07-26 22:59 110,592 --------- C:\WINDOWS\system32\TVMode.dll2007-07-26 22:59 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\CyberLink2007-07-26 22:59 <DIR> d-------- C:\Arquivos de programas\sisagp2007-07-26 22:58 862,208 -ra------ C:\WINDOWS\system32\sisgrv.dll2007-07-26 22:58 862,208 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll2007-07-26 22:58 7,168 -ra------ C:\WINDOWS\InstFunc.dll2007-07-26 22:58 65,536 -ra------ C:\WINDOWS\system32\sis760.bin2007-07-26 22:58 65,536 -ra------ C:\WINDOWS\system32\sis741.bin2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\sis660.bin2007-07-26 22:58 331,776 --a------ C:\WINDOWS\system32\sistray.exe2007-07-26 22:58 32,768 -ra------ C:\WINDOWS\InstFunc.exe2007-07-26 22:58 28,672 -ra------ C:\WINDOWS\system32\SiSPInst.dll2007-07-26 22:58 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll2007-07-26 22:58 240,640 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys2007-07-26 22:58 240,640 --a--c--- C:\WINDOWS\system32\dllcache\sisgrp.sys2007-07-26 22:58 184,320 -ra------ C:\WINDOWS\system32\SiSInst.dll2007-07-26 22:58 13,312 -ra------ C:\WINDOWS\system32\drivers\srvkp.sys2007-07-26 22:58 1,740,800 -ra------ C:\WINDOWS\system32\sisgl.dll2007-07-26 22:58 <DIR> d-------- C:\WINDOWS\system32\trayres2007-07-26 22:58 <DIR> d-------- C:\Arquivos de programas\SiS VGA Utilities V3.65f2007-07-26 22:57 30,720 --a------ C:\WINDOWS\system32\msxml4a.dll2007-07-26 22:57 <DIR> d-------- C:\Arquivos de programas\CyberLink2007-07-26 22:57 <DIR> d-------- C:\Arquivos de programas\Arcade2007-07-26 22:56 43,520 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys2007-07-26 22:52 32,768 -ra------ C:\WINDOWS\system32\drivers\sisnicxp.sys2007-07-26 22:52 306,688 --a------ C:\WINDOWS\IsUninst.exe2007-07-26 22:52 <DIR> d-------- C:\WINDOWS\SiS2007-07-26 22:51 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll2007-07-26 22:51 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll2007-07-26 22:51 77,917 --a------ C:\WINDOWS\system32\SynCOM.dll2007-07-26 22:51 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll2007-07-26 22:51 185,824 --a------ C:\WINDOWS\system32\drivers\SynTP.sys2007-07-26 22:51 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll2007-07-26 22:51 <DIR> d-------- C:\Arquivos de programas\Synaptics2007-07-26 22:50 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups2007-07-26 22:50 <DIR> d-------- C:\WINDOWS\Options2007-07-26 22:49 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll2007-07-26 22:49 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-06 20:36 49044 --a------ C:\WINDOWS\system32\perfc016.dat2007-08-06 20:36 344972 --a------ C:\WINDOWS\system32\perfh016.dat --------- C:\Arquivos de programas\Serviços on-line --------- C:\Arquivos de programas\Arquivos comuns\Serviços((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 C:\WINDOWS\soundman.exe]"LManager"="C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04]"SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44]"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43]"SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll]"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 22:46]C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Launchy.lnk - C:\Arquivos de programas\Launchy\Launchy.exe [2007-07-26 23:02:50]Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44]Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-07-26 22:58:43][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""

[MG1 0]

Rodei o programa uma segunda vez por curiosidade e o resultado me pareceu diferente, segue abaixo:

 

ComboFix 07-08-04.3 - "moe" 2007-08-06 21:30:17.2 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

 

 

2007-08-06 21:00 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 20:46 <DIR> d-------- C:\WINDOWS\network diagnostic

2007-08-06 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-08-06 20:05 <DIR> d---s---- C:\DOCUME~1\moe\UserData

2007-08-06 19:55 <DIR> d-------- C:\Arquivos de programas\RegCleaner

2007-08-01 08:21 88,363 -ra------ C:\WINDOWS\AGRSMMSG.exe

2007-08-01 08:21 64,512 -ra------ C:\WINDOWS\agrsmdel.exe

2007-08-01 08:21 64,512 --------- C:\WINDOWS\system32\agrsmdel.exe

2007-08-01 08:21 1,270,540 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys

2007-07-31 01:00 <DIR> d-------- C:\Arquivos de programas\MySQL

2007-07-31 00:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-07-31 00:50 <DIR> d--hs---- C:\RECYCLER

2007-07-31 00:06 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-31 00:06 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-07-31 00:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-07-31 00:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-07-31 00:06 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-07-31 00:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-07-31 00:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-07-30 22:41 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-07-30 22:41 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-07-30 22:41 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-07-30 22:41 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-07-30 22:41 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-07-30 22:40 107,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\McAfee.com

2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\McAfee

2007-07-30 22:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2007-07-30 21:10 8,576 --a------ C:\WINDOWS\system32\drivers\ywkraymdnsde.sys

2007-07-30 20:58 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\Google

2007-07-28 11:30 <DIR> d-------- C:\DOCUME~1\Aline\DADOSD~1\Google

2007-07-28 11:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-07-28 11:26 <DIR> d-------- C:\Arquivos de programas\Google

2007-07-28 10:01 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-07-27 20:26 <DIR> d-------- C:\DOCUME~1\Aline\Contacts

2007-07-27 20:20 <DIR> d-------- C:\DOCUME~1\Aline\DADOSD~1\Launchy

2007-07-27 00:46 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-07-27 00:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

2007-07-27 00:35 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\DBDesigner4

2007-07-27 00:05 <DIR> d-------- C:\Arquivos de programas\WinSCP

2007-07-27 00:04 <DIR> d-------- C:\Arquivos de programas\Putty

2007-07-26 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

2007-07-26 23:49 <DIR> d-------- C:\Arquivos de programas\netbeans-5.5.1

2007-07-26 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

2007-07-26 23:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-07-26 23:34 <DIR> d-------- C:\Arquivos de programas\eclipse

2007-07-26 23:21 <DIR> d-------- C:\Arquivos de programas\FileZilla

2007-07-26 23:08 <DIR> d-------- C:\Arquivos de programas\Apache Software Foundation

2007-07-26 23:03 <DIR> d-------- C:\Atalhos

2007-07-26 23:02 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-07-26 23:02 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\Launchy

2007-07-26 23:02 <DIR> d-------- C:\Arquivos de programas\Launchy

2007-07-26 22:59 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS

2007-07-26 22:59 28,672 --------- C:\WINDOWS\system32\SiSHook.dll

2007-07-26 22:59 20,480 --------- C:\WINDOWS\system32\LCDMode.exe

2007-07-26 22:59 176,128 --------- C:\WINDOWS\system32\SiSApCom.dll

2007-07-26 22:59 110,592 --------- C:\WINDOWS\system32\TVMode.dll

2007-07-26 22:59 <DIR> d-------- C:\DOCUME~1\moe\DADOSD~1\CyberLink

2007-07-26 22:59 <DIR> d-------- C:\Arquivos de programas\sisagp

2007-07-26 22:58 862,208 -ra------ C:\WINDOWS\system32\sisgrv.dll

2007-07-26 22:58 862,208 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll

2007-07-26 22:58 7,168 -ra------ C:\WINDOWS\InstFunc.dll

2007-07-26 22:58 65,536 -ra------ C:\WINDOWS\system32\sis760.bin

2007-07-26 22:58 65,536 -ra------ C:\WINDOWS\system32\sis741.bin

2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll

2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll

2007-07-26 22:58 49,152 -ra------ C:\WINDOWS\system32\sis660.bin

2007-07-26 22:58 331,776 --a------ C:\WINDOWS\system32\sistray.exe

2007-07-26 22:58 32,768 -ra------ C:\WINDOWS\InstFunc.exe

2007-07-26 22:58 28,672 -ra------ C:\WINDOWS\system32\SiSPInst.dll

2007-07-26 22:58 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll

2007-07-26 22:58 240,640 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys

2007-07-26 22:58 240,640 --a--c--- C:\WINDOWS\system32\dllcache\sisgrp.sys

2007-07-26 22:58 184,320 -ra------ C:\WINDOWS\system32\SiSInst.dll

2007-07-26 22:58 13,312 -ra------ C:\WINDOWS\system32\drivers\srvkp.sys

2007-07-26 22:58 1,740,800 -ra------ C:\WINDOWS\system32\sisgl.dll

2007-07-26 22:58 <DIR> d-------- C:\WINDOWS\system32\trayres

2007-07-26 22:58 <DIR> d-------- C:\Arquivos de programas\SiS VGA Utilities V3.65f

2007-07-26 22:57 30,720 --a------ C:\WINDOWS\system32\msxml4a.dll

2007-07-26 22:57 <DIR> d-------- C:\Arquivos de programas\CyberLink

2007-07-26 22:57 <DIR> d-------- C:\Arquivos de programas\Arcade

2007-07-26 22:56 43,520 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys

2007-07-26 22:52 32,768 -ra------ C:\WINDOWS\system32\drivers\sisnicxp.sys

2007-07-26 22:52 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-07-26 22:52 <DIR> d-------- C:\WINDOWS\SiS

2007-07-26 22:51 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2007-07-26 22:51 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2007-07-26 22:51 77,917 --a------ C:\WINDOWS\system32\SynCOM.dll

2007-07-26 22:51 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2007-07-26 22:51 185,824 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2007-07-26 22:51 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2007-07-26 22:51 <DIR> d-------- C:\Arquivos de programas\Synaptics

2007-07-26 22:50 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-07-26 22:50 <DIR> d-------- C:\WINDOWS\Options

2007-07-26 22:49 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll

2007-07-26 22:49 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS

2007-07-26 22:49 126,976 --a------ C:\WINDOWS\UNINST32.EXE

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-06 21:24 49044 --a------ C:\WINDOWS\system32\perfc016.dat

2007-08-06 21:24 344972 --a------ C:\WINDOWS\system32\perfh016.dat

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 C:\WINDOWS\soundman.exe]

"LManager"="C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE" [2005-02-23 11:04]

"SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43]

"SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 22:46]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Launchy.lnk - C:\Arquivos de programas\Launchy\Launchy.exe [2007-07-26 23:02:50]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-07-26 22:58:43]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys

R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-31 01:46:03 C:\WINDOWS\Tasks\McDefragTask.job

2007-08-01 04:00:02 C:\WINDOWS\Tasks\McQcTask.job - c:\arquivos de programas\mcafee\mqc\QcConsol.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-06 21:32:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-06 21:32:59

 

--- E O F ---

[jgarcia 1]

Opa MG1,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.