[Resolvido!] Problemas com o teclado.

ItaloCCSL · Abril 27, 2009

Pessoal, meu teclado está com problema e desconfio que seja por causa de algum vírus ou algo do tipo. O problema dele é que está travando de um hora para a outra e as vezes quando ele trava o mouse se empolga e e trava junto com ele também. Não sei se é só coincidência, mas isso passou a acontecer logo após ter aparecido um vírus no meu pendrive e voltado a conectar o meu celular no pc. Eu passo o antivírus no pc, mas ele não detecta vírus algum. Geralmente quando acontece de travar teclado e o mouse eu só aperto no botão de ligar o pc, ele desliga e quando ligo novamente o teclado volta a funcionar (acabei de fazer isso). Quando ele trava e eu não aperto o botão de ligar, o pc não identifica o hardware do teclado. Outra coisa, o programa "teclado virtual" do windons está inacessível. O programa até aparece, mas está em um tamanho muito pequeno e não dá para usar.

Olha só como ele está:

Não dá para eu aumentar o tamanho dele. :unsure:

(Na imagem ele está do lado do retângulo de "descrição do tópico")

Será que alguém poderia me ajudar?

Meu logo do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54 Ítalo César, on 26/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ARQUIV~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Ítalo\Progamas\Windows\MagicFormation.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightDialer] C:\Arquivos de programas\Oi Velox\Conexão\DISCADOR.EXE

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: MagicFormation.lnk = ?

O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: NameServer = 85.255.115.2,85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Update Service (gupdate1c994ff82e17ada) (gupdate1c994ff82e17ada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9423 bytes

------------------------------------------------------------------------------------------------------------------------------------------

Eu desconfio do meu pendrive também. Nesse caso, o que faço?

DigRam · Abril 27, 2009

Bom Dia! ItaloCCSL

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

Abraços!

ItaloCCSL · Abril 27, 2009

Bom dia DigRam,

Cara ai está o que você me pediu:

ComboFix 09-04-25.A3 - Ítalo César 27/04/2009 9:20.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1263.841 [GMT -3:00]

Executando de: c:\documents and settings\Ítalo César.HOME\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\QUAD Utilities

c:\arquivos de programas\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))

.

2009-04-27 01:35 . 2009-04-27 01:35 0 -c--a-w c:\windows\system32\REN2A.tmp

2009-04-24 14:10 . 2009-04-24 14:10 -------- dc----w c:\arquivos de programas\Arquivos comuns\PCSuite

2009-04-24 14:09 . 2008-08-26 13:26 18816 -c--a-w c:\windows\system32\drivers\pccsmcfd.sys

2009-04-24 14:09 . 2009-04-24 14:09 -------- dc----w c:\arquivos de programas\PC Connectivity Solution

2009-04-24 14:08 . 2009-02-09 10:37 7808 -c--a-w c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-04-24 14:08 . 2009-02-09 10:37 7808 -c--a-w c:\windows\system32\drivers\usbser_lowerflt.sys

2009-04-24 14:08 . 2009-02-09 10:37 22016 -c--a-w c:\windows\system32\drivers\ccdcmbo.sys

2009-04-24 14:08 . 2009-02-09 10:37 659968 -c--a-w c:\windows\system32\nmwcdcocls.dll

2009-04-24 14:08 . 2009-02-09 10:37 17664 -c--a-w c:\windows\system32\drivers\ccdcmb.sys

2009-04-24 14:08 . 2009-02-09 10:32 1112288 -c--a-w c:\windows\system32\wdfcoinstaller01007.dll

2009-04-21 19:00 . 2009-04-21 19:01 -------- dc----w c:\arquivos de programas\Messenger Plus! Live

2009-04-13 05:10 . 2009-04-13 05:10 -------- dc----w c:\documents and settings\Musics\Bon Jovi

2009-04-13 05:09 . 2009-04-13 05:09 -------- dc----w c:\documents and settings\Musics\Black Eyed Peas

2009-04-13 05:07 . 2009-04-13 05:08 -------- dc----w c:\documents and settings\Musics\Biquini Cavadão

2009-04-13 05:07 . 2009-04-13 05:07 -------- dc----w c:\documents and settings\Musics\Ben Harper

2009-04-13 05:06 . 2009-04-13 05:06 -------- dc----w c:\documents and settings\Musics\Audioslave

2009-04-13 05:06 . 2009-04-13 05:06 -------- dc----w c:\documents and settings\Musics\Artista desconhecido

2009-04-13 05:04 . 2009-04-13 05:04 -------- dc----w c:\documents and settings\Musics\Ana Carolina

2009-04-13 05:03 . 2009-04-13 05:03 -------- dc----w c:\documents and settings\Musics\Akon

2009-04-13 05:03 . 2009-04-13 05:03 -------- dc----w c:\documents and settings\Musics\Aerosmith

2009-04-13 05:02 . 2009-04-13 05:02 -------- dc----w c:\documents and settings\Musics\Adriana Calcanhoto

2009-04-13 05:01 . 2009-04-13 05:01 -------- dc----w c:\documents and settings\Musics\30 Seconds To Mars

2009-04-13 02:24 . 2009-04-13 02:24 -------- dc----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Nokia

2009-04-13 02:22 . 2009-04-13 02:22 -------- dc----w c:\arquivos de programas\MSXML 6.0

2009-04-13 01:31 . 2004-08-04 02:08 25600 -c--a-w c:\windows\system32\drivers\usbser.sys

2009-04-13 01:31 . 2004-08-04 02:08 25600 -c--a-w c:\windows\system32\dllcache\usbser.sys

2009-04-13 01:30 . 2009-04-13 01:30 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-04-13 01:30 . 2009-04-13 01:30 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-04-13 01:30 . 2008-03-21 16:57 14640 -c----w c:\windows\system32\spmsgXP_2k3.dll

2009-04-13 01:17 . 2009-04-24 14:10 -------- dc----w c:\arquivos de programas\Arquivos comuns\Nokia

2009-04-12 13:21 . 2009-04-27 01:48 -------- dc-h--r c:\documents and settings\Ítalo César.HOME\Recent

2009-04-11 14:58 . 2009-02-21 04:54 360448 -c--a-w c:\windows\system32\libdll.dll

2009-04-11 14:58 . 2009-02-12 17:46 49152 -c--a-w c:\windows\system32\mscdrun.dll

2009-04-11 14:58 . 2005-11-23 10:25 385024 -c--a-w c:\windows\system32\XPControls.ocx

2009-04-11 14:58 . 1998-06-24 03:00 209192 -c--a-w c:\windows\system32\TABCTL32.OCX

2009-04-11 14:58 . 2008-09-20 06:50 352256 -c--a-w c:\windows\system32\AlphaImage.ocx

2009-04-11 14:58 . 2008-09-11 08:21 356352 -c--a-w c:\windows\system32\butscn.ocx

2009-04-11 14:58 . 2004-03-09 03:00 662288 -c--a-w c:\windows\system32\MSCOMCT2.OCX

2009-04-11 14:57 . 2009-04-11 14:57 -------- dc----w c:\arquivos de programas\Arafasoft

2009-03-28 18:17 . 2009-03-28 18:17 -------- dc-h--w c:\documents and settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\{DE032019-B933-4DF4-9174-48C52613DA13}

2009-03-28 18:17 . 2009-03-28 21:10 -------- dc----w c:\arquivos de programas\Stardock

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-27 01:35 . 2008-05-02 22:17 -------- dc----w c:\arquivos de programas\Java

2009-04-24 14:10 . 2007-10-24 02:22 -------- dc----w c:\arquivos de programas\Nokia

2009-04-24 14:07 . 2007-10-24 02:17 -------- dc----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Installations

2009-04-21 22:36 . 2009-02-22 14:56 -------- dc----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Google Updater

2009-04-15 01:34 . 2007-01-09 20:11 -------- dc----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-14 11:57 . 2007-10-24 02:25 -------- dc----w c:\documents and settings\Ítalo César.HOME\Dados de aplicativos\Nokia

2009-04-14 11:52 . 2006-12-30 20:20 -------- dc----w c:\arquivos de programas\Winamp

2009-04-11 15:42 . 2009-02-02 12:41 -------- dc----w c:\arquivos de programas\FlashGet

2009-04-11 14:26 . 2008-12-29 19:42 -------- dc----w c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2

2009-04-03 11:56 . 2009-01-11 12:07 -------- dc----w c:\arquivos de programas\RocketDock

2009-03-31 12:45 . 2009-03-21 16:19 -------- dc----w c:\arquivos de programas\Total Video Converter IR Retail

2009-03-28 21:10 . 2008-07-29 20:02 -------- dc----w c:\arquivos de programas\Arquivos comuns\stardock

2009-03-28 17:17 . 2008-01-26 12:42 -------- dc----w c:\arquivos de programas\VisualTaskTips

2009-03-24 14:20 . 2009-01-26 12:03 -------- dc----w c:\arquivos de programas\Elaborate Bytes

2009-03-21 18:39 . 2009-03-19 15:15 -------- dc----w c:\arquivos de programas\MediaCoder

2009-03-20 18:50 . 2009-03-20 18:50 3358720 -c--a-w c:\windows\system32\GPhotos.scr

2009-03-19 21:05 . 2009-03-19 21:05 -------- dc----w c:\documents and settings\Ítalo César.HOME\Dados de aplicativos\Publish Providers

2009-03-19 21:05 . 2009-03-19 21:05 -------- dc----w c:\documents and settings\Ítalo César.HOME\Dados de aplicativos\Sony

2009-03-19 11:33 . 2009-03-14 18:05 -------- dc----w c:\arquivos de programas\QuickTime Alternative

2009-03-14 18:05 . 2009-01-21 22:07 -------- dc----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer

2009-03-14 18:05 . 2009-03-14 18:05 -------- dc----w c:\arquivos de programas\Media Player Classic

2009-03-14 18:05 . 2008-09-29 14:03 -------- dc----w c:\documents and settings\Ítalo César.HOME\Dados de aplicativos\Apple Computer

2009-03-09 08:19 . 2008-11-24 19:48 410984 -c--a-w c:\windows\system32\deploytk.dll

2009-02-14 20:28 . 2007-06-01 02:33 65000 -c--a-w c:\documents and settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-02-09 10:37 . 2007-10-24 02:22 91136 -c--a-w c:\windows\system32\nmwcdcls.dll

2009-02-06 21:52 . 2009-02-06 21:52 49504 -c--a-w c:\windows\system32\sirenacm.dll

2009-01-27 12:37 . 2009-04-20 12:36 10912 -c--a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

2008-12-24 12:37 . 2008-12-24 12:37 64608 -c--a-w c:\documents and settings\Convidado\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-12-02 12:04 . 2008-12-02 12:04 61 -c--a-w c:\arquivos de programas\ddtabases.rar

2008-12-01 00:40 . 2008-12-01 00:40 0 -c--a-w c:\arquivos de programas\dda3.log

2008-11-12 13:37 . 2008-11-12 13:37 5632 -csha-w c:\arquivos de programas\Thumbs.db

2007-07-20 04:19 . 2007-07-20 04:19 855886 -c--a-w c:\arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 . 2007-07-20 04:19 800467 -c--a-w c:\arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 . 2007-07-20 04:19 1803760 -c--a-w c:\arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 . 2007-07-20 04:18 201696 -c--a-w c:\arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 . 2007-07-20 04:18 44684 -c--a-w c:\arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 . 2007-07-20 04:18 1711752 -c--a-w c:\arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-20 04:18 . 2007-07-20 04:18 156612 -c--a-w c:\arquivos de programas\AUG2007_XACT_x86.cab

2007-07-03 01:43 . 2007-07-03 01:42 171008 -c--a-w c:\arquivos de programas\FLV PlayerRCSetup.exe

2007-01-08 13:31 . 2007-01-08 13:31 18096 -c--a-w c:\documents and settings\Ítalo César\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-10-01 18:00 . 2007-01-23 00:55 40960 -c--a-w c:\arquivos de programas\Uninstall_CDS.exe

2003-12-24 02:2003-12-24 02:54 54:04 . c:\arquivos de programas\mozilla firefox\components\msvcp70.dll

2003-12-24 02:2003-12-24 02:54 54:04 . c:\arquivos de programas\mozilla firefox\components\msvcr70.dll

.

------- Sigcheck -------

[-] 2007-06-13 13:21 1697280 07A1A28907A5F2A251B3B2564884D730 c:\windows\explorer.exe

[7] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

[-] 2007-06-13 13:21 1697280 07A1A28907A5F2A251B3B2564884D730 c:\windows\system32\dllcache\explorer.exe

[7] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\XPize Darkside\Backup\explorer.exe

[-] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

[-] 2004-08-04 03:45 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 03:45 30208 C44B39505116F6961988B8681793E572 c:\windows\system32\dllcache\ctfmon.exe

[7] 2004-08-04 03:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\XPize Darkside\Backup\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XPize Darkside Reloader"="c:\windows\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 112737]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]

"LightDialer"="c:\arquivos de programas\Oi Velox\Conexão\DISCADOR.EXE" [2007-02-26 917504]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

"Google Update"="c:\documents and settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-04-11 133104]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\Soundman.exe [2005-12-14 593920]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

c:\documents and settings\Ötalo C‚sar.HOME\Menu Iniciar\Programas\Inicializar\

MagicFormation.lnk - c:\documents and settings\Ötalo C‚sar.HOME\Meus documentos\Ötalo\Progamas\Windows\MagicFormation.exe [2009-3-28 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 18:13 49152 -c--a-w c:\arquiv~1\ARQUIV~1\Stardock\MCPStub.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave1"= serwvdrv.dll

"wave2"= serwvdrv.dll

"wave3"= serwvdrv.dll

"wave4"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\Ítalo César.HOME\\temp\\TeamViewer\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

R2 gupdate1c994ff82e17ada;Google Update Service (gupdate1c994ff82e17ada);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-22 133104]

R3 CrystalSysInfo;CrystalSysInfo; [x]

S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440]

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f78e56b-479a-11dd-9452-000fead92af6}]

\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe

\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-04-27 c:\windows\Tasks\Google Software Updater.job

- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 00:30]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-22 15:08]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Descarregar tudo com o FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm

IE: &Descarregar utilizando o FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\4mbzb1yt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np32dsw.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program files\Fantasy Codecs\Plugins\nppl3260.dll

FF - plugin: c:\program files\Fantasy Codecs\Plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-27 09:23

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(764)

c:\arquiv~1\ARQUIV~1\Stardock\mcpstub.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2656)

c:\windows\system32\SHDOCVW.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\arquiv~1\ARQUIV~1\stardock\MCPCore.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-04-27 9:26

ComboFix-quarantined-files.txt 2009-04-27 12:26

Pré-execução: 15 pasta(s) 43.527.602.176 bytes disponíveis

Pós execução: 14 pasta(s) 43.967.881.216 bytes disponíveis

249

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:32 Ítalo César, on 27/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ARQUIV~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Ítalo\Progamas\Windows\MagicFormation.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local