[Resolvido!] Máquina reinicia quando uso o teclado

[ItaloCCSL 0]

Pessoal,

Preciso de ajuda aqui, uma máquina de um primo está dando um problema muito chato. Ela reinicia toda vez que é usado o teclado e nem se quer um click ela deixa dar. A máquina dele está muito lenta para qualquer ação que seja executada.

Eu usei o HijackThis na máquina dele e estou enviando para vocês.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:01:13, on 8/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\AVG\AVG8\avgupd.exe

G:\Documents\Nova pasta\HiJackThis.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Arquivos de programas\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Arquivos de programas\100% Free Chess Toolbar\v3.3.0.1\100%_Free_Chess_Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6518 bytes

[DigRam 144]

Bom Dia! ItaloCCSL

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[ItaloCCSL 0]

Está aqui o que você pediu, mas de ante mão lhe informo que não houve mudanças tão significativas. Algumas teclas até estão funcionando, mas o enter e fatal para reiniciar o pc.

 

ComboFix 10-04-10.02 - Daniel 11/04/2010 18:34:39.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.255.76 [GMT -3:00]

Executando de: c:\documents and settings\Daniel\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\100% Free Chess Toolbar\v3.3.0.1\100%_free_chess_toolbar.dll

c:\windows\AUTOLNCH.REG

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-11 to 2010-04-11 ))))))))))))))))))))))))))))

.

 

2010-03-30 13:42 . 1997-11-11 14:00 773120 ------w- c:\windows\system32\ir41_32.dll

2010-03-30 13:42 . 1997-11-11 14:00 56832 ------w- c:\windows\system32\iyvu9_32.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-14 17:50 . 2010-02-14 17:50 3473956 ----a-w- c:\arquivos de programas\The_Fray_-_Heartless.mp3

2010-02-01 18:31 . 2008-05-16 18:50 68408 ----a-w- c:\windows\system32\perfc016.dat

2010-02-01 18:31 . 2008-05-16 18:50 428340 ----a-w- c:\windows\system32\perfh016.dat

2010-01-30 19:52 . 2008-06-05 22:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-30 19:52 . 2008-06-05 22:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-30 19:52 . 2008-06-05 22:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\sfcfiles.dll

[-] 2008-03-03 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-19_18.21.48 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-11 21:41 . 2009-07-11 21:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

+ 2009-07-11 22:41 . 2009-07-11 22:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

- 2008-05-16 18:06 . 2009-08-06 21:24 53472 c:\windows\system32\wuauclt.exe

+ 2008-05-16 19:06 . 2009-08-06 22:24 53472 c:\windows\system32\wuauclt.exe

+ 2008-05-16 19:03 . 2004-08-04 02:45 97792 c:\windows\system32\wbem\wmiutils.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 97792 c:\windows\system32\wbem\wmiutils.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 47104 c:\windows\system32\wbem\ncprov.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 47104 c:\windows\system32\wbem\ncprov.dll

- 2008-06-27 00:55 . 2006-10-26 21:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

+ 2008-06-27 01:55 . 2006-10-26 22:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

+ 2008-05-16 19:22 . 2003-06-19 04:31 18944 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

- 2008-05-16 18:22 . 2003-06-19 03:31 18944 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 69120 c:\windows\system32\olethk32.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 69120 c:\windows\system32\olethk32.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 22016 c:\windows\system32\olesvr32.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 22016 c:\windows\system32\olesvr32.dll

+ 2008-05-16 18:50 . 2005-07-26 04:40 37888 c:\windows\system32\olecnv32.dll

- 2008-05-16 17:50 . 2005-07-26 03:40 37888 c:\windows\system32\olecnv32.dll

- 2008-05-16 17:50 . 2005-07-26 03:40 75264 c:\windows\system32\olecli32.dll

+ 2008-05-16 18:50 . 2005-07-26 04:40 75264 c:\windows\system32\olecli32.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 18432 c:\windows\system32\oleaccrc.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 18432 c:\windows\system32\oleaccrc.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 47616 c:\windows\system32\msxml3r.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 47616 c:\windows\system32\msxml3r.dll

- 2008-06-27 00:55 . 2008-11-10 13:41 32656 c:\windows\system32\msonpmon.dll

+ 2008-06-27 01:55 . 2008-11-10 14:41 32656 c:\windows\system32\msonpmon.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 20992 c:\windows\system32\msacm32.drv

- 2008-05-16 17:50 . 2008-05-16 17:50 20992 c:\windows\system32\msacm32.drv

+ 2008-05-16 19:03 . 2004-08-04 02:45 11264 c:\windows\system32\icaapi.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 11264 c:\windows\system32\icaapi.dll

- 2008-07-03 16:20 . 2005-10-30 17:24 81920 c:\windows\system32\cpwmon2k.dll

+ 2008-07-03 17:20 . 2005-10-30 18:24 81920 c:\windows\system32\cpwmon2k.dll

+ 2008-05-16 19:03 . 2005-07-26 04:40 60416 c:\windows\system32\colbact.dll

- 2008-05-16 18:03 . 2005-07-26 03:40 60416 c:\windows\system32\colbact.dll

- 2008-05-16 18:06 . 2004-08-04 01:45 38912 c:\windows\pchealth\helpctr\binaries\pchsvc.dll

+ 2008-05-16 19:06 . 2004-08-04 02:45 38912 c:\windows\pchealth\helpctr\binaries\pchsvc.dll

+ 2008-05-16 19:06 . 2004-08-04 02:45 6656 c:\windows\system32\wuauserv.dll

- 2008-05-16 18:06 . 2004-08-04 01:45 6656 c:\windows\system32\wuauserv.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 9344 c:\windows\system32\vga.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 9344 c:\windows\system32\vga.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 2560 c:\windows\system32\lz32.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 2560 c:\windows\system32\lz32.dll

- 2008-05-16 18:06 . 2009-08-06 21:24 327896 c:\windows\system32\wucltui.dll

+ 2008-05-16 19:06 . 2009-08-06 22:24 327896 c:\windows\system32\wucltui.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 145408 c:\windows\system32\wbem\wmisvc.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 145408 c:\windows\system32\wbem\wmisvc.dll

+ 2008-05-16 19:03 . 2009-02-09 11:19 453120 c:\windows\system32\wbem\wmiprvsd.dll

- 2008-05-16 18:03 . 2009-02-09 10:19 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 273920 c:\windows\system32\wbem\wbemess.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 273920 c:\windows\system32\wbem\wbemess.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 531456 c:\windows\system32\wbem\wbemcore.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 531456 c:\windows\system32\wbem\wbemcore.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 214528 c:\windows\system32\wbem\wbemcomn.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 214528 c:\windows\system32\wbem\wbemcomn.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 177152 c:\windows\system32\wbem\repdrvfs.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 177152 c:\windows\system32\wbem\repdrvfs.dll

+ 2008-05-16 19:03 . 2009-02-09 11:19 473088 c:\windows\system32\wbem\fastprox.dll

- 2008-05-16 18:03 . 2009-02-09 10:19 473088 c:\windows\system32\wbem\fastprox.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 247808 c:\windows\system32\wbem\esscli.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 247808 c:\windows\system32\wbem\esscli.dll

+ 2008-05-16 19:03 . 2004-08-04 02:45 296960 c:\windows\system32\termsrv.dll

- 2008-05-16 18:03 . 2004-08-04 01:45 296960 c:\windows\system32\termsrv.dll

+ 2008-05-16 19:06 . 2004-08-04 02:45 171008 c:\windows\system32\srsvc.dll

- 2008-05-16 18:06 . 2004-08-04 01:45 171008 c:\windows\system32\srsvc.dll

- 2008-05-16 18:05 . 2004-08-04 01:45 192000 c:\windows\system32\schedsvc.dll

+ 2008-05-16 19:05 . 2004-08-04 02:45 192000 c:\windows\system32\schedsvc.dll

- 2008-05-16 18:06 . 2004-08-04 01:45 382464 c:\windows\system32\qmgr.dll

+ 2008-05-16 19:06 . 2004-08-04 02:45 382464 c:\windows\system32\qmgr.dll

+ 2008-05-16 18:50 . 2008-05-16 18:50 235008 c:\windows\system32\netevent.dll

- 2008-05-16 17:50 . 2008-05-16 17:50 235008 c:\windows\system32\netevent.dll

- 2008-06-13 16:52 . 2009-08-06 21:23 274288 c:\windows\system32\mucltui.dll

+ 2008-06-13 17:52 . 2009-08-06 22:23 274288 c:\windows\system32\mucltui.dll

+ 2008-05-16 18:53 . 2010-03-30 14:07 270192 c:\windows\system32\FNTCACHE.DAT

- 2008-05-16 18:03 . 2005-07-26 03:40 498688 c:\windows\system32\clbcatq.dll

+ 2008-05-16 19:03 . 2005-07-26 04:40 498688 c:\windows\system32\clbcatq.dll

+ 2008-07-01 14:11 . 2006-08-25 15:49 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

- 2008-07-01 13:11 . 2006-08-25 14:49 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

- 2008-05-16 18:06 . 2009-08-06 21:23 1929952 c:\windows\system32\wuaueng.dll

+ 2008-05-16 19:06 . 2009-08-06 22:23 1929952 c:\windows\system32\wuaueng.dll

+ 2009-09-05 10:44 . 2010-03-06 22:27 4206588 c:\windows\system32\Restore\rstrlog.dat

+ 2008-05-16 18:56 . 2007-09-17 04:07 5783040 c:\windows\system32\nv4_disp.dll

- 2008-05-16 17:56 . 2007-09-17 03:07 5783040 c:\windows\system32\nv4_disp.dll

- 2008-05-16 18:03 . 2005-07-26 03:40 1267200 c:\windows\system32\comsvcs.dll

+ 2008-05-16 19:03 . 2005-07-26 04:40 1267200 c:\windows\system32\comsvcs.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"nwiz"="nwiz.exe" [2007-09-17 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2010-03-20 2046816]

"Creative WebCam Tray"="c:\arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 18944]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-01-30 19:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/6/2008 19:30 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/6/2008 19:30 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [4/7/2008 08:55 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [30/1/2010 17:23 297752]

R2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [16/5/2008 16:47 115712]

R2 CXTUNER;CxTuner, WDM TvTuner;c:\windows\system32\drivers\cxtuner.sys [16/5/2008 16:47 28831]

R2 CXXBAR;CxBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [16/5/2008 16:47 9728]

R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [30/1/2010 16:16 26752]

S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [14/9/2000 10:00 159867]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [3/4/2009 21:16 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [3/4/2009 21:16 79104]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-HijackThis - g:\documents\Nova pasta\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-11 18:43

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-04-11 18:46:02

ComboFix-quarantined-files.txt 2010-04-11 21:46

ComboFix2.txt 2010-02-19 18:25

 

Pré-execução: 2.954.477.568 bytes disponíveis

Pós execução: 2.924.576.768 bytes disponíveis

 

- - End Of File - - E3F815E6DCEF99D7ED1B38EF3E1D22B5

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:30, on 12/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

G:\Documents\Nova pasta\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_15\bin\npjpi142_15.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6072 bytes

[DigRam 144]

Boa Tarde! ItaloCCSL

 

<@> Baixe: < > Link!

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[ItaloCCSL 0]

Boa Tarde! ItaloCCSL

 

<@> Baixe: < > Link!

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

 

Cara nem precisou eu fazer isso o pro dele era o teclado mesmo. Foi comprado outro e fim de problema.

 

Mesmo assim obrigado pela ajuda!

:joia:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.