[Arquivado] O mouse está maluco

[wings 22]

OK...

 

 

Há alguma referência além de DELL INSPIRON 15?

 

Ex. DELL INSPIRON 15 (1545)

[Eduardo Moreira dos Santos 0]

Fabricante: DELL

Modelo: Inspiron 1545

Tipo de Sistema: Sistema Operacional de 64 bits

[wings 22]

OK...

 

:seta: Instale o SP1

 

*Informe como está o Notebook.

[Eduardo Moreira dos Santos 0]

Instalei o SP1 e reinicializei o computador, porém o mouse voltou a funcionar de forma indevida. Clico e apenas ilumina o botão na tela de login do windows. E no Crhome, ao clicar na aba, fecha a aba. E o som continua sem funcionar.

[wings 22]

É amigo, acho que não tem jeito.

 

Acho que terás que reinstalar o Windows.

 

Você pode tentar usar outro mouse para verificar se o defeito é nele.

 

Verifique também se o driver do som está instalado:

 

*Clique Iniciar > Painel de Controle > Hardware e Sons

 

*Em Som, clique em Gerenciar os dispositivos de áudio

 

 

:seta: Baixe o Farbar Service Scanner (...de Farbar) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione todas as opções

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services



*Clique [scan]

*Cole o relatório FSS.txt[/color] localizado no desktop

 

 

:seta: No menu Iniciar do seu Windows, deve ter uma ferramenta da Dell para restaurar (voltar para as configurações de fábrica). Você pode tbm usá-la. Porém, sugiro que salve seus arquivos pessoais num pen drive antes de proceder.

[Eduardo Moreira dos Santos 0]

Farbar Service Scanner Version: 15-02-2013

Ran by Eduardo (administrator) on 17-02-2013 at 23:02:38

Running from "C:\Users\Eduardo\Desktop"

Windows 7 Home Basic Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wuauserv. The value does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-02-14 08:42] - [2013-01-03 03:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[wings 22]

:seta: Baixe o TDSSKiller da Kaspersky e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique Change parameters



*Selecione Detect TDLFS file system e clique [OK]



*Clique [start scan]

*Caso encontre algo, selecione Skip




:veja: Acesse este link

*Clique [selecionar arquivo...]

*Localize o relatório C:\TDSSKiller_log.txt e clique [Abrir]

*Selecione 4 jours

*Clique [Créer le lien Cjoint]

http://imgbox.com/aby4NIZG'>

*Cole o link criado ao lado de Le lien a été créé:

http://imgbox.com/acrVh6GY'>

[Eduardo Moreira dos Santos 0]

http://cjoint.com/?3BvbU0vBIr4

[wings 22]

Olá Eduardo Moreira dos Santos

 

 

:seta: Delete o TDSSKiller e seu relatório C:\TDSSKiller_log.txt

 

 

:seta: Baixe o http://kb.eset.com.br/library/ESET/KB Team Only/Malware/ServicesRepair.exe'>ServicesRepair e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [sim]

http://imgbox.com/aciSMr4T'>

*Clique [sim] para reiniciar o PC

http://imgbox.com/adcHUQs6'>

 

 

:seta: Cole um novo log do Farbar Service Scanner, conforme orientei

[Eduardo Moreira dos Santos 0]

Farbar Service Scanner Version: 15-02-2013

Ran by Eduardo (administrator) on 20-02-2013 at 22:57:48

Running from "C:\Users\Eduardo\Desktop"

Windows 7 Home Basic Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-02-14 08:42] - [2013-01-03 03:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[wings 22]

Como está o notebook agora?

[Eduardo Moreira dos Santos 0]

O som continua não funcionando, nem os controles do som pelo teclado funcionam.

Em Painel de Controle / Todos os itens do painel de controle, ao clicar no ícone de Som, nada acontece.

 

O mouse continua com o mesmo problema. Se espetar na USB o (pendrive) do mouse a seta até se movimenta com o movimento do mouse, porém ao clicar nos botões, o botão se ilumina (reconhecendo o clique), porém nada acontece. E depois, mesmo removendo o mouse, os cliques usando touchpad passam a se comportar como o do mouse defeituoso, iluminando o botão sem realizar nenhuma ação.

[wings 22]

:seta: Execute o arquivo C:\Windows\erdnt\Hiv-backup\ERDNT.exe



*Clique [OK]



*Clique [OK]



*Clique [sim]



*Clique [sim] e o PC será reiniciado

 

 

:seta: Informe de o som retornou

[Eduardo Moreira dos Santos 0]

Não encontrei o arquivo ERDNT.EXE no diretório HIV-BACKUP, mas encontrei no diretório SUB.

Primeiro tentei copiar o ERDNT.EXE para o diretório HIV-BACKUP e executá-lo a partir de lá, porém deu erro na execução, com uma mensagem que dizia que o local da execução era inadequado.

Tentei, então, executá-lo a partir do diretório SUB. Dessa vez, não reclamou do local, porém reclamou que alguns arquivos não existiam. Fui clicando em SIM. A recuperação foi até o final, porém não pediu para dar reboot no sistema.

Dei reboot no sistema, mas o som não voltou a funcionar.

[wings 22]

:seta: Baixe este arquivo e salve-o no desktop

 

*Execute-o

 

*Cole o relatório apresentado

[Eduardo Moreira dos Santos 0]

Transcrevo abaixo o erro exibido ao executar o arquivo:

 

AutoIt Error

 

Line 45 (File "C:\Users\Eduardo\Desktop\Liste_Point_Restau.exe");

 

Error: Variable must be of type "Object".

[wings 22]

OK...

 

 

:seta: Delete o Liste_Point_Restau

 

 

:seta: Abra o bloco de notas e cole nele as linhas em marrom:

DeQuarantine::
C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-vmms.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-sacsvr.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Wdf01000.sys.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-volmgrx.sys.reg.dat
C:\Qoobox\Quarantine\Registry_backups\SafeBoot-volmgr.sys.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-DellSupportCenter.reg.dat
C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E}.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e}.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_wuauserv.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_Winmgmt.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_SessionEnv.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_Schedule.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_MSiSCSI.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_AudioSrv.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
Quit::

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

 

 

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Cole o relatório apresentado

 

 

:seta: Abra o bloco de notas e cole as linhas em azul

@echo off
echo
net start AudioSrv
net start MSiSCSI
net start Schedule
net start SessionEnv
net start Winmgmt
net start wuauserv

*Salve no desktop assim:

Nome: net_services.bat

Tipo: Todos os arquivos

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Reinicie o PC

 

 

:seta: Execute o Farbar Service Scanner, selecione todas as opções

 

*Clique [scan]

*Cole o relatório FSS.txt[/color] localizado no desktop

[Eduardo Moreira dos Santos 0]

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-28 39408]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]

"BF6299E1C790DE099A325A33F499100F3E836D3F._service_run"="c:\users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]

"chromium"="c:\users\Eduardo\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]

"Facebook Update"="c:\users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-15 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-03-21 103896]

"RMAlert"="c:\program files (x86)\PC Tools Registry Mechanic\Alert.exe" [2012-03-21 1318872]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

.

c:\users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BrOffice.org 3.1.lnk - c:\program files (x86)\BrOffice.org 3\program\quickstart.exe [N/A]

.

c:\users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Eduardo\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2012-11-10 655552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-11-10 00:51 655552 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]

R3 dc3d;Driver de detecção de dispositivos Microsoft Hardware;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Programador;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-13 86224]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-11-10 279744]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-03-21 793048]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

eventsystem

iprip

netman

wzcsvc

ip6fwhlp

WmdmPmSN

UxTuneUp

Appinfo

BDESVC

Browser

EapHost

hkmsvc

IKEEXT

MMCSS

ProfSvc

seclogon

Themes

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1000Core.job

- c:\users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-01 15:09]

.

2013-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1000UA.job

- c:\users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-01 15:09]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 04:18]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 04:18]

.

2013-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1000Core.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-08 02:36]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1000UA.job

- c:\users\Eduardo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-08 02:36]

.

2013-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1001Core.job

- c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 18:58]

.

2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933302284-1054454040-2067432904-1001UA.job

- c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 18:58]

.

2013-01-04 c:\windows\Tasks\Norton Security Scan for Eduardo.job

- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-03-04 05:45]

.

2013-02-14 c:\windows\Tasks\PC Performer_UPDATES.job

- c:\program files (x86)\PC Performer\PCPerformer.exe [2013-02-14 17:53]

.

2013-02-17 c:\windows\Tasks\RMAutoUpdate.job

- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-07-01 14:23]

.

2013-02-16 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-07-01 14:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\7bqv3tra.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://www.google.com.br

FF - ExtSQL: !HIDDEN! 2011-10-09 14:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\svchost.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-02-24 12:22:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-02-24 15:21

ComboFix2.txt 2013-02-17 18:05

.

Pré-execução: 279.935.991.808 bytes disponíveis

Pós execução: 279.538.954.240 bytes disponíveis

.

- - End Of File - - 0684E7EB60F918E5B4D5FF90C713F41A

Farbar Service Scanner Version: 15-02-2013

Ran by Eduardo (administrator) on 24-02-2013 at 13:53:44

Running from "C:\Users\Eduardo\Desktop"

Windows 7 Home Basic Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-02-14 08:42] - [2013-01-03 03:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[wings 22]

Perfeito....

 

Os serviços estão funcionando.

 

 

:seta: O som retornou?

 

 

:seta: Clique Iniciar > Painel de Controle > Sistema e Segurança > Windows Update > Procurar atualizações

http://imgbox.com/adnXrhVM'>

*Aguarde a verificação

*Clique Atualizações opcionais estão disponíveis e selecione tudo

http://imgbox.com/acq8pLzL'>

*Clique [OK] > [instalar atualizações] e aguarde o término. Caso seja solicitado, clique [Reiniciar Agora]

[Eduardo Moreira dos Santos 0]

Foram instaladas 4 atualizações opcionais. O micro foi reinicializado, porém o som continua sem funcionar.