[Resolvido!]Imagem Incorreta

[carolpower 0]

Olá... espero estar postando no tópico certo.

 

Bom, toda hora meu anti-vírus(Avast) informa que esta com vírus na

memória Ram, e fala p agenda scaneamento. Já scaniei e msmo assim continua.

 

Meu AntiSpyware detecta no Registry:

UNKNOWN - Isass driver [c:windows\msauc.exe]

UNKNOWN -DLL NAME [crypts.dll]

 

E fica aparencendo tb, uma msg de erro na tela do pc:

 

MSNMSGR.EXE - IMAGEM INCORRETA

 

O aplicativo ou a dll:\windows\system23\digete.dll não é uma imagem válida para o windows. Compare com o disco de instalação.

 

 

o que eu faço ???

estou preocupada !! :(

[Mário Monteiro 179]

post um log conforme o topico http://forum.imasters.com.br/index.php?showtopic=165906

[carolpower 0]

Logfile of HijackThis v1.99.1

Scan saved at 19:13:00, on 15/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\msauc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\TEMP\9FE1.tmp

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA134B94-31A8-4ECC-A6D8-82586600BC37}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

[MGuitar 11]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[carolpower 0]

Acabei esquecendo de Desativar temporariamente o meu antivirus..

se tiver algum problema faço de novo.

O log gerado:

 

ComboFix 09-01-13.04 - Carolina 2009-01-15 20:45:12.2 - FAT32x86

Executando de: c:\documents and settings\Carolina\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090115-0] *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\msauc.exe

c:\windows\system32\crypts.dll

c:\windows\system32\digeste.dll

c:\windows\system32\scpMIB.dll

c:\windows\system32\shell31.dll

c:\windows\system32\sshib.dll

c:\windows\system32\wpv041230261190.cpx

c:\windows\system32\wpv231232041202.cpx

c:\windows\system32\wpv811230261225.cpx

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))

.

 

2009-01-15 08:39 . 2009-01-15 08:40 1,136 --a------ C:\6[1].LNK

2009-01-15 08:39 . 2009-01-15 08:40 1,043 --a------ C:\GHIJKLMN.LNK

2009-01-14 14:20 . 2009-01-14 14:20 1,043 --a------ C:\LH3BMW2T.LNK

2009-01-14 14:19 . 2009-01-14 14:19 1,043 --a------ C:\QQEOFSU1.LNK

2009-01-14 11:40 . 2009-01-14 14:20 1,258 --a------ C:\Imposs_velatravessaravida[1].LNK

2009-01-14 11:40 . 2009-01-14 11:40 1,043 --a------ C:\YAZ3PSNB.LNK

2009-01-13 17:59 . 2009-01-13 17:59 724 --a------ C:\A_Loja_de_CD.LNK

2009-01-13 11:54 . 2009-01-13 11:55 79 --a------ C:\A_Loja_de_CD.pps.url

2009-01-13 11:54 . 2009-01-13 11:55 63 --a------ C:\pps em www.portalprudente.com.br.url

2009-01-11 17:34 . 2009-01-11 17:34 1,158 --a------ C:\Teste[1].LNK

2009-01-11 17:34 . 2009-01-11 17:34 1,043 --a------ C:\CDIZ812Z.LNK

2009-01-09 23:04 . 2009-01-09 23:04 <DIR> d--hs---- C:\FOUND.032

2009-01-09 16:55 . 2009-01-09 16:55 1,213 --a------ C:\Calend%c3%a1ri[1]...LNK

2009-01-09 16:55 . 2009-01-09 16:55 1,043 --a------ C:\7TJ8G4ZW.LNK

2009-01-07 20:50 . 969 C:\L a ? ?.LNK

2009-01-07 20:50 . 2009-01-10 00:54 691 --a------ C:\Minhas m£sicas.LNK

2009-01-06 21:17 . 2009-01-06 22:11 724 --a------ C:\Romaria EDUB.LNK

2009-01-05 13:57 . 2009-01-05 13:58 884 --a------ C:\Instala%C3%A7%C3%B5es dos chal%C3%A9s[1].LNK

2009-01-05 11:26 . 2009-01-05 11:26 1,233 --a------ C:\Mulheres-no-Transito[1].LNK

2009-01-05 11:19 . 2009-01-05 11:19 1,168 --a------ C:\Amizade[1].LNK

2009-01-05 11:18 . 2009-01-05 11:18 1,243 --a------ C:\Maravilhoso_Pai_Nosso-[1].LNK

2009-01-05 10:43 . 2009-01-05 10:43 1,258 --a------ C:\A borboleta e o cavalinho[1].LNK

2009-01-05 10:36 . 2009-01-05 10:36 1,158 --a------ C:\Homem[1].LNK

2009-01-05 10:33 . 2009-01-05 10:33 1,178 --a------ C:\NationalG[1].LNK

2009-01-05 10:33 . 2009-01-05 13:58 1,043 --a------ C:\QJCTM9WZ.LNK

2009-01-05 10:15 . 2009-01-05 10:15 1,168 --a------ C:\Caverna[1].LNK

2009-01-05 10:12 . 2009-01-05 10:12 1,263 --a------ C:\MEUS_DESEJOS_NATALINOS_SOM[1].LNK

2009-01-05 10:12 . 2009-01-05 11:18 1,043 --a------ C:\6G15RNVV.LNK

2009-01-05 10:03 . 2009-01-05 10:03 1,183 --a------ C:\CORRIGINDO[1].LNK

2009-01-05 10:03 . 2009-01-05 10:03 1,043 --a------ C:\0DQF0TYN.LNK

2009-01-05 09:57 . 2009-01-05 09:57 1,258 --a------ C:\VISITA DO ANJO DA GUARDA![1].LNK

2009-01-05 09:57 . 2009-01-05 11:26 1,043 --a------ C:\NPOKCFZN.LNK

2009-01-04 17:06 . 2009-01-04 20:57 666 --a------ C:\lista.LNK

2009-01-04 16:51 . 2009-01-04 23:25 412 --a------ C:\ANIVERSµR[1]...LNK

2009-01-02 18:02 . 2009-01-02 18:02 714 --a------ C:\http PRAIA.LNK

2009-01-02 15:36 . 2009-01-02 15:36 749 --a------ C:\COMENTARIO POEMAS.LNK

2009-01-02 15:35 . 2009-01-02 15:35 1,064 --a------ C:\Salvamento de AutoRecupera‡Æo de Documento1.LNK

2009-01-02 15:35 . 2009-01-02 15:36 774 --a------ C:\Word.LNK

2008-12-30 20:04 . 2008-12-30 20:04 804 --a------ C:\UM ANJO APRENDENDO VOAR rafa.LNK

2008-12-30 19:44 . 2008-12-30 19:44 719 --a------ C:\RENOVO rafa.LNK

2008-12-30 19:37 . 2008-12-30 19:37 774 --a------ C:\NATUREZA SELVAGEM rafa.LNK

2008-12-30 19:32 . 2008-12-30 19:32 764 --a------ C:\LOA DE VALENTIN rafa.LNK

2008-12-30 19:31 . 2008-12-30 19:31 759 --a------ C:\COMO OS HERàIS rafa.LNK

2008-12-30 19:29 . 2008-12-30 19:29 729 --a------ C:\BELATRIZ rafa.LNK

2008-12-29 22:52 . 2008-12-29 22:52 1,043 --a------ C:\Q1YL6P0J.LNK

2008-12-29 21:10 . 2008-12-29 23:01 829 --a------ C:\Viva A Vida coldplay viva la vida.LNK

2008-12-29 20:55 . 2008-12-29 20:55 749 --a------ C:\pessoas especiais.LNK

2008-12-29 18:12 . 2008-12-29 18:12 <DIR> d-------- c:\windows\system32\Files

2008-12-29 12:35 . 2008-12-29 12:35 779 --a------ C:\misses.LNK

2008-12-29 12:35 . 2008-12-29 12:35 676 --a------ C:\Minhas Webs.LNK

2008-12-29 11:45 . 2008-12-29 22:52 1,188 --a------ C:\INTEIROAMOR[1].LNK

2008-12-29 11:45 . 2008-12-29 11:45 1,043 --a------ C:\OSFFOA33.LNK

2008-12-28 19:25 . 2008-12-28 19:25 1,213 --a------ C:\ANIVERS%c3%81R[1]...LNK

2008-12-28 19:25 . 2008-12-28 19:25 1,043 --a------ C:\WHIBWT2F.LNK

2008-12-15 12:40 . 2009-01-11 17:34 792 --a------ C:\EUROTOOL.LNK

2008-12-15 12:40 . 2009-01-11 17:34 677 --a------ C:\Bibliote.LNK

2008-12-15 12:40 . 2008-12-15 12:40 63 --a------ C:\indef.xls.url

2008-12-15 12:40 . 2008-12-15 12:40 54 --a------ C:\clas_tel em depiras.com.url

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 18:47 --------- d-----w c:\documents and settings\Carolina\Dados de aplicativos\Sony Corporation

2008-11-26 15:18 --------- d-----w c:\arquivos de programas\Sony

2008-11-16 14:12 --------- d-----w c:\arquivos de programas\milhao3

2008-11-10 07:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-09-11 12:05 92,064 ----a-w c:\documents and settings\Carolina\mqdmmdm.sys

2008-09-11 12:05 9,232 ----a-w c:\documents and settings\Carolina\mqdmmdfl.sys

2008-09-11 12:05 79,328 ----a-w c:\documents and settings\Carolina\mqdmserd.sys

2008-09-11 12:05 66,656 ----a-w c:\documents and settings\Carolina\mqdmbus.sys

2008-09-11 12:05 6,208 ----a-w c:\documents and settings\Carolina\mqdmcmnt.sys

2008-09-11 12:05 5,936 ----a-w c:\documents and settings\Carolina\mqdmwhnt.sys

2008-09-11 12:05 4,048 ----a-w c:\documents and settings\Carolina\mqdmcr.sys

2008-09-11 12:05 25,600 ----a-w c:\documents and settings\Carolina\usbsermptxp.sys

2008-09-11 12:05 22,768 ----a-w c:\documents and settings\Carolina\usbsermpt.sys

2007-10-20 18:34 24,192 ----a-w c:\documents and settings\Usuario\usbsermptxp.sys

2007-10-20 18:34 22,768 ----a-w c:\documents and settings\Usuario\usbsermpt.sys

2007-03-16 23:57 1,126,017 ----a-w c:\arquivos de programas\wrar361br.exe

2006-09-15 22:03 33,456 ----a-w c:\documents and settings\Carolina\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2006-09-07 18:55 33,456 ----a-w c:\documents and settings\Usuario\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Arovax AntiSpyware"="c:\arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe" [2007-07-07 1941504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Carolina\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-26 376832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.IV41"= ir41_32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Verificador de Calendário Ulead Photo Express.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Verificador de Calendário Ulead Photo Express.lnk

backup=c:\windows\pss\Verificador de Calendário Ulead Photo Express.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

--a------ 2004-06-10 13:48 286720 c:\windows\vsnpstd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2003-10-07 09:15 548864 c:\windows\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2004-02-26 05:53 65024 c:\windows\SOUNDMAN.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office10\\NSREX.EXE"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-30 20560]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Explorer_Run-USUARIO-BMAWE4K - .vbe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.fast-and-easy-search.info

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

 

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 20:51:22

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\LckFldService.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-15 20:57:18 - Máquina reiniciou

ComboFix2.txt 2008-10-15 12:01:34

ComboFix-quarantined-files.txt 2009-01-15 22:57:12

 

PrÚ-execuþÒo: 50 pasta(s) 23.439.212.544 bytes dispon¡veis

P¾s execuþÒo: 50 pasta(s) 24,916,754,432 bytes dispon¡veis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

C:\ = "Microsoft Windows"

 

199

[MGuitar 11]

Selecione e copie o conteúdo abaixo dentro do CODE (começando de Folder). Cole dentro do Bloco de Notas de seu computador e salve no desktop como CFScript.txt

 

Folder::C:\FOUND.032File::c:\documents and settings\Carolina\Dados de aplicativos\GDIPFONTCACHEV1.DATc:\documents and settings\Usuario\Dados de aplicativos\GDIPFONTCACHEV1.DAT

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[carolpower 0]

ComboFix 09-01-15.01 - Carolina 2009-01-16 12:01:38.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.223.68 [GMT -2:00]

Executando de: c:\documents and settings\Carolina\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Carolina\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1296 [VPS 090115-0] *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\documents and settings\Carolina\Dados de aplicativos\GDIPFONTCACHEV1.DAT

c:\documents and settings\Usuario\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Carolina\Dados de aplicativos\GDIPFONTCACHEV1.DAT

c:\documents and settings\Carolina\Dados de aplicativos\inst.exe

c:\documents and settings\Usuario\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\FOUND.032

c:\found.032\FILE0000.CHK

 

(PS:"AQUI EU APAGUEI PQ VAI ATÉ O 3825")

c:\found.032\FILE3825.CHK

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))

.

 

2009-01-15 22:00 . 2009-01-15 22:00 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys

2009-01-15 22:00 . 2009-01-15 22:30 47,360 --a------ c:\documents and settings\Carolina\Dados de aplicativos\pcouffin.sys

2009-01-15 21:59 . 2009-01-15 22:00 <DIR> d-------- c:\documents and settings\Carolina\Dados de aplicativos\Vso

2009-01-15 21:59 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll

2009-01-15 21:59 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll

2009-01-15 21:59 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll

2009-01-15 21:59 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll

2009-01-15 21:59 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll

2009-01-15 21:58 . 2009-01-15 21:58 <DIR> d-------- c:\arquivos de programas\VSO

2009-01-15 08:39 . 2009-01-15 08:40 1,136 --a------ C:\6[1].LNK

2009-01-15 08:39 . 2009-01-15 08:40 1,043 --a------ C:\GHIJKLMN.LNK

2009-01-14 14:20 . 2009-01-14 14:20 1,043 --a------ C:\LH3BMW2T.LNK

2009-01-14 14:19 . 2009-01-14 14:19 1,043 --a------ C:\QQEOFSU1.LNK

2009-01-14 11:40 . 2009-01-14 14:20 1,258 --a------ C:\Imposs_velatravessaravida[1].LNK

2009-01-14 11:40 . 2009-01-14 11:40 1,043 --a------ C:\YAZ3PSNB.LNK

2009-01-13 17:59 . 2009-01-13 17:59 724 --a------ C:\A_Loja_de_CD.LNK

2009-01-13 11:54 . 2009-01-13 11:55 79 --a------ C:\A_Loja_de_CD.pps.url

2009-01-13 11:54 . 2009-01-13 11:55 63 --a------ C:\pps em www.portalprudente.com.br.url

2009-01-11 17:34 . 2009-01-11 17:34 1,158 --a------ C:\Teste[1].LNK

2009-01-11 17:34 . 2009-01-11 17:34 1,043 --a------ C:\CDIZ812Z.LNK

2009-01-09 16:55 . 2009-01-09 16:55 1,213 --a------ C:\Calend%c3%a1ri[1]...LNK

2009-01-09 16:55 . 2009-01-09 16:55 1,043 --a------ C:\7TJ8G4ZW.LNK

2009-01-07 20:50 . 969 C:\L a ? ?.LNK

2009-01-07 20:50 . 2009-01-10 00:54 691 --a------ C:\Minhas músicas.LNK

2009-01-06 21:17 . 2009-01-06 22:11 724 --a------ C:\Romaria EDUB.LNK

2009-01-05 13:57 . 2009-01-05 13:58 884 --a------ C:\Instala%C3%A7%C3%B5es dos chal%C3%A9s[1].LNK

2009-01-05 11:26 . 2009-01-05 11:26 1,233 --a------ C:\Mulheres-no-Transito[1].LNK

2009-01-05 11:19 . 2009-01-05 11:19 1,168 --a------ C:\Amizade[1].LNK

2009-01-05 11:18 . 2009-01-05 11:18 1,243 --a------ C:\Maravilhoso_Pai_Nosso-[1].LNK

2009-01-05 10:43 . 2009-01-05 10:43 1,258 --a------ C:\A borboleta e o cavalinho[1].LNK

2009-01-05 10:36 . 2009-01-05 10:36 1,158 --a------ C:\Homem[1].LNK

2009-01-05 10:33 . 2009-01-05 10:33 1,178 --a------ C:\NationalG[1].LNK

2009-01-05 10:33 . 2009-01-05 13:58 1,043 --a------ C:\QJCTM9WZ.LNK

2009-01-05 10:15 . 2009-01-05 10:15 1,168 --a------ C:\Caverna[1].LNK

2009-01-05 10:12 . 2009-01-05 10:12 1,263 --a------ C:\MEUS_DESEJOS_NATALINOS_SOM[1].LNK

2009-01-05 10:12 . 2009-01-05 11:18 1,043 --a------ C:\6G15RNVV.LNK

2009-01-05 10:03 . 2009-01-05 10:03 1,183 --a------ C:\CORRIGINDO[1].LNK

2009-01-05 10:03 . 2009-01-05 10:03 1,043 --a------ C:\0DQF0TYN.LNK

2009-01-05 09:57 . 2009-01-05 09:57 1,258 --a------ C:\VISITA DO ANJO DA GUARDA![1].LNK

2009-01-05 09:57 . 2009-01-05 11:26 1,043 --a------ C:\NPOKCFZN.LNK

2009-01-04 17:06 . 2009-01-04 20:57 666 --a------ C:\lista.LNK

2009-01-04 16:51 . 2009-01-04 23:25 412 --a------ C:\ANIVERSÁR[1]...LNK

2009-01-02 18:02 . 2009-01-02 18:02 714 --a------ C:\http PRAIA.LNK

2009-01-02 15:36 . 2009-01-02 15:36 749 --a------ C:\COMENTARIO POEMAS.LNK

2009-01-02 15:35 . 2009-01-02 15:35 1,064 --a------ C:\Salvamento de AutoRecuperação de Documento1.LNK

2009-01-02 15:35 . 2009-01-02 15:36 774 --a------ C:\Word.LNK

2008-12-30 20:04 . 2008-12-30 20:04 804 --a------ C:\UM ANJO APRENDENDO VOAR rafa.LNK

2008-12-30 19:44 . 2008-12-30 19:44 719 --a------ C:\RENOVO rafa.LNK

2008-12-30 19:37 . 2008-12-30 19:37 774 --a------ C:\NATUREZA SELVAGEM rafa.LNK

2008-12-30 19:32 . 2008-12-30 19:32 764 --a------ C:\LOA DE VALENTIN rafa.LNK

2008-12-30 19:31 . 2008-12-30 19:31 759 --a------ C:\COMO OS HERÓIS rafa.LNK

2008-12-30 19:29 . 2008-12-30 19:29 729 --a------ C:\BELATRIZ rafa.LNK

2008-12-29 22:52 . 2008-12-29 22:52 1,043 --a------ C:\Q1YL6P0J.LNK

2008-12-29 21:10 . 2008-12-29 23:01 829 --a------ C:\Viva A Vida coldplay viva la vida.LNK

2008-12-29 20:55 . 2008-12-29 20:55 749 --a------ C:\pessoas especiais.LNK

2008-12-29 18:12 . 2008-12-29 18:12 <DIR> d-------- c:\windows\system32\Files

2008-12-29 12:35 . 2008-12-29 12:35 779 --a------ C:\misses.LNK

2008-12-29 12:35 . 2008-12-29 12:35 676 --a------ C:\Minhas Webs.LNK

2008-12-29 11:45 . 2008-12-29 22:52 1,188 --a------ C:\INTEIROAMOR[1].LNK

2008-12-29 11:45 . 2008-12-29 11:45 1,043 --a------ C:\OSFFOA33.LNK

2008-12-28 19:25 . 2008-12-28 19:25 1,213 --a------ C:\ANIVERS%c3%81R[1]...LNK

2008-12-28 19:25 . 2008-12-28 19:25 1,043 --a------ C:\WHIBWT2F.LNK

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 18:47 --------- d-----w c:\documents and settings\Carolina\Dados de aplicativos\Sony Corporation

2008-11-26 15:18 --------- d-----w c:\arquivos de programas\Sony

2008-11-16 14:12 --------- d-----w c:\arquivos de programas\milhao3

2008-11-10 07:43 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-09-11 12:05 92,064 ----a-w c:\documents and settings\Carolina\mqdmmdm.sys

2008-09-11 12:05 9,232 ----a-w c:\documents and settings\Carolina\mqdmmdfl.sys

2008-09-11 12:05 79,328 ----a-w c:\documents and settings\Carolina\mqdmserd.sys

2008-09-11 12:05 66,656 ----a-w c:\documents and settings\Carolina\mqdmbus.sys

2008-09-11 12:05 6,208 ----a-w c:\documents and settings\Carolina\mqdmcmnt.sys

2008-09-11 12:05 5,936 ----a-w c:\documents and settings\Carolina\mqdmwhnt.sys

2008-09-11 12:05 4,048 ----a-w c:\documents and settings\Carolina\mqdmcr.sys

2008-09-11 12:05 25,600 ----a-w c:\documents and settings\Carolina\usbsermptxp.sys

2008-09-11 12:05 22,768 ----a-w c:\documents and settings\Carolina\usbsermpt.sys

2007-10-20 18:34 24,192 ----a-w c:\documents and settings\Usuario\usbsermptxp.sys

2007-10-20 18:34 22,768 ----a-w c:\documents and settings\Usuario\usbsermpt.sys

2007-03-16 23:57 1,126,017 ----a-w c:\arquivos de programas\wrar361br.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-15_20.56.05.68 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-16 12:28:22 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_478.dat

+ 2009-01-16 12:28:32 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_618.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Arovax AntiSpyware"="c:\arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe" [2007-07-07 1941504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Carolina\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-26 376832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.IV41"= ir41_32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Verificador de Calendário Ulead Photo Express.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Verificador de Calendário Ulead Photo Express.lnk

backup=c:\windows\pss\Verificador de Calendário Ulead Photo Express.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

--a------ 2004-06-10 13:48 286720 c:\windows\vsnpstd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2003-10-07 09:15 548864 c:\windows\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2004-02-26 05:53 65024 c:\windows\SOUNDMAN.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office10\\NSREX.EXE"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-30 20560]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.fast-and-easy-search.info

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: {CA134B94-31A8-4ECC-A6D8-82586600BC37} = 200.204.0.10 200.204.0.138

 

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-16 12:10:43

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-16 12:12:06

ComboFix3.txt 2008-10-15 12:01:34

ComboFix-quarantined-files.txt 2009-01-16 14:12:04

ComboFix2.txt 2009-01-15 22:57:22

 

Pré-execução: 50 pasta(s) 24.689.672.192 bytes disponíveis

Pós execução: 49 pasta(s) 24,788,566,016 bytes disponíveis

 

4011

[carolpower 0]

Logfile of HijackThis v1.99.1

Scan saved at 12:21:51, on 16/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA134B94-31A8-4ECC-A6D8-82586600BC37}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

[filipescoob 1]

CarolPower,

 

só um toque, evite usar URGENTE na chamada do topico, expresse nele apenas seu problema ou duvida.

 

Abraços

[carolpower 0]

Obrigada... o problema foi resolvido !

é que fiquei mto preocupada, pensei até que meu pc

não fosse ligar na próxima vez.

Mas não usarei mais o "urgente"

 

abraços :joia:

[MGuitar 11]

Execute o HijackThis e clique em Do a system scan only, marque a entrada abaixo no log e clique em Fix Checked.

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

Os logs estão limpos.

 

Vá em Iniciar > Executar, digite combofix /u e dê um OK. Delete a pasta C:\ComboFix caso exista.

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.