Boa tarde, acabei de pagar vírus e cavalo de tróia no meu pc, dando algumas mensagens de erro. Por favor me ajudem.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:22, on 29/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\17PHolmes1535.exe
c:\jfcjr.exe
C:\DOCUME~1\joyce\CONFIG~1\Temp\CBB7.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lhyx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\joyce\pkcn.exe \s
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [lhyx] C:\WINDOWS\system32\lhyx.exe \u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\jfcjr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--


Obrigada pela atenção!
End of file - 6496 bytes

Faça o download do SDFix:
http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
2. Tecle Y para que a ferramenta inicie o processo de remoção
3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
5. Uma janela com o relatório do SDFix irá aparecer.
6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Boa tarde,


Quando vou reiniciar em Modo de Swegurança, não é possível, pois dá este erro:

A: Drive Error
Press F1 to Resume

Dando F1, como solicitado, entra em seguida no Windows, não dando para ler qual este erro.
O que fazer neste caso, para conseguir seguir os passos que você me indicou?


Obrigada!

Remova o disquete do drive e siga com os procedimentos.

Olá, não havia disquete no drive, mas no momento não está mais dando este erro.
Não consegui entrar em modo seguro, tentei fazer os outros procedimentos, mas como há vírus na memória não consegui rodar o SDFix. O que fazer, neste caso?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:32, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\Spcron\Spcron.dll
O2 - BHO: (no name) - {2D2E3663-0B3E-405F-A21C-26227B63E7A4} - C:\WINDOWS\system32\opnlKBut.dll (file missing)
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\jfcjr.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O20 - Winlogon Notify: xxyywwus - xxyywwus.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7280 bytes





Obrigada!

Baixe o ComboFix e salve no desktop.

Feche todas as janelas e programas.
Dê um duplo-clique no combofix.exe e tecle "1" em seguida Enter para prosseguir o Fix. Vai durar uma média de 10 minutos.
O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Olá, segue os relatórios:

ComboFix:

ComboFix 08-05-01.3 - joyce 2008-05-07 16:12:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.194 [GMT -3:00]
Executando de: C:\Documents and Settings\joyce\Desktop\ComboFix.exe
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36, on 2008-05-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\TEMP\B149.tmp
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Arquivos de programas\Spcron\Spcron.dll
O2 - BHO: (no name) - {2D2E3663-0B3E-405F-A21C-26227B63E7A4} - C:\WINDOWS\system32\opnlKBut.dll (file missing)
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\jfcjr.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O20 - Winlogon Notify: xxyywwus - xxyywwus.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7795 bytes


Obrigada!

Clique em Iniciar -> Executar e digite (ou copie e cole):
"%userprofile%\Desktop\Combofix.exe" /killall

Clique em Ok.

Aguarde a execução do ComboFix e ao final poste o novo Log.

Boa noite,

Meu pc continua travando, reiniciando sozinho e aparecendo janelas abertas de spam.


Segue relatório do ComboFix.



ComboFix 08-05-01.3 - joyce 2008-05-11 23:10:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.219 [GMT -3:00]
Executando de: C:\Documents and Settings\joyce\Desktop\Combofix.exe
Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Arquivos de programas\inetget2
C:\Arquivos de programas\Temporary
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com\Spyware & Adware Remover\Uninstall.lnk
C:\Documents and Settings\joyce\Configurações locais\Temporary Internet Files\bestwiner.stt
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\system32\crypts.dll
C:\WINDOWS\system32\tuBKlnpo.ini
C:\WINDOWS\system32\tuBKlnpo.ini2
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((( Ficheiros criados de 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))
.

2008-05-11 22:41 . 2008-05-11 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 22:41 . 2008-05-11 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-10 20:01 . 2008-05-11 23:00 27,136 --a------ C:\WINDOWS\system32\drivers\Tad60.sys
2008-05-05 16:03 . 2008-05-05 16:03 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Apple Computer
2008-05-05 15:13 . 2008-05-05 15:14 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools
2008-05-05 14:54 . 2008-05-05 14:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\muvee Technologies
2008-05-05 14:52 . 2007-02-08 16:00 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
2008-05-05 14:52 . 2007-02-08 16:00 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll
2008-05-05 14:52 . 2007-02-08 16:00 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
2008-05-05 14:52 . 2007-02-08 16:00 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
2008-05-05 14:51 . 2008-05-05 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer
2008-05-05 14:51 . 2008-05-05 14:52 <DIR> d-------- C:\Arquivos de programas\QuickTime
2008-05-05 14:50 . 2008-05-05 14:50 <DIR> d-------- C:\Arquivos de programas\OLYMPUS
2008-05-05 14:49 . 2008-05-05 14:49 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0
2008-05-04 22:35 . 2008-05-11 23:00 6,400 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-05-03 00:25 . 2008-05-03 00:25 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Windows Live Writer
2008-05-01 14:06 . 2008-05-01 14:06 <DIR> d-------- C:\Arquivos de programas\Spcron
2008-05-01 14:00 . 2008-05-01 14:00 <DIR> d-------- C:\Arquivos de programas\Svconr
2008-05-01 11:40 . 2008-05-01 11:40 169,120 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-05-01 11:40 . 2008-05-01 11:40 59,392 ---h----- C:\Documents and Settings\joyce\rbld.exe
2008-05-01 10:03 . 2008-05-08 17:24 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-04-29 19:04 . 2008-04-29 19:04 <DIR> d-------- C:\Arquivos de programas\Programas RFB
2008-04-29 16:40 . 2008-04-29 05:11 <DIR> d-------- C:\SDFix
2008-04-29 14:03 . 2008-04-29 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-04-29 14:02 . 2008-04-29 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-04-29 13:45 . 2008-04-29 13:45 58,880 ---h----- C:\Documents and Settings\joyce\pkcn.exe
2008-04-23 23:11 . 2008-04-29 16:14 <DIR> d-------- C:\39b145ad760e8b1e99d1
2008-04-23 11:27 . 2008-04-29 16:12 <DIR> d-------- C:\50af1a4a04c36064ef
2008-04-23 00:35 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-23 00:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-23 00:30 . 2008-04-23 00:30 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition
2008-04-23 00:28 . 2008-04-23 00:28 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites
2008-04-22 23:56 . 2008-04-22 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller
2008-04-22 23:56 . 2008-04-23 11:26 <DIR> d-------- C:\Arquivos de programas\Windows Live
2008-04-22 23:56 . 2008-04-23 00:13 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-04-22 17:42 . 2008-04-22 17:42 <DIR> d-------- C:\Arquivos de programas\Ultimate Jewel
2008-04-21 22:07 . 2008-04-22 17:41 <DIR> d-------- C:\Arquivos de programas\PopCap Games
2008-04-21 22:07 . 2008-04-22 18:45 57 ---h----- C:\WINDOWS\popcreg.dat
2008-04-21 22:07 . 2008-04-22 18:45 19 --a------ C:\WINDOWS\popcinfot.dat

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-05 18:12 24,192 ----a-w C:\Documents and Settings\joyce\usbsermptxp.sys
2008-05-05 18:12 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-05 18:12 22,768 ----a-w C:\Documents and Settings\joyce\usbsermpt.sys
2008-04-29 19:16 6,656 --sha-w C:\WINDOWS\system32\drivers\Thumbs.db
2008-04-29 17:03 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-04-23 03:28 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-02 22:55 30,344 ----a-w C:\Documents and Settings\joyce\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2006-11-09 00:51 92,064 ----a-w C:\Documents and Settings\joyce\mqdmmdm.sys
2006-11-09 00:51 79,328 ----a-w C:\Documents and Settings\joyce\mqdmserd.sys
2006-11-09 00:51 5,936 ----a-w C:\Documents and Settings\joyce\mqdmwhnt.sys
2006-11-09 00:50 9,232 ----a-w C:\Documents and Settings\joyce\mqdmmdfl.sys
2006-11-09 00:50 66,656 ----a-w C:\Documents and Settings\joyce\mqdmbus.sys
2006-11-09 00:50 6,208 ----a-w C:\Documents and Settings\joyce\mqdmcmnt.sys
2006-11-09 00:50 4,048 ----a-w C:\Documents and Settings\joyce\mqdmcr.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2E3663-0B3E-405F-A21C-26227B63E7A4}]
C:\WINDOWS\system32\opnlKBut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]
"Svconr"="C:\Arquivos de programas\Svconr\Svconr.exe" [2008-05-01 14:00 57344]
"OM2_Monitor"="C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 06:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.exe" [2002-12-25 02:00 75776]
"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-05-06 10:29 6656]
"fssui"="C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" [ ]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 20:45:48 113664]
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwus]
xxyywwus.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eim50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Inr48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jor47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lpt61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tad60.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\joyce\\pkcn.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R0 Tad60;Tad60;C:\WINDOWS\system32\Drivers\Tad60.sys [2008-05-11 23:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Proteção para a Família;"C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe" []
S0 Eim50;Eim50;C:\WINDOWS\system32\Drivers\Eim50.sys []
S0 Jor47;Jor47;C:\WINDOWS\system32\Drivers\Jor47.sys []
S3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys [2008-05-11 23:00]

.
Conte£do da pasta 'Tarefas Agendadas'
"2008-05-12 02:07:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"



Obrigada!

Delete o log ComboFix.txt localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.



Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.



O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste o novo Log ComboFix.txt à sua resposta.

Poste também um novo Log do Hijackthis.

Olá, segue relatório do ComboFix:

ComboFix 08-05-01.3 - joyce 2008-05-12 21:11:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.253 [GMT -3:00]
Executando de: C:\Documents and Settings\joyce\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joyce\Desktop\CFScript.txt
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Documents and Settings\joyce\pkcn.exe
C:\Documents and Settings\joyce\rbld.exe
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\Drivers\Eim50.sys
C:\WINDOWS\system32\Drivers\Jor47.sys
C:\WINDOWS\system32\drivers\Tad60.sys
C:\WINDOWS\System32\drivers\tcpsr.sys
C:\WINDOWS\system32\opnlKBut.dll
C:\WINDOWS\system32\xxyywwus.dll
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Arquivos de programas\Svconr
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Documents and Settings\joyce\Configurações locais\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\joyce\pkcn.exe
C:\Documents and Settings\joyce\rbld.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\Drivers\Eim50.sys
C:\WINDOWS\system32\Drivers\Jor47.sys
C:\WINDOWS\system32\drivers\lpt61.sys
C:\WINDOWS\system32\drivers\Tad60.sys
C:\WINDOWS\System32\drivers\tcpsr.sys
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
.
---- Previous Run -------
.
C:\Arquivos de programas\inetget2
C:\Arquivos de programas\Temporary
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com\Spyware & Adware Remover\Uninstall.lnk
C:\Documents and Settings\joyce\Configurações locais\Temporary Internet Files\bestwiner.stt
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\system32\crypts.dll
C:\WINDOWS\system32\tuBKlnpo.ini
C:\WINDOWS\system32\tuBKlnpo.ini2
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
-------\Legacy_EIM50
-------\Legacy_JOR47
-------\Legacy_TAD60
-------\Legacy_TCPSR
-------\Service_Eim50
-------\Service_Jor47
-------\Service_Tad60
-------\Service_tcpsr


((((((((((((((((((((((( Ficheiros criados de 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))
.

2008-05-12 13:39 . 2008-05-12 13:39 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\SpeedRunner
2008-05-11 22:41 . 2008-05-11 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 22:41 . 2008-05-11 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 16:03 . 2008-05-05 16:03 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Apple Computer
2008-05-05 15:13 . 2008-05-05 15:14 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools
2008-05-05 14:54 . 2008-05-05 14:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\muvee Technologies
2008-05-05 14:52 . 2007-02-08 16:00 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
2008-05-05 14:52 . 2007-02-08 16:00 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll
2008-05-05 14:52 . 2007-02-08 16:00 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
2008-05-05 14:52 . 2007-02-08 16:00 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
2008-05-05 14:51 . 2008-05-05 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer
2008-05-05 14:51 . 2008-05-05 14:52 <DIR> d-------- C:\Arquivos de programas\QuickTime
2008-05-05 14:50 . 2008-05-05 14:50 <DIR> d-------- C:\Arquivos de programas\OLYMPUS
2008-05-05 14:49 . 2008-05-05 14:49 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0
2008-05-03 00:25 . 2008-05-03 00:25 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Windows Live Writer
2008-05-01 14:06 . 2008-05-01 14:06 <DIR> d-------- C:\Arquivos de programas\Spcron
2008-05-01 11:40 . 2008-05-01 11:40 169,120 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-04-29 19:04 . 2008-04-29 19:04 <DIR> d-------- C:\Arquivos de programas\Programas RFB
2008-04-29 16:40 . 2008-04-29 05:11 <DIR> d-------- C:\SDFix
2008-04-29 14:03 . 2008-04-29 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-04-29 14:02 . 2008-04-29 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-04-23 23:11 . 2008-04-29 16:14 <DIR> d-------- C:\39b145ad760e8b1e99d1
2008-04-23 11:27 . 2008-04-29 16:12 <DIR> d-------- C:\50af1a4a04c36064ef
2008-04-23 00:35 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-23 00:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-23 00:30 . 2008-04-23 00:30 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition
2008-04-23 00:28 . 2008-04-23 00:28 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites
2008-04-22 23:56 . 2008-04-22 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller
2008-04-22 23:56 . 2008-04-23 11:26 <DIR> d-------- C:\Arquivos de programas\Windows Live
2008-04-22 23:56 . 2008-04-23 00:13 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-04-22 17:42 . 2008-04-22 17:42 <DIR> d-------- C:\Arquivos de programas\Ultimate Jewel
2008-04-21 22:07 . 2008-04-22 17:41 <DIR> d-------- C:\Arquivos de programas\PopCap Games
2008-04-21 22:07 . 2008-04-22 18:45 57 ---h----- C:\WINDOWS\popcreg.dat
2008-04-21 22:07 . 2008-04-22 18:45 19 --a------ C:\WINDOWS\popcinfot.dat

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-05 18:12 24,192 ----a-w C:\Documents and Settings\joyce\usbsermptxp.sys
2008-05-05 18:12 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-05 18:12 22,768 ----a-w C:\Documents and Settings\joyce\usbsermpt.sys
2008-04-29 19:16 6,656 --sha-w C:\WINDOWS\system32\drivers\Thumbs.db
2008-04-29 17:03 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-04-23 03:28 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar
2007-08-02 22:55 30,344 ----a-w C:\Documents and Settings\joyce\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2006-11-09 00:51 92,064 ----a-w C:\Documents and Settings\joyce\mqdmmdm.sys
2006-11-09 00:51 79,328 ----a-w C:\Documents and Settings\joyce\mqdmserd.sys
2006-11-09 00:51 5,936 ----a-w C:\Documents and Settings\joyce\mqdmwhnt.sys
2006-11-09 00:50 9,232 ----a-w C:\Documents and Settings\joyce\mqdmmdfl.sys
2006-11-09 00:50 66,656 ----a-w C:\Documents and Settings\joyce\mqdmbus.sys
2006-11-09 00:50 6,208 ----a-w C:\Documents and Settings\joyce\mqdmcmnt.sys
2006-11-09 00:50 4,048 ----a-w C:\Documents and Settings\joyce\mqdmcr.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_23.25.23.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 02:14:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 00:16:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-12 02:09:28 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2008-05-12 17:18:42 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2008-05-12 15:58:20 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050520080512\index.dat
+ 2008-05-12 17:41:29 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008051220080513\index.dat
- 2008-05-12 02:09:28 311,296 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-12 17:19:25 393,216 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-12 02:09:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-12 15:58:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-13 00:19:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
+ 2008-05-13 00:16:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2E3663-0B3E-405F-A21C-26227B63E7A4}]
C:\WINDOWS\system32\opnlKBut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]
"Svconr"="C:\Arquivos de programas\Svconr\Svconr.exe" [ ]
"OM2_Monitor"="C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 06:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.exe" [2002-12-25 02:00 75776]
"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-05-06 10:29 6656]
"fssui"="C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" [ ]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 20:45:48 113664]
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Proteção para a Família;"C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe" []

*Newly Created Service* - WINIO
.
Conte£do da pasta 'Tarefas Agendadas'
"2008-05-13 00:07:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"


Relatório HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28, on 2008-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D2E3663-0B3E-405F-A21C-26227B63E7A4} - C:\WINDOWS\system32\opnlKBut.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svconr] C:\Arquivos de programas\Svconr\Svconr.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6916 bytes



Obrigada!

Delete o log ComboFix.txt localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.



Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.



O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste o novo Log ComboFix.txt à sua resposta.

Poste também um novo Log do Hijackthis.

ComboFix:

ComboFix 08-05-12.1 - joyce 2008-05-13 21:23:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.259 [GMT -3:00]
Executando de: C:\Documents and Settings\joyce\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joyce\Desktop\CFScript.txt
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\popcinfot.dat
C:\WINDOWS\popcreg.dat
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\joyce\Dados de aplicativos\SpeedRunner
C:\Documents and Settings\joyce\Dados de aplicativos\SpeedRunner\SpeedRunner.exe
C:\WINDOWS\popcinfot.dat
C:\WINDOWS\popcreg.dat
.
---- Previous Run -------
.
C:\Arquivos de programas\inetget2
C:\Arquivos de programas\Svconr
C:\Arquivos de programas\Svconr\Svconr.exe
C:\Arquivos de programas\Temporary
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com
C:\Documents and Settings\All Users\Menu Iniciar\Programas\BulletProofSoft.com\Spyware & Adware Remover\Uninstall.lnk
C:\Documents and Settings\joyce\Configurações locais\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\joyce\pkcn.exe
C:\Documents and Settings\joyce\rbld.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\crypts.dll
C:\WINDOWS\system32\Drivers\Eim50.sys
C:\WINDOWS\system32\Drivers\Jor47.sys
C:\WINDOWS\system32\drivers\lpt61.sys
C:\WINDOWS\system32\drivers\Tad60.sys
C:\WINDOWS\System32\drivers\tcpsr.sys
C:\WINDOWS\system32\tuBKlnpo.ini
C:\WINDOWS\system32\tuBKlnpo.ini2
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
-------\Legacy_EIM50
-------\Legacy_JOR47
-------\Legacy_TAD60
-------\Legacy_TCPSR
-------\Service_Eim50
-------\Service_Jor47
-------\Service_Tad60
-------\Service_tcpsr


((((((((((((((((((((((( Ficheiros criados de 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))
.

2008-05-11 22:41 . 2008-05-11 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 22:41 . 2008-05-11 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 16:03 . 2008-05-05 16:03 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Apple Computer
2008-05-05 15:13 . 2008-05-05 15:14 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools
2008-05-05 14:54 . 2008-05-05 14:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\muvee Technologies
2008-05-05 14:52 . 2007-02-08 16:00 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
2008-05-05 14:52 . 2007-02-08 16:00 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll
2008-05-05 14:52 . 2007-02-08 16:00 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
2008-05-05 14:52 . 2007-02-08 16:00 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
2008-05-05 14:51 . 2008-05-05 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer
2008-05-05 14:51 . 2008-05-05 14:52 <DIR> d-------- C:\Arquivos de programas\QuickTime
2008-05-05 14:50 . 2008-05-05 14:50 <DIR> d-------- C:\Arquivos de programas\OLYMPUS
2008-05-05 14:49 . 2008-05-05 14:49 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0
2008-05-03 00:25 . 2008-05-03 00:25 <DIR> d-------- C:\Documents and Settings\joyce\Dados de aplicativos\Windows Live Writer
2008-05-01 14:06 . 2008-05-01 14:06 <DIR> d-------- C:\Arquivos de programas\Spcron
2008-05-01 11:40 . 2008-05-01 11:40 169,120 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-04-29 19:04 . 2008-04-29 19:04 <DIR> d-------- C:\Arquivos de programas\Programas RFB
2008-04-29 16:40 . 2008-04-29 05:11 <DIR> d-------- C:\SDFix
2008-04-29 14:03 . 2008-04-29 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-04-29 14:02 . 2008-04-29 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-04-23 23:11 . 2008-04-29 16:14 <DIR> d-------- C:\39b145ad760e8b1e99d1
2008-04-23 11:27 . 2008-04-29 16:12 <DIR> d-------- C:\50af1a4a04c36064ef
2008-04-23 00:35 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-23 00:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-23 00:30 . 2008-04-23 00:30 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition
2008-04-23 00:28 . 2008-04-23 00:28 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites
2008-04-22 23:56 . 2008-04-22 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller
2008-04-22 23:56 . 2008-04-23 11:26 <DIR> d-------- C:\Arquivos de programas\Windows Live
2008-04-22 23:56 . 2008-04-23 00:13 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-04-22 17:42 . 2008-04-22 17:42 <DIR> d-------- C:\Arquivos de programas\Ultimate Jewel
2008-04-21 22:07 . 2008-05-12 21:34 <DIR> d-------- C:\Arquivos de programas\PopCap Games

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-05 18:12 24,192 ----a-w C:\Documents and Settings\joyce\usbsermptxp.sys
2008-05-05 18:12 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-05 18:12 22,768 ----a-w C:\Documents and Settings\joyce\usbsermpt.sys
2008-04-29 19:16 6,656 --sha-w C:\WINDOWS\system32\drivers\Thumbs.db
2008-04-29 17:03 --------- d-----w C:\Arquivos de programas\Lavasoft
2008-04-23 03:28 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:03 661,504 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-02 22:55 30,344 ----a-w C:\Documents and Settings\joyce\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2006-11-09 00:51 92,064 ----a-w C:\Documents and Settings\joyce\mqdmmdm.sys
2006-11-09 00:51 79,328 ----a-w C:\Documents and Settings\joyce\mqdmserd.sys
2006-11-09 00:51 5,936 ----a-w C:\Documents and Settings\joyce\mqdmwhnt.sys
2006-11-09 00:50 9,232 ----a-w C:\Documents and Settings\joyce\mqdmmdfl.sys
2006-11-09 00:50 66,656 ----a-w C:\Documents and Settings\joyce\mqdmbus.sys
2006-11-09 00:50 6,208 ----a-w C:\Documents and Settings\joyce\mqdmcmnt.sys
2006-11-09 00:50 4,048 ----a-w C:\Documents and Settings\joyce\mqdmcr.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_23.25.23.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 02:14:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 00:19:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-12 02:09:28 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2008-05-12 17:18:42 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2008-05-12 15:58:20 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050520080512\index.dat
+ 2008-05-12 17:41:29 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008051220080513\index.dat
- 2008-05-12 02:09:28 311,296 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-12 17:19:25 393,216 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-12 02:09:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-12 15:58:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:49:45 183,072 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:49:46 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-04 02:45:24 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 02:45:24 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 02:45:26 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 13:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 02:45:26 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 02:45:26 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 02:45:26 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 02:45:26 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 02:45:26 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 02:45:26 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 02:45:26 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 02:45:26 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 02:45:26 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 02:45:26 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-05-13 00:16:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2E3663-0B3E-405F-A21C-26227B63E7A4}]
C:\WINDOWS\system32\opnlKBut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]
"OM2_Monitor"="C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 06:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.exe" [2002-12-25 02:00 75776]
"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-05-06 10:29 6656]
"fssui"="C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 20:45:48 113664]
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Proteção para a Família;"C:\Arquivos de programas\Windows Live\Proteção para a Família\fsssvc.exe" [2007-12-17 11:13]

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-05-14 00:07:26 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"
- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:25:53
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-05-13 21:28:45
ComboFix-quarantined-files.txt 2008-05-14 00:28:08

Pre-Run: 65,256,050,688 bytes disponíveis
Post-Run: 65,269,747,712 bytes disponíveis

232 --- E O F --- 2008-05-13 21:08:12



Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:06, on 13/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D2E3663-0B3E-405F-A21C-26227B63E7A4} - C:\WINDOWS\system32\opnlKBut.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6813 bytes




Obrigada, e boa noite!

Olá,

Meu pc está lento demais, todo programa ou página do explorer que abro diz que o programa não está respondendo e se desejo finalizar... Devido, ainda, aos vírus, né?


Obrigada!

Clique em Iniciar -> Executar -> digite ComboFix.exe /u -> Ok.



Aguarde a deinstalação.


Baixe o ATF Cleaner e Salve no seu Desktop.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Dê dois cliques no ATF-Cleaner.exe para executar a Ferramenta

Marque “Select All”

Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão

O2 - BHO: (no name) - {2D2E3663-0B3E-405F-A21C-26227B63E7A4} - C:\WINDOWS\system32\opnlKBut.dll (file missing)

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Segue relatório, e pc ainda bem lento:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:58, on 15/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Proteção para a Família\fssbho.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Proteção para a Família\fssui.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6377 bytes


Obrigada, mais uma vez!

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Seu Log está limpo. Ainda há algum problema com o PC?

Olá,

Estive fora esses dias, e só hoje que fui ver os posts, obrigada pelo auxílio!
No momento está normal o processamento do pc!


Muito obrigada!!!


Joice Pivisan.

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.