[Arquivado] &nbspantivirus dando mensagem de vírus

jnejunior · Janeiro 20, 2011

meu antivírus avast esta dando a mensagem de vírus de 1 em 1 minuto...

dá a seguinte mensagem

alerta de invasão

74.208.171.237/?configuracoesderede/pt-br...

já passei o anjtivírus quando inicia o pc mas continua...

Power Max · Janeiro 21, 2011

:) Olá Junior!

:seta: Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).

Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.

Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.

Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

jnejunior · Janeiro 22, 2011

fiz o que você disse:

este foi o resultado:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:27:47, on 22/01/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Winamp\winampa.exe

C:\Windows\System32\wsmdir\wms438.exe

C:\Windows\System32\wmpupdt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nexus Radio\Nexus Radio.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Filhinha\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://74.208.171.237/configuracoesderede/?pt-BR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll

O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {25B64EE0-E8FD-4507-86D7-571F2CE91FBC} - C:\Users\Filhinha\AppData\Local\Temp\rsa.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {A9F81D8B-04F9-4054-AEE5-F75DD71F0992} - C:\Users\Filhinha\AppData\Local\Temp\wmv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [wms438] C:\Windows\System32\wsmdir\wms438.exe

O4 - HKLM\..\Run: [WMediaPlayerUpdt] C:\Windows\System32\wmpupdt.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsgrUpd] C:\Windows\system32\MsgrUpd.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0

O4 - HKCU\..\Run: [wms438] C:\Windows\System32\wsmdir\wms438.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--

End of file - 9487 bytes

Power Max · Janeiro 22, 2011

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.

jnejunior · Janeiro 22, 2011

este é o resultado do kombo.exe

ComboFix 11-01-22.01 - Filhinha 22/01/2011 15:44:55.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2039.1145 [GMT -2:00]

Executando de: c:\users\Filhinha\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 146 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Filhinha\AppData\Local\Temp\wmV.dll

c:\users\Filhinha\aresregular217_installer.exe

c:\windows\necont

c:\windows\system32\megaspdr.log

c:\windows\system32\wmpupdt.exe

c:\windows\System32\wsmdir\wms438.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-22 to 2011-01-22 ))))))))))))))))))))))))))))

.

2011-01-22 17:54 . 2011-01-22 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-21 21:06 . 2011-01-21 21:06 -------- d-----w- c:\windows\Sun

2011-01-21 21:04 . 2011-01-21 21:04 -------- d-----w- c:\program files\Common Files\Java

2011-01-21 21:04 . 2011-01-21 21:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-21 21:04 . 2011-01-21 21:04 -------- d-----w- c:\program files\Java

2011-01-21 07:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40EE4551-B503-40B6-A6AC-84986F602222}\mpengine.dll

2011-01-20 23:17 . 2011-01-20 23:17 -------- d-----w- c:\users\Filhinha\AppData\Roaming\Canneverbe Limited

2011-01-20 23:17 . 2011-01-20 23:17 -------- d-----w- c:\programdata\Canneverbe Limited

2011-01-20 23:16 . 2011-01-20 23:16 -------- d-----w- c:\program files\CDBurnerXP

2011-01-20 23:05 . 2011-01-20 23:05 -------- d-----w- c:\program files\Microsoft.NET

2011-01-19 23:06 . 2011-01-19 23:06 -------- d-----w- c:\program files\Bombermania

2011-01-18 22:26 . 2011-01-18 22:26 -------- d-----w- c:\users\Filhinha\AppData\Local\Conduit

2011-01-18 22:26 . 2011-01-18 22:26 -------- d-----w- c:\program files\Productivity_2.2

2011-01-12 19:07 . 2011-01-17 18:18 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-01-09 14:37 . 2011-01-19 22:14 -------- d-----w- c:\users\Filhinha\AppData\Local\Microsoft Games

2011-01-07 14:27 . 2011-01-07 14:27 307200 ---ha-w- c:\windows\system32\wmpupdt.exe.old

2011-01-07 14:27 . 2011-01-07 14:28 10752 ----a-w- c:\windows\system32\wmplugin.rgb

2011-01-06 18:58 . 2011-01-06 18:58 -------- d-----r- C:\MSOCache

2011-01-06 18:33 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-01-06 18:33 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll

2011-01-06 18:33 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll

2011-01-06 18:33 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll

2011-01-06 18:33 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe

2011-01-06 18:33 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe

2011-01-06 18:33 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-06 18:33 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 18:33 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe

2011-01-06 18:33 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2011-01-06 18:33 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-01-06 18:33 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-30 20:14 . 2010-12-30 20:14 -------- d-----w- c:\users\Filhinha\AppData\Local\ElevatedDiagnostics

2010-12-28 14:23 . 2011-01-12 19:04 -------- d-----w- c:\programdata\Symantec

2010-12-28 14:23 . 2010-12-28 14:23 -------- d-----w- c:\programdata\Norton

2010-12-28 14:23 . 2010-12-28 14:23 -------- d-----w- c:\windows\system32\drivers\NSS

2010-12-28 14:23 . 2010-12-28 14:23 -------- d-----w- c:\program files\Norton Security Scan

2010-12-28 14:23 . 2010-12-28 14:23 -------- d-----w- c:\program files\NortonInstaller

2010-12-28 11:22 . 2011-01-09 15:57 -------- d-----w- c:\windows\system32\Adobe

2010-12-28 10:11 . 2009-02-25 18:53 323584 ----a-w- c:\windows\system32\RMListView.ocx

2010-12-28 10:11 . 2009-02-10 01:54 372736 ----a-w- c:\windows\system32\Screenso.dll

2010-12-28 10:11 . 2007-08-11 13:23 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX

2010-12-28 10:11 . 2000-04-04 04:05 118784 ----a-w- c:\windows\system32\msstdfmt.dll

2010-12-28 10:11 . 1998-06-24 03:00 115016 ----a-w- c:\windows\system32\MSINET.OCX

2010-12-28 10:11 . 2011-01-22 17:53 -------- d-sh--w- c:\windows\system32\wsmdir

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-15 21:18 . 2010-12-14 21:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-01-15 21:18 . 2010-12-14 21:46 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-01-13 08:47 . 2010-11-24 22:42 38848 ----a-w- c:\windows\avastSS.scr

2011-01-13 08:47 . 2010-11-24 22:42 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-13 08:41 . 2010-11-24 22:43 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-01-13 08:40 . 2010-11-24 22:43 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-01-13 08:37 . 2010-11-24 22:43 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-01-13 08:37 . 2010-11-24 22:43 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-01-13 08:37 . 2010-11-24 22:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-12-28 22:06 . 2010-11-24 13:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-12-28 21:05 . 2010-11-24 13:38 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-11-24 15:00 . 2010-11-24 15:00 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-24 15:00 . 2010-11-24 15:00 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-24 14:26 . 2010-11-24 14:26 1154384 ----a-w- c:\users\Filhinha\wlsetup-custom.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\program files\Softonic_Brasil\tbSoft.dll" [2010-10-18 3908192]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2010-11-29 57344]

"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

2010-10-18 14:26 3908192 ----a-w- c:\program files\Softonic_Brasil\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-04-02 21:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

2011-01-03 12:16 175400 ----a-w- c:\program files\Productivity_2.2\prxtbProd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\program files\Softonic_Brasil\tbSoft.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\program files\Softonic_Brasil\tbSoft.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

"{E84CC2C1-B722-48FC-A39C-EDB8B525C777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 395128]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2010-11-03 4701696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-24 274608]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-12-28 12:42 351624 ----a-w- c:\program files\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-25 1343400]

S1 aswSP;aswSP; [x]

S1 WMPupdt;WMPupdt;c:\windows\system32\wmplugin.rgb [2011-01-07 10752]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 15:04]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 15:04]

2011-01-17 c:\windows\Tasks\Norton Security Scan for Filhinha.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-28 11:48]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://google.com/

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{25B64EE0-E8FD-4507-86D7-571F2CE91FBC} - c:\users\Filhinha\AppData\Local\Temp\rsa.dll

HKCU-Run-MsgrUpd - c:\windows\system32\MsgrUpd.exe

HKCU-Run-ares - c:\program files\Ares\Ares.exe

HKCU-Run-wms438 - c:\windows\System32\wsmdir\wms438.exe

HKLM-Run-wms438 - c:\windows\System32\wsmdir\wms438.exe

HKLM-Run-WMediaPlayerUpdt - c:\windows\System32\wmpupdt.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPupdt]

"ImagePath"="system32\wmplugin.rgb"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-01-22 16:00:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-01-22 18:00

Pré-execução: 101.821.272.064 bytes disponíveis

Pós execução: 103.239.536.640 bytes disponíveis

- - End Of File - - E5993B77CF694E5566108F479388D176

Power Max · Janeiro 22, 2011

este é o resultado do kombo.exe

:seta: Faltou só um novo log do Hijackthis, poste-o por gentileza.

jnejunior · Janeiro 22, 2011

este é o resultado do kombo.exe

:seta: Faltou só um novo log do Hijackthis, poste-o por gentileza.

desculpa esqueci, hehe

ta ai:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:19:59, on 22/01/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nexus Radio\Nexus Radio.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe

C:\Users\Filhinha\Downloads\HiJackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe