[Arquivado] Anti vírus não consegue excluir infecções

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Olá! Abaixo estão os logs requeridos.

ComboFix 09-09-10.03 - teste 11/09/2009 17:03.1.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.207 [GMT -3:00]

Executando de: c:\documents and settings\teste\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 090910-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Mjcore

c:\arquivos de programas\videosoft

c:\arquivos de programas\videosoft\Shared Files\ViewRep7.dll

c:\arquivos de programas\videosoft\Shared Files\Vsflex7.ocx

c:\arquivos de programas\videosoft\Shared Files\VSPRINT7.ocx

c:\arquivos de programas\videosoft\Shared Files\VSStr7.ocx

C:\DBAV11.txt

c:\documents and settings\DBCG\Dados de aplicativos\SpeedRunner

c:\documents and settings\DBCG\Dados de aplicativos\SpeedRunner\config.cfg

c:\documents and settings\teste\Meus documentos\reg1.reg

c:\documents and settings\teste\Meus documentos\reg11.reg

c:\documents and settings\teste\Meus documentos\regbom.reg

c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556

c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077

c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811

c:\recycler\S-1-5-21-0623469751-5950421964-904583001-1586

c:\recycler\S-1-5-21-0908414787-0067719534-655518109-2790

c:\recycler\S-1-5-21-1414675525-2995292151-240474771-7710

c:\recycler\S-1-5-21-1850841133-3186776248-771065789-8735

c:\recycler\S-1-5-21-2052187370-5892541565-461065525-3420

c:\recycler\S-1-5-21-2683169199-7064280156-898852153-4928

c:\recycler\S-1-5-21-4282504769-6765711613-337680039-8908

c:\recycler\S-1-5-21-4414992093-1324326746-655593322-9755

c:\recycler\S-1-5-21-4614530231-4322848462-751609339-2108

c:\recycler\S-1-5-21-5270526077-9404783981-773468267-1080

c:\recycler\S-1-5-21-5484587507-7833992115-016872197-9970

c:\recycler\S-1-5-21-5910350778-0813701585-928076290-3762

c:\recycler\S-1-5-21-6535783798-4741802910-172999391-8423

c:\recycler\S-1-5-21-9178656968-6925991351-239457770-5601

c:\recycler\S-1-5-21-9256038977-9305819719-207950675-1000

c:\windows\Installer\146f1b4.msi

c:\windows\Installer\158abcd.msi

c:\windows\Installer\159efd.msi

c:\windows\Installer\159f02.msi

c:\windows\Installer\159f08.msi

c:\windows\Installer\159f0d.msi

c:\windows\Installer\159f12.msi

c:\windows\Installer\159f18.msi

c:\windows\Installer\159f1d.msi

c:\windows\Installer\159f22.msi

c:\windows\Installer\159f27.msi

c:\windows\Installer\159f2c.msi

c:\windows\Installer\159f31.msi

c:\windows\Installer\159f37.msi

c:\windows\Installer\159f3c.msi

c:\windows\Installer\159f41.msi

c:\windows\Installer\159f47.msi

c:\windows\Installer\159f4c.msi

c:\windows\Installer\159f54.msi

c:\windows\Installer\159f59.msi

c:\windows\Installer\159f65.msi

c:\windows\Installer\159f6b.msi

c:\windows\Installer\159f71.msi

c:\windows\Installer\159f76.msi

c:\windows\Installer\159f7b.msi

c:\windows\Installer\159f80.msi

c:\windows\Installer\159f8b.msi

c:\windows\Installer\159f90.msi

c:\windows\Installer\159f96.msi

c:\windows\Installer\159f9b.msi

c:\windows\Installer\1667a.msi

c:\windows\Installer\1b4aac.msi

c:\windows\Installer\292658.msi

c:\windows\Installer\29265d.msi

c:\windows\Installer\2926b1.msi

c:\windows\Installer\32b9a0.msi

c:\windows\Installer\41a811.msi

c:\windows\Installer\44ce8.msi

c:\windows\Installer\4924e.msi

c:\windows\Installer\7110d.msi

c:\windows\Installer\71113.msi

c:\windows\Installer\92071.msi

c:\windows2\inf.jpg

c:\windows2\msa.exe

c:\windows2\msb.exe

c:\windows2\msc.exe

c:\windows2\msd.exe

c:\windows2\system32\ahbwggi.dll

c:\windows2\system32\drivers\afeqdwkd.sys

c:\windows2\system32\drivers\xcbodszz.sys

c:\windows2\system32\ftsnnzfc.dll

c:\windows2\system32\msXMl71.dll

c:\windows2\system32\ppsbfmn.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KQDKNFVF

-------\Legacy_XCBODSZZ

-------\Service_AVPsys

-------\Service_kqdknfvf

-------\Service_xcbodszz

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-11 to 2009-09-11 ))))))))))))))))))))))))))))

.

2009-09-11 20:00 . 2009-09-11 20:00 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\hdhixpww

2009-09-09 16:56 . 2009-09-09 16:56 -------- d-----w- c:\documents and settings\NetworkService.AUTORIDADE NT\Dados de aplicativos\hdhixpww

2009-09-08 17:57 . 2009-08-17 16:04 23152 ----a-w- c:\windows2\system32\drivers\aswRdr.sys

2009-09-08 17:57 . 2009-08-17 16:04 51376 ----a-w- c:\windows2\system32\drivers\aswTdi.sys

2009-09-08 17:57 . 2009-08-17 16:03 26944 ----a-w- c:\windows2\system32\drivers\aavmker4.sys

2009-09-08 17:56 . 2009-08-17 16:06 93392 ----a-w- c:\windows2\system32\drivers\aswmon.sys

2009-09-08 17:56 . 2009-08-17 16:06 94160 ----a-w- c:\windows2\system32\drivers\aswmon2.sys

2009-09-08 17:56 . 2009-08-17 16:05 114768 ----a-w- c:\windows2\system32\drivers\aswSP.sys

2009-09-08 17:56 . 2009-08-17 16:05 20560 ----a-w- c:\windows2\system32\drivers\aswFsBlk.sys

2009-09-08 17:56 . 2009-08-17 16:02 97480 ----a-w- c:\windows2\system32\AvastSS.scr

2009-09-08 17:56 . 2009-08-17 16:10 1279456 ----a-w- c:\windows2\system32\aswBoot.exe

2009-09-08 16:07 . 2009-09-10 20:09 190464 ----a-w- C:\xubdc.exe

2009-09-08 13:07 . 2009-09-10 20:08 87552 ----a-w- C:\thdnoy.exe

2009-09-01 18:27 . 2009-09-01 18:27 -------- d-----w- C:\BJPrinter

2009-08-13 14:14 . 2008-04-14 02:20 221184 ----a-w- c:\windows2\system32\wmpns.dll

2009-08-13 14:07 . 2009-08-13 14:07 -------- d-----w- C:\FOUND.032

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-10 14:41 . 2001-10-28 18:07 50432 ----a-w- c:\windows2\system32\pblwecee.dat

2009-09-10 14:41 . 2001-10-28 18:07 2944 ----a-w- c:\windows2\system32\drivers\null.sys

2009-09-10 14:41 . 2001-10-28 18:06 4224 ----a-w- c:\windows2\system32\drivers\beep.sys

2009-09-02 14:28 . 2009-06-05 15:26 162 ----a-w- c:\windows2\system32\drivers\GbpKmAp.lst

2009-09-01 13:21 . 2009-06-04 17:36 27240 ----a-w- c:\windows2\system32\drivers\GbpKm.sys

2009-08-05 19:01 . 2009-08-05 19:00 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\SmartDraw

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\Yahoo!

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dados de aplicativos\Yahoo! Companion

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\arquivos de programas\CCleaner

2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\arquivos de programas\SmartDraw 2009

2009-08-05 09:00 . 2004-08-04 06:45 205312 ----a-w- c:\windows2\system32\mswebdvd.dll

2009-07-17 19:03 . 2004-08-04 06:45 58880 ----a-w- c:\windows2\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 06:45 286208 ----a-w- c:\windows2\system32\wmpdxm.dll

2009-07-01 15:55 . 2009-07-01 15:55 410984 ----a-w- c:\windows2\system32\deploytk.dll

2009-06-29 15:58 . 2004-08-04 06:45 827392 ----a-w- c:\windows2\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 06:45 78336 ----a-w- c:\windows2\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 06:45 17408 ----a-w- c:\windows2\system32\corpol.dll

2009-06-16 14:39 . 2004-08-04 06:45 119808 ----a-w- c:\windows2\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 18:06 81920 ----a-w- c:\windows2\system32\fontsub.dll

2009-06-15 10:44 . 2004-08-04 06:45 81408 ----a-w- c:\windows2\system32\tlntsess.exe

2009-06-15 10:44 . 2004-08-04 06:45 77824 ----a-w- c:\windows2\system32\telnet.exe

2001-05-24 15:59 . 2007-10-06 14:23 162304 ----a-w- c:\arquivos de programas\UNWISE.EXE

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="c:\arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-09-01 13:21 299944 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^teste^Menu Iniciar^Programas^Inicializar^Avision Scanner Utility.lnk]

path=c:\documents and settings\teste\Menu Iniciar\Programas\Inicializar\Avision Scanner Utility.lnk

backup=c:\windows2\pss\Avision Scanner Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\MSMSGS.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Mozilla Shared\\firefox.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows2\system32\drivers\GbpKm.sys [4/6/2009 14:36 27240]

R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [8/9/2009 14:56 114768]

R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [8/9/2009 14:56 20560]

R2 Av630an;Av630an;c:\windows2\system32\drivers\av630an.sys [8/6/2009 13:03 107072]

R2 Av630bn;Av630bn;c:\windows2\system32\drivers\av630bn.sys [8/6/2009 13:03 107680]

R2 Av630cn;Av630cn;c:\windows2\system32\drivers\av630cn.sys [8/6/2009 13:03 102336]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [5/7/2007 12:25 53736]

S2 asqrbhlfx;Update Boot;c:\windows2\system32\svchost.exe -k netsvcs [4/8/2004 03:45 14336]

S2 ijwrqbjq;Manager Windows;c:\windows2\system32\svchost.exe -k netsvcs [4/8/2004 03:45 14336]

S2 qbhnvzmlr;Windows Shell;c:\windows2\system32\svchost.exe -k netsvcs [4/8/2004 03:45 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ijwrqbjq

qbhnvzmlr

asqrbhlfx

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-11 c:\windows2\Tasks\SDMsgUpdate (TE).job

• c:\arquiv~1\SMARTD~1\MESSAGES\SDNotify.exe [2009-08-05 14:29]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uerj.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

• - - - ORFÃOS REMOVIDOS - - - -

BHO-{01A4FF23-2B20-435B-9930-F5AE9FF5039a} - c:\windows2\system32\ftsnnzfc.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-11 17:12

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asqrbhlfx]

"ServiceDll"="c:\windows2\system32\pplgqx.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ijwrqbjq]

"ServiceDll"="c:\windows2\system32\pplgqx.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qbhnvzmlr]

"ServiceDll"="c:\windows2\system32\pplgqx.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS2\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(648)

c:\arquiv~1\GbPlugin\gbiehAbn.dll

• - - - - - - > 'explorer.exe'(3216)

c:\windows2\system32\WININET.dll

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\windows2\system32\WPDShServiceObj.dll

c:\windows2\system32\PortableDeviceTypes.dll

c:\windows2\system32\PortableDeviceApi.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\GBPLUGIN\GBPSV.EXE

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

c:\arquivos de programas\NERO\NERO 7\INCD\INCDSRV.EXE

c:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

c:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

c:\windows2\SYSTEM32\HPZIPM12.EXE

c:\arquivos de programas\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\arquivos de programas\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP

.

**************************************************************************

.

Tempo para conclusão: 2009-09-11 17:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-11 20:14

Pré-execução: 13 pasta(s) 60.625.190.912 bytes disponíveis

Pós execução: 50 pasta(s) 60.992.061.440 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

258 --- E O F --- 2009-08-26 19:39

____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:06, on 11/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS2\System32\smss.exe

C:\WINDOWS2\system32\csrss.exe

C:\WINDOWS2\system32\winlogon.exe

C:\WINDOWS2\system32\services.exe

C:\WINDOWS2\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS2\system32\svchost.exe

C:\WINDOWS2\system32\svchost.exe

C:\WINDOWS2\System32\svchost.exe

C:\WINDOWS2\system32\svchost.exe

C:\WINDOWS2\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS2\system32\spoolsv.exe

C:\WINDOWS2\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS2\system32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS2\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS2\System32\alg.exe

C:\WINDOWS2\System32\svchost.exe

C:\WINDOWS2\system32\wuauclt.exe

C:\WINDOWS2\explorer.exe

C:\Documents and Settings\teste\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS2\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uerj.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6260 bytes

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Driver::"ijwrqbjq"

"qbhnvzmlr"

"asqrbhlfx"

File::

c:\windows2\system32\aswBoot.exe

C:\xubdc.exe

C:\thdnoy.exe

C:\BJPrinter

c:\windows2\system32\wmpns.dll

Folder::

C:\FOUND.032

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

NetSvc::

"ijwrqbjq"

"qbhnvzmlr"

"asqrbhlfx"

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste-o junto com o novo log do hijackthis

ComboFix 09-09-10.03 - teste 15/09/2009 14:30.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.231 [GMT -3:00]

Executando de: c:\documents and settings\teste\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\teste\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 090914-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"C:\BJPrinter"

"C:\thdnoy.exe"

"c:\windows2\system32\aswBoot.exe"

"c:\windows2\system32\wmpns.dll"

"C:\xubdc.exe"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\FOUND.032

c:\found.032\FILE0000.CHK

c:\windows2\system32\aswBoot.exe . . . . falha na exclusão

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASQRBHLFX

-------\Legacy_IJWRQBJQ

-------\Legacy_QBHNVZMLR

-------\Service_asqrbhlfx

-------\Service_ijwrqbjq

-------\Service_qbhnvzmlr

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))

.

2009-09-14 15:38 . 2009-09-14 15:38 -------- d-----w- C:\LinhaDefensiva

2009-09-11 20:20 . 2009-06-21 21:48 153088 ------w- c:\windows2\system32\dllcache\triedit.dll

2009-09-11 20:00 . 2009-09-11 20:00 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\hdhixpww

2009-09-09 16:56 . 2009-09-09 16:56 -------- d-----w- c:\documents and settings\NetworkService.AUTORIDADE NT\Dados de aplicativos\hdhixpww

2009-09-08 17:57 . 2009-08-17 16:04 23152 ----a-w- c:\windows2\system32\drivers\aswRdr.sys

2009-09-08 17:57 . 2009-08-17 16:04 51376 ----a-w- c:\windows2\system32\drivers\aswTdi.sys

2009-09-08 17:57 . 2009-08-17 16:03 26944 ----a-w- c:\windows2\system32\drivers\aavmker4.sys

2009-09-08 17:56 . 2009-08-17 16:06 93392 ----a-w- c:\windows2\system32\drivers\aswmon.sys

2009-09-08 17:56 . 2009-08-17 16:06 94160 ----a-w- c:\windows2\system32\drivers\aswmon2.sys

2009-09-08 17:56 . 2009-08-17 16:05 114768 ----a-w- c:\windows2\system32\drivers\aswSP.sys

2009-09-08 17:56 . 2009-08-17 16:05 20560 ----a-w- c:\windows2\system32\drivers\aswFsBlk.sys

2009-09-08 17:56 . 2009-08-17 16:02 97480 ----a-w- c:\windows2\system32\AvastSS.scr

2009-09-08 17:56 . 2009-09-15 17:38 1279456 ------w- c:\windows2\system32\aswBoot.exe

2009-09-01 18:27 . 2009-09-01 18:27 -------- d-----w- C:\BJPrinter

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-14 15:31 . 2001-10-28 18:07 48628 ----a-w- c:\windows2\system32\perfc016.dat

2009-09-14 15:31 . 2001-10-28 18:07 344380 ----a-w- c:\windows2\system32\perfh016.dat

2009-09-10 14:41 . 2001-10-28 18:07 50432 ----a-w- c:\windows2\system32\pblwecee.dat

2009-09-10 14:41 . 2001-10-28 18:07 2944 ------w- c:\windows2\system32\drivers\null.sys

2009-09-10 14:41 . 2001-10-28 18:06 4224 ------w- c:\windows2\system32\drivers\beep.sys

2009-09-02 14:28 . 2009-06-05 15:26 162 ----a-w- c:\windows2\system32\drivers\GbpKmAp.lst

2009-09-01 13:21 . 2009-06-04 17:36 27240 ----a-w- c:\windows2\system32\drivers\GbpKm.sys

2009-08-05 19:01 . 2009-08-05 19:00 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\SmartDraw

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\documents and settings\teste\Dados de aplicativos\Yahoo!

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dados de aplicativos\Yahoo! Companion

2009-08-05 18:50 . 2009-08-05 18:50 -------- d-----w- c:\arquivos de programas\CCleaner

2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\arquivos de programas\SmartDraw 2009

2009-08-05 09:00 . 2004-08-04 06:45 205312 ----a-w- c:\windows2\system32\mswebdvd.dll

2009-07-17 19:03 . 2004-08-04 06:45 58880 ----a-w- c:\windows2\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 06:45 286208 ----a-w- c:\windows2\system32\wmpdxm.dll

2009-07-01 15:55 . 2009-07-01 15:55 410984 ----a-w- c:\windows2\system32\deploytk.dll

2009-06-29 15:58 . 2004-08-04 06:45 827392 ------w- c:\windows2\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 06:45 78336 ----a-w- c:\windows2\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 06:45 17408 ----a-w- c:\windows2\system32\corpol.dll

2001-05-24 15:59 . 2007-10-06 14:23 162304 ----a-w- c:\arquivos de programas\UNWISE.EXE

.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_20.12.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-15 17:38 . 2009-09-15 17:38 16384 c:\windows2\Temp\Perflib_Perfdata_7b0.dat

+ 2009-09-15 17:38 . 2009-09-15 17:38 16384 c:\windows2\Temp\Perflib_Perfdata_5d0.dat

+ 2009-03-20 17:34 . 2007-07-27 13:41 16760 c:\windows2\system32\spmsg.dll

• 2001-10-28 18:07 . 2009-04-17 14:32 39992 c:\windows2\system32\perfc009.dat

+ 2001-10-28 18:07 . 2009-09-14 15:31 39992 c:\windows2\system32\perfc009.dat

+ 2009-02-04 16:51 . 2009-09-14 13:24 23040 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 23040 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
• 2009-02-04 16:51 . 2009-08-13 14:16 61440 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 61440 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 27136 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 27136 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 11264 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 11264 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 86016 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 86016 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 12288 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 12288 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 4096 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 4096 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2001-10-28 18:07 . 2009-09-14 15:31 311604 c:\windows2\system32\perfh009.dat

• 2001-10-28 18:07 . 2009-04-17 14:32 311604 c:\windows2\system32\perfh009.dat
• 2004-08-04 06:45 . 2008-05-09 10:55 512000 c:\windows2\system32\jscript.dll

+ 2004-08-04 06:45 . 2009-08-13 15:21 512000 c:\windows2\system32\jscript.dll

+ 2009-03-17 14:00 . 2009-08-13 15:21 512000 c:\windows2\system32\dllcache\jscript.dll

• 2009-03-17 14:00 . 2008-05-09 10:55 512000 c:\windows2\system32\dllcache\jscript.dll

+ 2009-02-04 16:51 . 2009-09-14 13:24 409600 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 409600 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
• 2009-02-04 16:51 . 2009-08-13 14:16 286720 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 286720 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 249856 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 249856 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 794624 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 794624 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 135168 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

• 2009-02-04 16:51 . 2009-08-13 14:16 135168 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
• 2009-02-04 16:51 . 2009-08-13 14:16 593920 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-02-04 16:51 . 2009-09-14 13:24 593920 c:\windows2\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2004-08-04 06:45 . 2009-05-20 07:56 2458112 c:\windows2\system32\WMVCore.dll

• 2004-08-04 06:45 . 2008-06-18 08:03 2458112 c:\windows2\system32\WMVCore.dll

+ 2004-08-04 06:45 . 2009-05-20 07:56 2458112 c:\windows2\system32\dllcache\WMVCore.dll

• 2004-08-04 06:45 . 2008-06-18 08:03 2458112 c:\windows2\system32\dllcache\WMVCore.dll

+ 2009-08-25 17:57 . 2009-08-25 17:57 5518336 c:\windows2\Installer\1e702.msp

+ 2009-02-17 14:10 . 2009-08-28 21:38 24689600 c:\windows2\system32\MRT.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="c:\arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-09-01 13:21 299944 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^teste^Menu Iniciar^Programas^Inicializar^Avision Scanner Utility.lnk]

path=c:\documents and settings\teste\Menu Iniciar\Programas\Inicializar\Avision Scanner Utility.lnk

backup=c:\windows2\pss\Avision Scanner Utility.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\MSMSGS.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Mozilla Shared\\firefox.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows2\system32\drivers\GbpKm.sys [4/6/2009 14:36 27240]

R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [8/9/2009 14:56 114768]

R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [8/9/2009 14:56 20560]

R2 Av630an;Av630an;c:\windows2\system32\drivers\av630an.sys [8/6/2009 13:03 107072]

R2 Av630bn;Av630bn;c:\windows2\system32\drivers\av630bn.sys [8/6/2009 13:03 107680]

R2 Av630cn;Av630cn;c:\windows2\system32\drivers\av630cn.sys [8/6/2009 13:03 102336]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [5/7/2007 12:25 53736]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-15 c:\windows2\Tasks\SDMsgUpdate (TE).job

• c:\arquiv~1\SMARTD~1\MESSAGES\SDNotify.exe [2009-08-05 14:29]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uerj.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-15 14:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS2\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(644)

c:\arquiv~1\GbPlugin\gbiehAbn.dll

• - - - - - - > 'explorer.exe'(3628)

c:\windows2\system32\WININET.dll

c:\arquiv~1\GbPlugin\gbiehAbn.dll

c:\windows2\system32\WPDShServiceObj.dll

c:\windows2\system32\PortableDeviceTypes.dll

c:\windows2\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

SystemRoot\System32\smss.exe [552]

??\c:\windows2\system32\csrss.exe [620]

??\c:\windows2\system32\winlogon.exe [644]

c:\windows2\system32\services.exe [696]

c:\windows2\system32\lsass.exe [708]

c:\arquiv~1\GbPlugin\GbpSv.exe [856]

c:\windows2\system32\svchost.exe [884]

c:\windows2\system32\svchost.exe [996]

c:\windows2\System32\svchost.exe [1036]

c:\windows2\system32\svchost.exe [1252]

c:\windows2\system32\svchost.exe [1352]

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [1416]

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe [1488]

c:\windows2\system32\spoolsv.exe [1740]

c:\windows2\system32\svchost.exe [1840]

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1924]

c:\arquivos de programas\Java\jre6\bin\jqs.exe [1968]

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2024]

c:\windows2\system32\HPZipm12.exe [204]

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [296]

c:\arquiv~1\SMARTD~1\MESSAGES\SDNotify.exe [312]

c:\windows2\system32\svchost.exe [444]

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008]

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2136]

c:\windows2\system32\wbem\wmiprvse.exe [2164]

c:\windows2\System32\alg.exe [2328]

c:\windows2\system32\CF14091.exe [2612]

c:\arquivos de programas\Analog Devices\SoundMAX\SMTray.exe [3660]

c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe [3716]

c:\windows2\system32\wuauclt.exe [2156]

c:\windows2\system32\wuauclt.exe [2512]

c:\windows2\explorer.exe [3628]

c:\combofix\catchme.cfxxe [2760]

.

**************************************************************************

.

Tempo para conclusão: 2009-09-15 14:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-15 17:40

ComboFix2.txt 2009-09-11 20:14

Pré-execução: 50 pasta(s) 60.744.663.040 bytes disponíveis

Pós execução: 50 pasta(s) 60.729.655.296 bytes disponíveis

221 --- E O F --- 2009-09-14 13:25

_____________________________________________________________________________________________________

_____________________________________________________________________________________________________-

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:03, on 15/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS2\System32\smss.exe

C:\WINDOWS2\system32\winlogon.exe

C:\WINDOWS2\system32\services.exe

C:\WINDOWS2\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS2\system32\svchost.exe

C:\WINDOWS2\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS2\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS2\system32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS2\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS2\system32\wuauclt.exe

C:\WINDOWS2\explorer.exe

C:\WINDOWS2\system32\ctfmon.exe

C:\WINDOWS2\System32\svchost.exe

C:\WINDOWS2\system32\wuauclt.exe

C:\Documents and Settings\teste\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uerj.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6135 bytes

1° Etapa

- Faça o download do Killbox e execute-o:

• Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

c:\windows2\system32\aswBoot.exe

 • Volte ao **KillBox**. Clique em **File > Paste from clipboard**. Clique no botão **All Files**;

 • Clique no e responda *Não* à pergunta.

2° Etapa

Acesse este site: http://www.kaspersky.com/virusscanner

Clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i100.photobucket.com/albums/m7/dasaki/Clipboard01-1.jpg&key=483c4a42f147247f0bb8150c84614e06b49841c5a4b237186e0cd8bb9608f168" alt="Clipboard01-1.jpg" />

Siga as instruções de configuração do verificador conforme imagem abaixo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img113.imageshack.us/img113/9393/kosjn0.gif&key=cd24a699f2728ee4bca5f3fe65f56fc42b1bbf4a7a0247876fe42387af9f68a0" alt="kosjn0.gif" />

poste o log do scan aqui mesmo no tópico

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, September 18, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

 Last database update: Friday, September 18, 2009 14:37:57

 Records in database: 2848522

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Objects scanned: 79209

Threats found: 2

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 01:59:48

File name / Threat / Threats count

C:\WINDOWS\system32\secupdat.dat Infected: Backdoor.Win32.Agent.afhv 1

C:\System Volume Information\_restore{C5E6ECCD-BC51-4094-8A8C-A7D63BD9B321}\RP1\A0000028.exe Infected: Trojan.Win32.Inject.aiti 1

Selected area has been scanned.

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

-- Salve o programa no seu Desktop (área de trabalho)

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.