[Arquivado] Analise topico

[hygorsandro 0]

Galera estou com algo bravo no PC, algum tipow d ardamax ou algo assim.. eu perdi 2MSN e orkut, e contas do pagseguro

formatei o noot, dpois hj terminei d perder outro MSN =/

 

Segue o LOG em anexo, peso que alguem possa me ajudar a dar um jeito nisso. Grato

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:05:50, on 15/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\VM303_STI.EXEC:\Windows\VMSnap3.EXEC:\Windows\Domino.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wuauclt.exeC:\Program Files\CyberScript32\CyberScript.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe--End of file - 3991 bytes

[Silas Martins 0]

1° Passo: Baixe e execute o HostsXpert.

 

→Execute o HostsXpert, por meio do arquivo HostsXpert.exe,

→clique em Restore Microsoft's Hosts File e aperte em OK.

→Depois disso, finalize o programa.

 

2º Passo

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[hygorsandro 0]

LOG: Malwarebytes Anti-Malware

 

Malwarebytes' Anti-Malware 1.34Versão do banco de dados: 1853Windows 6.0.6000 16/03/2009 07:17:51mbam-log-2009-03-16 (07-17-51).txtTipo de Verificação: RápidaObjetos verificados: 52902Tempo decorrido: 14 minute(s), 48 second(s)Processos da Memória infectados: 0Módulos de Memória Infectados: 0Chaves do Registro infectadas: 0Valores do Registro infectados: 0Ítens do Registro infectados: 0Pastas infectadas: 0Arquivos infectados: 0Processos da Memória infectados:(Nenhum ítem malicioso foi detectado)Módulos de Memória Infectados:(Nenhum ítem malicioso foi detectado)Chaves do Registro infectadas:(Nenhum ítem malicioso foi detectado)Valores do Registro infectados:(Nenhum ítem malicioso foi detectado)Ítens do Registro infectados:(Nenhum ítem malicioso foi detectado)Pastas infectadas:(Nenhum ítem malicioso foi detectado)Arquivos infectados:(Nenhum ítem malicioso foi detectado)

 

LOG: hijacktihis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:21:28, on 16/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\VM303_STI.EXEC:\Windows\VMSnap3.EXEC:\Windows\Domino.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 4749 bytes

 

 

- Desde já, grato Silas Martins e ao forum pela ajuda prestada.

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em StartScan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman

[hygorsandro 0]

O Log do norman casei no pc tudo mas nao axei..

o relatorio principal q o programa dar dentro dele msm: q nao da pra copiar : Fala q nao axou nada de errado.

0 - arquivos malicosos

 

segue novamente o log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:57:38, on 16/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\VM303_STI.EXEC:\Windows\VMSnap3.EXEC:\Windows\Domino.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wuauclt.exeC:\Program Files\CyberScript32\CyberScript.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Windows\system32\NOTEPAD.EXEC:\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 4852 bytes

[Silas Martins 0]

Log limpo.

O problema persiste?

Siga as instruções finais:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP.

 

2. Faça uma limpeza de disco Vá em iniciar→todos os programas→Acessórios→Ferramentas do Sistema→Limpeza de disco.

[hygorsandro 0]

Silas axei o log do norman

Norman Malware CleanerCopyright © 1990 - 2009, Norman ASA. Built 2009/03/13 08:11:54Norman Scanner Engine Version: 6.00.06Nvcbin.def Version: 6.00.00, Date: 2009/03/13 08:11:54, Variants: 2979546Scan started: 16/03/2009 15:54:20Running pre-scan cleanup routine:Operating System: Microsoft Windows Vista 6.0.6000 Logged on user: Hygor-PC\HygorScanning running processes and process memory...Number of processes/threads found: 3417Number of processes/threads scanned: 3417Number of processes/threads not scanned: 0Number of infected processes/threads terminated: 0Total scanning time: 1m 43sScanning file system...Scanning: C:\*.*C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{5cf9c0fa-120e-11de-81f6-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{5f16a630-117e-11de-8605-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645e4-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645eb-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645f6-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645fc-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a8464602-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a846460a-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdf2-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdf8-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdff-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b95f3e6c-0fda-11de-a561-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{bc2d4dda-10b2-11de-9a39-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb0f-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb63-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb73-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cbab-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d0d3-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d467-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d513-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d5b1-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl (Error opening file: Access denied)Scanning: D:\*.*Scanning: E:\*.*Running post-scan cleanup routine:Set TCP/IP autotuning to "normal" (or it was already "normal")Number of files found: 95176Number of archives unpacked: 165Number of files scanned: 95073Number of files not scanned: 103Number of files skipped due to exclude list: 0Number of infected files found: 0Number of infected files repaired/deleted: 0Number of infections removed: 0Total scanning time: 42m 16s

[Silas Martins 0]

1. Vá no iniciar>painel de controle>opções de pasta>clique na aba Modo de exibição>desça a barra de rolagem e marque mostrar pastas e arquivos ocultos.

2. Execute o Norman em modo de segurança(para isso reinicie o pc e segure a tecla F8 até que apareça a tela de escolha do modo seguro) e adicione todas as áreas físicas e removiveis do seu pc ( ex: E: C:D: F: e outras) só então clique em StartScan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman.

Aguardo Retorno.

[hygorsandro 0]

Log Norman:

 

Norman Malware CleanerCopyright © 1990 - 2009, Norman ASA. Built 2009/03/13 08:11:54Norman Scanner Engine Version: 6.00.06Nvcbin.def Version: 6.00.00, Date: 2009/03/13 08:11:54, Variants: 2979546Scan started: 17/03/2009 01:11:07Running pre-scan cleanup routine:Operating System: Microsoft Windows Vista 6.0.6000(Safe mode) Logged on user: Hygor-PC\HygorScanning running processes and process memory...Number of processes/threads found: 833Number of processes/threads scanned: 833Number of processes/threads not scanned: 0Number of infected processes/threads terminated: 0Total scanning time: 23sScanning file system...Scanning: C:\*.*C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{5cf9c0fa-120e-11de-81f6-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{5f16a630-117e-11de-8605-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645e4-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645eb-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645f6-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a84645fc-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a8464602-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{a846460a-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdf2-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdf8-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b535bdff-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{b95f3e6c-0fda-11de-a561-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{bc2d4dda-10b2-11de-9a39-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb0f-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb63-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cb73-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6cbab-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d0d3-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d467-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d513-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\System Volume Information\{c0f6d5b1-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)C:\Users\Hygor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HBOAOYMK\cmd[1].txt (Infected with PHP/PhpShell.A)Deleted fileC:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)Scanning: D:\*.*Scanning: E:\*.*Scanning: c:\System Volume Information\*.*c:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{5cf9c0fa-120e-11de-81f6-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{5f16a630-117e-11de-8605-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a84645e4-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a84645eb-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a84645f6-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a84645fc-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a8464602-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{a846460a-0f04-11de-b8c2-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{b535bdf2-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{b535bdf8-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{b535bdff-0f3d-11de-9c6d-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{b95f3e6c-0fda-11de-a561-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{bc2d4dda-10b2-11de-9a39-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6cb0f-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6cb63-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6cb73-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6cbab-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6d0d3-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6d467-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6d513-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)c:\System Volume Information\{c0f6d5b1-0ef1-11de-a6b8-00030d90f7bf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)Running post-scan cleanup routine:Failed to set TCP/IP autotuning to "normal" (1) in 1 secondsNumber of files found: 97972Number of archives unpacked: 203Number of files scanned: 97893Number of files not scanned: 79Number of files skipped due to exclude list: 0Number of infected files found: 1Number of infected files repaired/deleted: 1Number of infections removed: 1Total scanning time: 30m 10s

 

LOGS Hijackthis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:42:12, on 17/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: Safe modeRunning processes:C:\Windows\Explorer.EXEC:\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 4376 bytes

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

[hygorsandro 0]

ComboFIX LOG:

 

ComboFix 09-03-15.01 - Hygor 2009-03-18  3:56:43.1 - NTFSx86Microsoft® Windows Vista™ Starter   6.0.6000.0.1252.1.1046.18.893.369 [GMT -3:00]Executando de: c:\users\Hygor\Desktop\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro.((((((((((((((((   Arquivos/Ficheiros criados de 2009-02-18 to 2009-03-18  )))))))))))))))))))))))))))).2009-03-17 15:06 . 2009-03-17 15:06	410,984	--a------	c:\windows\System32\deploytk.dll2009-03-17 15:05 . 2009-03-17 15:05	<DIR>	d--------	c:\program files\Java2009-03-17 03:01 . 2009-03-17 03:01	268,800	--a------	c:\windows\System32\es.dll2009-03-16 09:17 . 2006-04-13 11:30	1,073,152	--a------	c:\windows\System32\libmysql_c.dll2009-03-16 07:28 . 2009-03-16 07:46	20,824,064	--a------	c:\windows\ocsetup_install_NetFx3.etl2009-03-16 07:28 . 2009-03-16 07:45	32,768	--a------	c:\windows\ocsetup_cbs_install_NetFx3.perf2009-03-16 07:28 . 2009-03-16 07:45	16,384	--a------	c:\windows\ocsetup_cbs_install_NetFx3.dpx2009-03-16 07:24 . 2009-03-16 07:24	282,112	--a------	c:\windows\System32\mscoree.dll2009-03-16 07:24 . 2009-03-16 07:24	158,720	--a------	c:\windows\System32\mscorier.dll2009-03-16 07:24 . 2009-03-16 07:24	96,760	--a------	c:\windows\System32\dfshim.dll2009-03-16 07:24 . 2009-03-16 07:24	83,968	--a------	c:\windows\System32\mscories.dll2009-03-16 07:24 . 2009-03-16 07:24	41,984	--a------	c:\windows\System32\netfxperf.dll2009-03-16 07:02 . 2009-03-16 07:02	<DIR>	d--------	c:\users\Hygor\AppData\Roaming\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:01	<DIR>	d--------	c:\users\All Users\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:01	<DIR>	d--------	c:\programdata\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:02	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware2009-03-16 07:01 . 2009-02-11 10:19	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys2009-03-16 07:01 . 2009-02-11 10:19	15,504	--a------	c:\windows\System32\drivers\mbam.sys2009-03-16 06:57 . 2009-03-16 06:57	<DIR>	d--------	c:\program files\Turbo-Mailer2009-03-15 16:44 . 2009-03-15 17:03	<DIR>	d--------	c:\users\All Users\Spybot - Search & Destroy2009-03-15 16:44 . 2009-03-15 17:03	<DIR>	d--------	c:\programdata\Spybot - Search & Destroy2009-03-15 16:44 . 2009-03-15 16:44	<DIR>	d--------	c:\program files\Spybot - Search & Destroy2009-03-15 15:05 . 2009-03-17 01:42	<DIR>	d--------	C:\Hijack2009-03-15 14:13 . 2009-03-15 14:13	361,984	--a------	c:\windows\System32\IPSECSVC.DLL2009-03-15 14:13 . 2009-03-15 14:13	272,896	--a------	c:\windows\System32\polstore.dll2009-03-15 14:13 . 2009-03-15 14:13	241,152	--a------	c:\windows\System32\PortableDeviceApi.dll2009-03-15 14:13 . 2009-03-15 14:13	160,768	--a------	c:\windows\System32\PortableDeviceTypes.dll2009-03-15 14:13 . 2009-03-15 14:13	95,232	--a------	c:\windows\System32\PortableDeviceClassExtension.dll2009-03-15 14:13 . 2009-03-15 14:13	61,440	--a------	c:\windows\System32\winipsec.dll2009-03-15 14:13 . 2009-03-15 14:13	28,672	--a------	c:\windows\System32\FwRemoteSvr.dll2009-03-15 14:10 . 2009-03-15 14:10	194,560	--a------	c:\windows\System32\WebClnt.dll2009-03-15 14:10 . 2009-03-15 14:10	110,080	--a------	c:\windows\System32\drivers\mrxdav.sys2009-03-15 14:07 . 2009-03-15 14:07	826,368	--a------	c:\windows\System32\wininet.dll2009-03-15 14:02 . 2009-03-15 14:02	297,472	--a------	c:\windows\System32\gdi32.dll2009-03-15 14:01 . 2009-03-15 14:01	1,060,920	--a------	c:\windows\System32\drivers\ntfs.sys2009-03-15 14:01 . 2009-03-15 14:01	41,984	--a------	c:\windows\System32\drivers\monitor.sys2009-03-15 14:00 . 2009-03-15 14:00	4,247,552	--a------	c:\windows\System32\GameUXLegacyGDFs.dll2009-03-15 14:00 . 2009-03-15 14:00	1,687,040	--a------	c:\windows\System32\gameux.dll2009-03-15 14:00 . 2009-03-15 14:00	211,456	--a------	c:\windows\System32\drivers\mrxsmb10.sys2009-03-15 14:00 . 2009-03-15 14:00	28,672	--a------	c:\windows\System32\Apphlpdm.dll2009-03-15 13:59 . 2009-03-15 13:59	303,616	--a------	c:\windows\System32\wmpeffects.dll2009-03-15 13:58 . 2009-03-15 13:58	1,194,496	--a------	c:\windows\System32\msxml3.dll2009-03-15 13:58 . 2009-03-15 13:58	2,048	--a------	c:\windows\System32\msxml3r.dll2009-03-15 13:57 . 2009-03-15 13:57	8,147,968	--a------	c:\windows\System32\wmploc.DLL2009-03-15 13:57 . 2009-03-15 13:57	7,680	--a------	c:\windows\System32\spwmp.dll2009-03-15 13:57 . 2009-03-15 13:57	4,096	--a------	c:\windows\System32\msdxm.ocx2009-03-15 13:57 . 2009-03-15 13:57	4,096	--a------	c:\windows\System32\dxmasf.dll2009-03-15 13:54 . 2009-03-15 13:54	154,624	--a------	c:\windows\System32\drivers\nwifi.sys2009-03-15 13:54 . 2009-03-15 13:54	109,624	--a------	c:\windows\System32\drivers\ataport.sys2009-03-15 13:54 . 2009-03-15 13:54	45,112	--a------	c:\windows\System32\drivers\pciidex.sys2009-03-15 13:54 . 2009-03-15 13:54	25,656	--a------	c:\windows\System32\drivers\msahci.sys2009-03-15 13:54 . 2009-03-15 13:54	21,560	--a------	c:\windows\System32\drivers\atapi.sys2009-03-15 13:54 . 2009-03-15 13:54	15,928	--a------	c:\windows\System32\drivers\pciide.sys2009-03-15 13:53 . 2009-03-15 13:53	2,923,520	--a------	c:\windows\explorer.exe2009-03-15 13:51 . 2009-03-15 13:51	12,240,896	--a------	c:\windows\System32\NlsLexicons0007.dll2009-03-15 13:47 . 2009-03-15 13:47	1,585,664	--a------	c:\windows\System32\setupapi.dll2009-03-15 13:44 . 2009-03-15 13:44	712,704	--a------	c:\windows\System32\WindowsCodecs.dll2009-03-15 13:44 . 2009-03-15 13:44	425,472	--a------	c:\windows\System32\PhotoMetadataHandler.dll2009-03-15 13:44 . 2009-03-15 13:44	347,648	--a------	c:\windows\System32\WindowsCodecsExt.dll2009-03-15 13:43 . 2009-03-15 13:43	441,856	--a------	c:\windows\System32\win32spl.dll2009-03-15 13:43 . 2009-03-15 13:43	37,376	--a------	c:\windows\System32\printcom.dll2009-03-15 13:42 . 2009-03-15 13:42	290,304	--a------	c:\windows\System32\drivers\srv.sys2009-03-15 13:42 . 2009-03-15 13:42	113,664	--a------	c:\windows\System32\drivers\rmcast.sys2009-03-15 13:42 . 2009-03-15 13:42	14,848	--a------	c:\windows\System32\wshrm.dll2009-03-15 13:41 . 2009-03-15 13:41	2,855,424	--a------	c:\windows\System32\mf.dll2009-03-15 13:41 . 2009-03-15 13:41	996,352	--a------	c:\windows\System32\WMNetMgr.dll2009-03-15 13:41 . 2009-03-15 13:41	269,824	--a------	c:\windows\System32\schannel.dll2009-03-15 13:41 . 2009-03-15 13:41	98,816	--a------	c:\windows\System32\mfps.dll2009-03-15 13:41 . 2009-03-15 13:41	94,720	--a------	c:\windows\System32\logagent.exe2009-03-15 13:41 . 2009-03-15 13:41	83,968	--a------	c:\windows\System32\dnsrslvr.dll2009-03-15 13:41 . 2009-03-15 13:41	52,736	--a------	c:\windows\System32\rrinstaller.exe2009-03-15 13:41 . 2009-03-15 13:41	24,576	--a------	c:\windows\System32\mfpmp.exe2009-03-15 13:41 . 2009-03-15 13:41	24,576	--a------	c:\windows\System32\dnscacheugc.exe2009-03-15 13:41 . 2009-03-15 13:41	2,048	--a------	c:\windows\System32\mferror.dll2009-03-15 13:40 . 2009-03-15 13:40	737,792	--a------	c:\windows\System32\inetcomm.dll2009-03-15 13:40 . 2009-03-15 13:40	84,480	--a------	c:\windows\System32\INETRES.dll2009-03-15 13:39 . 2009-03-15 13:39	3,505,208	--a------	c:\windows\System32\ntkrnlpa.exe2009-03-15 13:39 . 2009-03-15 13:39	3,470,904	--a------	c:\windows\System32\ntoskrnl.exe2009-03-15 13:39 . 2009-03-15 13:39	2,028,032	--a------	c:\windows\System32\win32k.sys2009-03-15 13:39 . 2009-03-15 13:39	1,327,104	--a------	c:\windows\System32\quartz.dll2009-03-15 13:38 . 2009-03-15 13:38	1,341,440	--a------	c:\windows\System32\msxml6.dll2009-03-15 13:38 . 2009-03-15 13:38	2,048	--a------	c:\windows\System32\msxml6r.dll2009-03-13 17:13 . 2009-03-13 17:13	<DIR>	d--------	c:\users\All Users\Macromedia2009-03-13 17:11 . 2009-03-13 17:12	<DIR>	d--------	c:\program files\Macromedia2009-03-13 17:11 . 2009-03-13 17:15	<DIR>	d--------	c:\program files\Common Files\Macromedia2009-03-13 17:10 . 2009-03-13 17:10	<DIR>	d--------	c:\windows\Downloaded Installations2009-03-12 18:09 . 2009-03-13 22:41	120,085,299	--a------	c:\windows\MEMORY.DMP2009-03-12 17:14 . 2009-03-12 17:14	<DIR>	d--------	c:\windows\PCHEALTH2009-03-12 15:52 . 2009-03-12 15:52	<DIR>	d--------	c:\windows\CatRoot2009-03-12 15:52 . 2009-03-12 15:52	<DIR>	d--------	c:\program files\Vimicro2009-03-12 15:52 . 2009-03-12 18:05	<DIR>	d--h-----	c:\program files\InstallShield Installation Information2009-03-12 15:52 . 2009-03-13 17:10	<DIR>	d--------	c:\program files\Common Files\InstallShield2009-03-12 15:52 . 2000-10-31 12:00	307,200	--a------	c:\windows\vidcap32.Exe2009-03-12 15:52 . 2004-08-31 13:26	233,539	--a------	c:\windows\System32\VM31bPrp.Ax2009-03-12 15:52 . 2006-04-11 13:25	176,128	--a------	c:\windows\amcap.exe2009-03-12 15:52 . 2002-08-22 16:34	147,456	--a------	c:\windows\VMCap.exe2009-03-12 15:52 . 2004-08-17 11:44	91,263	--a------	c:\windows\System32\drivers\usbVM31b.sys2009-03-12 15:52 . 2003-05-15 17:17	61,440	--a------	c:\windows\System32\VM31bSTI.dll2009-03-12 15:52 . 2002-08-22 17:02	53,248	--a------	c:\windows\StillCap.exe2009-03-12 15:52 . 2004-02-24 16:00	49,152	--a------	c:\windows\Vm_sti.exe2009-03-12 13:45 . 2009-03-16 21:44	<DIR>	d--------	c:\users\Hygor\AppData\Roaming\FileZilla2009-03-12 13:45 . 2009-03-12 13:45	<DIR>	d--------	c:\program files\FileZilla FTP Client2009-03-12 13:10 . 2009-03-12 13:15	<DIR>	d--------	c:\program files\Windows Live Safety Center2009-03-12 10:54 . 2003-03-18 17:20	1,060,864	--a------	c:\windows\System32\MFC71.dll2009-03-12 10:54 . 2003-03-18 16:14	499,712	--a------	c:\windows\System32\MSVCP71.dll2009-03-12 10:54 . 2003-02-21 00:42	348,160	--a------	c:\windows\System32\MSVCR71.dll2009-03-12 10:54 . 2009-02-05 19:06	51,792	--a------	c:\windows\System32\drivers\aswMonFlt.sys2009-03-12 10:53 . 2009-03-12 10:53	<DIR>	d--------	c:\program files\Alwil Software2009-03-12 09:55 . 2009-03-12 09:55	<DIR>	d--------	c:\users\Hygor\Tracing2009-03-12 09:41 . 2009-03-12 18:09	<DIR>	d--------	c:\program files\Microsoft2009-03-12 09:04 . 2009-03-12 09:06	<DIR>	d--------	c:\users\All Users\avg82009-03-12 09:04 . 2009-03-12 09:06	<DIR>	d--------	c:\programdata\avg82009-03-12 08:41 . 2009-03-12 08:42	<DIR>	d--------	c:\program files\CyberScript322009-03-12 08:40 . 2009-03-12 08:40	2,048	--a------	c:\windows\System32\tzres.dll2009-03-12 08:37 . 2009-03-12 08:37	1,645,568	--a------	c:\windows\System32\connect.dll2009-03-12 08:34 . 2009-03-12 08:34	<DIR>	d--------	c:\program files\Common Files\Windows Live2009-03-12 08:28 . 2009-03-12 08:28	<DIR>	d--------	c:\windows\System32\Macromed2009-03-12 08:00 . 2009-03-12 08:00	1,809,944	--a------	c:\windows\System32\wuaueng.dll2009-03-12 08:00 . 2009-03-12 08:00	1,524,736	--a------	c:\windows\System32\wucltux.dll2009-03-12 08:00 . 2009-03-12 08:00	51,224	--a------	c:\windows\System32\wuauclt.exe2009-03-12 08:00 . 2009-03-12 08:00	43,544	--a------	c:\windows\System32\wups2.dll2009-03-12 07:59 . 2009-03-12 07:59	561,688	--a------	c:\windows\System32\wuapi.dll2009-03-12 07:59 . 2009-03-12 07:59	162,064	--a------	c:\windows\System32\wuwebv.dll2009-03-12 07:59 . 2009-03-12 07:59	83,456	--a------	c:\windows\System32\wudriver.dll2009-03-12 07:59 . 2009-03-12 07:59	34,328	--a------	c:\windows\System32\wups.dll.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-16 09:43	174	--sha-w	c:\program files\desktop.ini2009-03-16 05:25	---------	d-----w	c:\program files\Windows Mail2009-03-15 17:07	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll2009-03-15 17:06	56,320	----a-w	c:\windows\System32\iesetup.dll2009-03-15 17:06	26,624	----a-w	c:\windows\System32\ieUnatt.exe2009-03-15 17:00	537,600	----a-w	c:\windows\AppPatch\AcLayers.dll2009-03-15 17:00	449,536	----a-w	c:\windows\AppPatch\AcSpecfc.dll2009-03-15 17:00	2,560	----a-w	c:\windows\AppPatch\AcRes.dll2009-03-15 17:00	2,144,256	----a-w	c:\windows\AppPatch\AcGenral.dll2009-03-15 17:00	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll2009-03-15 16:51	9,892,864	----a-w	c:\windows\System32\NlsLexicons000a.dll2009-03-15 16:46	944,184	----a-w	c:\windows\System32\winload.exe2009-03-12 10:41	---------	d-sh--w	c:\programdata\Modelos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Menu Iniciar2009-03-12 10:41	---------	d-sh--w	c:\programdata\Favoritos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Documentos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Dados de aplicativos2009-03-12 10:41	---------	d-sh--w	c:\program files\Common Files\Sistema2009-03-12 10:41	---------	d-sh--w	c:\program files\Arquivos Comuns.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-22 851968]"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoDFSTab"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoDFSTab"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{9192202B-E512-4915-8894-47839A47BE7A}c:\\program files\\cyberscript32\\cyberscript.exe"= UDP:c:\program files\cyberscript32\cyberscript.exe:mIRC"UDP Query User{53F8A778-3CD4-41D9-9724-ABD75F5A866A}c:\\program files\\cyberscript32\\cyberscript.exe"= TCP:c:\program files\cyberscript32\cyberscript.exe:mIRC"{2E52FA86-E2A6-4B50-9E97-FF07B709AA3E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync"{057F7324-9966-4261-82BA-30CE6A0B9512}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-12 114768]R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-12 20560]R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-12 51792]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-15 1153368]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2008-02-25 283136]R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [2008-02-21 455032]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2008-02-21 47616]R3 vmfilter303;vmfilter303;c:\windows\System32\drivers\vmfilter303.sys [2009-03-12 428160]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [2008-02-21 95616]S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-02-21 38400]S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-02-21 31360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f6cb86-0ef1-11de-a6b8-00030d90f7bf}]\shell\AutoRun\command - u.com\shell\open\Command - u.com..------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cabFF - ProfilePath - c:\users\Hygor\AppData\Roaming\Mozilla\Firefox\Profiles\4rnt7u25.default\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-18 04:00:12Windows 6.0.6000  NTFSProcurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)??????????@?@???????????????????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2009-03-18  4:02:18ComboFix-quarantined-files.txt  2009-03-18 07:02:13Pré-execução: 53.104.193.536 bytes disponíveisPós execução: 53,076,652,032 bytes disponíveis229	--- E O F ---	2009-03-18 06:01:52

 

 

LOG: HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:06:36, on 18/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\VM303_STI.EXEC:\Windows\VMSnap3.EXEC:\Windows\Domino.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\IEUser.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Windows\Explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Hijack\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 4490 bytes

[Silas Martins 0]

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f6cb86-0ef1-11de-a6b8-00030d90f7bf}]

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

Aguardo retorno

[hygorsandro 0]

LOG COMBOFIX

ComboFix 09-03-15.01 - Hygor 2009-03-19 21:33:37.1 - NTFSx86Microsoft® Windows Vista™ Starter   6.0.6000.0.1252.1.1046.18.893.386 [GMT -3:00]Executando de: c:\users\Hygor\Desktop\ComboFix.exeComandos utilizados :: c:\users\Hygor\Desktop\CFScript.txtAV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning disabled* (Updated) * Criado um novo ponto de restauro.((((((((((((((((   Arquivos/Ficheiros criados de 2009-02-20 to 2009-03-20  )))))))))))))))))))))))))))).2009-03-19 21:25 . 2009-03-19 21:25	<DIR>	d--------	c:\program files\DriverGuide DriverScan2009-03-19 21:25 . 2008-04-30 19:32	107,596	--a------	C:\toolkit_widget.gif2009-03-19 20:47 . 2009-03-19 20:49	<DIR>	d--------	c:\users\Hygor\AppData\Roaming\VMware2009-03-19 20:40 . 2008-10-28 23:01	326,192	--a------	c:\windows\System32\vmnetdhcp.exe2009-03-19 20:40 . 2008-10-28 17:03	55,856	--a------	c:\windows\System32\vnetinst.dll2009-03-19 20:40 . 2008-10-28 17:03	16,560	--a------	c:\windows\System32\drivers\vmnetadapter.sys2009-03-19 20:39 . 2008-10-28 23:00	723,504	--a------	c:\windows\System32\vnetlib.dll2009-03-19 20:39 . 2008-10-28 23:00	399,920	--a------	c:\windows\System32\vmnat.exe2009-03-19 20:39 . 2008-10-28 17:03	50,736	-ra------	c:\windows\System32\vmnetbridge.dll2009-03-19 20:39 . 2008-10-28 17:03	31,280	-ra------	c:\windows\System32\drivers\vmnetbridge.sys2009-03-19 20:39 . 2008-10-28 23:01	26,288	--a------	c:\windows\System32\drivers\vmnetuserif.sys2009-03-19 20:39 . 2008-10-28 23:01	23,216	--a------	c:\windows\System32\drivers\VMkbd.sys2009-03-19 20:39 . 2008-10-28 17:03	18,736	-ra------	c:\windows\System32\drivers\vmnet.sys2009-03-19 20:39 . 2009-03-19 20:39	1,024	--a------	C:\.rnd2009-03-19 20:38 . 2009-03-19 20:58	<DIR>	d--------	c:\users\All Users\VMware2009-03-19 20:38 . 2009-03-19 20:58	<DIR>	d--------	c:\programdata\VMware2009-03-19 20:37 . 2009-03-19 20:37	<DIR>	d--------	c:\program files\VMware2009-03-19 15:46 . 2009-03-19 15:46	<DIR>	d--------	c:\program files\Opera2009-03-18 18:17 . 2009-03-18 18:17	<DIR>	d--------	C:\ComboFix(0)2009-03-17 15:06 . 2009-03-17 15:06	410,984	--a------	c:\windows\System32\deploytk.dll2009-03-17 15:05 . 2009-03-17 15:05	<DIR>	d--------	c:\program files\Java2009-03-17 03:01 . 2009-03-17 03:01	268,800	--a------	c:\windows\System32\es.dll2009-03-16 09:17 . 2006-04-13 11:30	1,073,152	--a------	c:\windows\System32\libmysql_c.dll2009-03-16 07:28 . 2009-03-16 07:46	20,824,064	--a------	c:\windows\ocsetup_install_NetFx3.etl2009-03-16 07:28 . 2009-03-16 07:45	32,768	--a------	c:\windows\ocsetup_cbs_install_NetFx3.perf2009-03-16 07:28 . 2009-03-16 07:45	16,384	--a------	c:\windows\ocsetup_cbs_install_NetFx3.dpx2009-03-16 07:24 . 2009-03-16 07:24	282,112	--a------	c:\windows\System32\mscoree.dll2009-03-16 07:24 . 2009-03-16 07:24	158,720	--a------	c:\windows\System32\mscorier.dll2009-03-16 07:24 . 2009-03-16 07:24	96,760	--a------	c:\windows\System32\dfshim.dll2009-03-16 07:24 . 2009-03-16 07:24	83,968	--a------	c:\windows\System32\mscories.dll2009-03-16 07:24 . 2009-03-16 07:24	41,984	--a------	c:\windows\System32\netfxperf.dll2009-03-16 07:02 . 2009-03-16 07:02	<DIR>	d--------	c:\users\Hygor\AppData\Roaming\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:01	<DIR>	d--------	c:\users\All Users\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:01	<DIR>	d--------	c:\programdata\Malwarebytes2009-03-16 07:01 . 2009-03-16 07:02	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware2009-03-16 07:01 . 2009-02-11 10:19	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys2009-03-16 07:01 . 2009-02-11 10:19	15,504	--a------	c:\windows\System32\drivers\mbam.sys2009-03-16 06:57 . 2009-03-16 06:57	<DIR>	d--------	c:\program files\Turbo-Mailer2009-03-15 16:44 . 2009-03-19 03:28	<DIR>	d--------	c:\users\All Users\Spybot - Search & Destroy2009-03-15 16:44 . 2009-03-19 03:28	<DIR>	d--------	c:\programdata\Spybot - Search & Destroy2009-03-15 16:44 . 2009-03-19 03:26	<DIR>	d--------	c:\program files\Spybot - Search & Destroy2009-03-15 15:05 . 2009-03-18 04:06	<DIR>	d--------	C:\Hijack2009-03-15 14:13 . 2009-03-15 14:13	361,984	--a------	c:\windows\System32\IPSECSVC.DLL2009-03-15 14:13 . 2009-03-15 14:13	272,896	--a------	c:\windows\System32\polstore.dll2009-03-15 14:13 . 2009-03-15 14:13	241,152	--a------	c:\windows\System32\PortableDeviceApi.dll2009-03-15 14:13 . 2009-03-15 14:13	160,768	--a------	c:\windows\System32\PortableDeviceTypes.dll2009-03-15 14:13 . 2009-03-15 14:13	95,232	--a------	c:\windows\System32\PortableDeviceClassExtension.dll2009-03-15 14:13 . 2009-03-15 14:13	61,440	--a------	c:\windows\System32\winipsec.dll2009-03-15 14:13 . 2009-03-15 14:13	28,672	--a------	c:\windows\System32\FwRemoteSvr.dll2009-03-15 14:10 . 2009-03-15 14:10	194,560	--a------	c:\windows\System32\WebClnt.dll2009-03-15 14:10 . 2009-03-15 14:10	110,080	--a------	c:\windows\System32\drivers\mrxdav.sys2009-03-15 14:07 . 2009-03-15 14:07	826,368	--a------	c:\windows\System32\wininet.dll2009-03-15 14:02 . 2009-03-15 14:02	297,472	--a------	c:\windows\System32\gdi32.dll2009-03-15 14:01 . 2009-03-15 14:01	1,060,920	--a------	c:\windows\System32\drivers\ntfs.sys2009-03-15 14:01 . 2009-03-15 14:01	41,984	--a------	c:\windows\System32\drivers\monitor.sys2009-03-15 14:00 . 2009-03-15 14:00	4,247,552	--a------	c:\windows\System32\GameUXLegacyGDFs.dll2009-03-15 14:00 . 2009-03-15 14:00	1,687,040	--a------	c:\windows\System32\gameux.dll2009-03-15 14:00 . 2009-03-15 14:00	211,456	--a------	c:\windows\System32\drivers\mrxsmb10.sys2009-03-15 14:00 . 2009-03-15 14:00	28,672	--a------	c:\windows\System32\Apphlpdm.dll2009-03-15 13:59 . 2009-03-15 13:59	303,616	--a------	c:\windows\System32\wmpeffects.dll2009-03-15 13:58 . 2009-03-15 13:58	1,194,496	--a------	c:\windows\System32\msxml3.dll2009-03-15 13:58 . 2009-03-15 13:58	2,048	--a------	c:\windows\System32\msxml3r.dll2009-03-15 13:57 . 2009-03-15 13:57	8,147,968	--a------	c:\windows\System32\wmploc.DLL2009-03-15 13:57 . 2009-03-15 13:57	7,680	--a------	c:\windows\System32\spwmp.dll2009-03-15 13:57 . 2009-03-15 13:57	4,096	--a------	c:\windows\System32\msdxm.ocx2009-03-15 13:57 . 2009-03-15 13:57	4,096	--a------	c:\windows\System32\dxmasf.dll2009-03-15 13:54 . 2009-03-15 13:54	154,624	--a------	c:\windows\System32\drivers\nwifi.sys2009-03-15 13:54 . 2009-03-15 13:54	109,624	--a------	c:\windows\System32\drivers\ataport.sys2009-03-15 13:54 . 2009-03-15 13:54	45,112	--a------	c:\windows\System32\drivers\pciidex.sys2009-03-15 13:54 . 2009-03-15 13:54	25,656	--a------	c:\windows\System32\drivers\msahci.sys2009-03-15 13:54 . 2009-03-15 13:54	21,560	--a------	c:\windows\System32\drivers\atapi.sys2009-03-15 13:54 . 2009-03-15 13:54	15,928	--a------	c:\windows\System32\drivers\pciide.sys2009-03-15 13:53 . 2009-03-15 13:53	2,923,520	--a------	c:\windows\explorer.exe2009-03-15 13:51 . 2009-03-15 13:51	12,240,896	--a------	c:\windows\System32\NlsLexicons0007.dll2009-03-15 13:47 . 2009-03-15 13:47	1,585,664	--a------	c:\windows\System32\setupapi.dll2009-03-15 13:44 . 2009-03-15 13:44	712,704	--a------	c:\windows\System32\WindowsCodecs.dll2009-03-15 13:44 . 2009-03-15 13:44	425,472	--a------	c:\windows\System32\PhotoMetadataHandler.dll2009-03-15 13:44 . 2009-03-15 13:44	347,648	--a------	c:\windows\System32\WindowsCodecsExt.dll2009-03-15 13:43 . 2009-03-15 13:43	441,856	--a------	c:\windows\System32\win32spl.dll2009-03-15 13:43 . 2009-03-15 13:43	37,376	--a------	c:\windows\System32\printcom.dll2009-03-15 13:42 . 2009-03-15 13:42	290,304	--a------	c:\windows\System32\drivers\srv.sys2009-03-15 13:42 . 2009-03-15 13:42	113,664	--a------	c:\windows\System32\drivers\rmcast.sys2009-03-15 13:42 . 2009-03-15 13:42	14,848	--a------	c:\windows\System32\wshrm.dll2009-03-15 13:41 . 2009-03-15 13:41	2,855,424	--a------	c:\windows\System32\mf.dll2009-03-15 13:41 . 2009-03-15 13:41	996,352	--a------	c:\windows\System32\WMNetMgr.dll2009-03-15 13:41 . 2009-03-15 13:41	269,824	--a------	c:\windows\System32\schannel.dll2009-03-15 13:41 . 2009-03-15 13:41	98,816	--a------	c:\windows\System32\mfps.dll2009-03-15 13:41 . 2009-03-15 13:41	94,720	--a------	c:\windows\System32\logagent.exe2009-03-15 13:41 . 2009-03-15 13:41	83,968	--a------	c:\windows\System32\dnsrslvr.dll2009-03-15 13:41 . 2009-03-15 13:41	52,736	--a------	c:\windows\System32\rrinstaller.exe2009-03-15 13:41 . 2009-03-15 13:41	24,576	--a------	c:\windows\System32\mfpmp.exe2009-03-15 13:41 . 2009-03-15 13:41	24,576	--a------	c:\windows\System32\dnscacheugc.exe2009-03-15 13:41 . 2009-03-15 13:41	2,048	--a------	c:\windows\System32\mferror.dll2009-03-15 13:40 . 2009-03-15 13:40	737,792	--a------	c:\windows\System32\inetcomm.dll2009-03-15 13:40 . 2009-03-15 13:40	84,480	--a------	c:\windows\System32\INETRES.dll2009-03-15 13:39 . 2009-03-15 13:39	3,505,208	--a------	c:\windows\System32\ntkrnlpa.exe2009-03-15 13:39 . 2009-03-15 13:39	3,470,904	--a------	c:\windows\System32\ntoskrnl.exe2009-03-15 13:39 . 2009-03-15 13:39	2,028,032	--a------	c:\windows\System32\win32k.sys2009-03-15 13:39 . 2009-03-15 13:39	1,327,104	--a------	c:\windows\System32\quartz.dll2009-03-15 13:38 . 2009-03-15 13:38	1,341,440	--a------	c:\windows\System32\msxml6.dll2009-03-15 13:38 . 2009-03-15 13:38	2,048	--a------	c:\windows\System32\msxml6r.dll2009-03-13 17:13 . 2009-03-13 17:13	<DIR>	d--------	c:\users\All Users\Macromedia2009-03-13 17:11 . 2009-03-13 17:12	<DIR>	d--------	c:\program files\Macromedia2009-03-13 17:11 . 2009-03-13 17:15	<DIR>	d--------	c:\program files\Common Files\Macromedia2009-03-13 17:10 . 2009-03-13 17:10	<DIR>	d--------	c:\windows\Downloaded Installations2009-03-12 18:09 . 2009-03-13 22:41	120,085,299	--a------	c:\windows\MEMORY.DMP2009-03-12 17:14 . 2009-03-12 17:14	<DIR>	d--------	c:\windows\PCHEALTH2009-03-12 15:52 . 2009-03-12 15:52	<DIR>	d--------	c:\windows\CatRoot2009-03-12 15:52 . 2009-03-12 15:52	<DIR>	d--------	c:\program files\Vimicro2009-03-12 15:52 . 2009-03-12 18:05	<DIR>	d--h-----	c:\program files\InstallShield Installation Information2009-03-12 15:52 . 2009-03-13 17:10	<DIR>	d--------	c:\program files\Common Files\InstallShield2009-03-12 15:52 . 2000-10-31 12:00	307,200	--a------	c:\windows\vidcap32.Exe2009-03-12 15:52 . 2004-08-31 13:26	233,539	--a------	c:\windows\System32\VM31bPrp.Ax2009-03-12 15:52 . 2006-04-11 13:25	176,128	--a------	c:\windows\amcap.exe2009-03-12 15:52 . 2002-08-22 16:34	147,456	--a------	c:\windows\VMCap.exe2009-03-12 15:52 . 2004-08-17 11:44	91,263	--a------	c:\windows\System32\drivers\usbVM31b.sys2009-03-12 15:52 . 2003-05-15 17:17	61,440	--a------	c:\windows\System32\VM31bSTI.dll2009-03-12 15:52 . 2002-08-22 17:02	53,248	--a------	c:\windows\StillCap.exe2009-03-12 15:52 . 2004-02-24 16:00	49,152	--a------	c:\windows\Vm_sti.exe2009-03-12 13:45 . 2009-03-19 17:52	<DIR>	d--------	c:\users\Hygor\AppData\Roaming\FileZilla2009-03-12 13:45 . 2009-03-12 13:45	<DIR>	d--------	c:\program files\FileZilla FTP Client2009-03-12 13:10 . 2009-03-12 13:15	<DIR>	d--------	c:\program files\Windows Live Safety Center2009-03-12 10:54 . 2003-03-18 17:20	1,060,864	--a------	c:\windows\System32\MFC71.dll2009-03-12 10:54 . 2003-03-18 16:14	499,712	--a------	c:\windows\System32\MSVCP71.dll2009-03-12 10:54 . 2003-02-21 00:42	348,160	--a------	c:\windows\System32\MSVCR71.dll.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-16 09:43	174	--sha-w	c:\program files\desktop.ini2009-03-16 05:25	---------	d-----w	c:\program files\Windows Mail2009-03-15 17:07	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll2009-03-15 17:06	56,320	----a-w	c:\windows\System32\iesetup.dll2009-03-15 17:06	26,624	----a-w	c:\windows\System32\ieUnatt.exe2009-03-15 17:00	537,600	----a-w	c:\windows\AppPatch\AcLayers.dll2009-03-15 17:00	449,536	----a-w	c:\windows\AppPatch\AcSpecfc.dll2009-03-15 17:00	2,560	----a-w	c:\windows\AppPatch\AcRes.dll2009-03-15 17:00	2,144,256	----a-w	c:\windows\AppPatch\AcGenral.dll2009-03-15 17:00	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll2009-03-15 16:51	9,892,864	----a-w	c:\windows\System32\NlsLexicons000a.dll2009-03-15 16:46	944,184	----a-w	c:\windows\System32\winload.exe2009-03-12 10:41	---------	d-sh--w	c:\programdata\Modelos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Menu Iniciar2009-03-12 10:41	---------	d-sh--w	c:\programdata\Favoritos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Documentos2009-03-12 10:41	---------	d-sh--w	c:\programdata\Dados de aplicativos2009-03-12 10:41	---------	d-sh--w	c:\program files\Common Files\Sistema2009-03-12 10:41	---------	d-sh--w	c:\program files\Arquivos Comuns.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-22 851968]"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoDFSTab"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoDFSTab"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{9192202B-E512-4915-8894-47839A47BE7A}c:\\program files\\cyberscript32\\cyberscript.exe"= UDP:c:\program files\cyberscript32\cyberscript.exe:mIRC"UDP Query User{53F8A778-3CD4-41D9-9724-ABD75F5A866A}c:\\program files\\cyberscript32\\cyberscript.exe"= TCP:c:\program files\cyberscript32\cyberscript.exe:mIRC"{2E52FA86-E2A6-4B50-9E97-FF07B709AA3E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync"{057F7324-9966-4261-82BA-30CE6A0B9512}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"{F8DA640E-19D6-45EF-AE69-22D64EC544FC}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd"{A12F3DC8-1CD9-4542-883D-C30D048E577E}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware AuthdR1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-12 114768]R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-12 20560]R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-12 51792]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-15 1153368]R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [2008-10-28 54960]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2008-02-25 283136]R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [2008-02-21 455032]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2008-02-21 47616]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]S3 vmfilter303;vmfilter303;c:\windows\System32\drivers\vmfilter303.sys [2009-03-12 428160]S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [2008-02-21 95616]S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-02-21 38400]S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-02-21 31360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cf75a42-0ef0-11de-a517-806e6f6e6963}]\shell\AutoRun\command - D:\autorun.bat..------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/LSP: c:\program files\VMware\VMware Player\vsocklib.dllDPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cabFF - ProfilePath - c:\users\Hygor\AppData\Roaming\Mozilla\Firefox\Profiles\4rnt7u25.default\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-19 21:37:25Windows 6.0.6000  NTFSProcurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)??????????@?@???????????????????????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2009-03-19 21:40:18ComboFix-quarantined-files.txt  2009-03-20 00:40:11ComboFix2.txt  2009-03-18 07:02:20Pré-execução: 51,372,802,048 bytes disponíveisPós execução: 51,096,649,728 bytes disponíveis235	--- E O F ---	2009-03-18 06:01:52

 

 

LOG hijackthis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:43:15, on 19/03/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\VM303_STI.EXEC:\Windows\VMSnap3.EXEC:\Windows\Domino.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\VMware\VMware Player\hqtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\mobsync.exeC:\Windows\Explorer.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Hijack\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXEO4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dllO13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe--End of file - 5399 bytes

[Silas Martins 0]

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

D:\autorun.bat

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cf75a42-0ef0-11de-a517-806e6f6e6963}]

\shell\AutoRun\command -D:\autorun.bat

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

Aguardo retorno

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.