[Resolvido!] Analisem meu log,

Slyther · Junho 28, 2008

Bom, eu peguei um vírus "Hidrag.a" que infectou o svchost.exe, usei 2 anti virus o avira e o rising mandei todos arquivos infectados pra quarentena e até mesmo desativei o power manager em services.msc .. mas não tenho certeza se o pc está realmente limpo, se algm puder analisar e falar se estou com o vírus ainda ou não eu agradeço !

Log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 17:08:31, on 28/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Rising\Rav\CCenter.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIVOS DE PROGRAMAS\RISING\RAV\ravmond.exe

C:\ARQUIVOS DE PROGRAMAS\RISING\RAV\RavStub.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\Arquivos de programas\Rising\Rav\RavTask.exe

C:\Arquivos de programas\Rising\Rav\Ravmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\ARCGIS.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKLM\..\Run: [RavTask] "C:\Arquivos de programas\Rising\Rav\RavTask.exe" -system

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3FB63B3-98C8-4BAD-AD29-277CDC246B9E}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CSIScanner - Unknown owner - C:\Arquivos de programas\PrevxCSI\prevxcsi.exe" /service (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Arquivos de programas\Rising\Rav\CCenter.exe

O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\ARQUIVOS DE PROGRAMAS\RISING\RAV\Ravmond.exe

Silas Martins · Junho 29, 2008

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Slyther · Junho 29, 2008

Olá Silas, rodei o combo fix aqui e ta aqui o log:

ComboFix 08-06-20.4 - Paulo 2008-06-29 2:47:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.652 [GMT -3:00]

Executando de: C:\Documents and Settings\Paulo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_POWERMANAGER

-------\Service_PowerManager

((((((((((((((((((((((( Ficheiros criados de 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))

.

2008-06-28 16:30 . 2008-06-28 16:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment

2008-06-28 04:24 . 2008-06-28 04:24 <DIR> d-------- C:\WINDOWS\Sun

2008-06-28 03:46 . 2008-06-28 17:11 <DIR> dr------- C:\RavBin

2008-06-28 03:46 . 2008-06-28 17:12 <DIR> d-------- C:\Arquivos de programas\Rising

2008-06-28 01:50 . 2008-06-29 02:50 <DIR> d-------- C:\Arquivos de programas\Autorun Eater

2008-06-28 01:33 . 2008-06-28 01:33 <DIR> d-------- C:\Arquivos de programas\IObit

2008-06-27 21:51 . 2008-06-28 17:08 <DIR> d-------- C:\HijackThis

2008-06-27 21:23 . 2008-06-27 21:23 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-06-27 21:22 . 2008-06-27 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PrevxCSI

2008-06-24 18:54 . 2008-06-24 18:54 720,896 --a------ C:\WINDOWS\iun6002ev.exe

2008-06-24 18:21 . 2008-06-24 18:21 <DIR> d-------- C:\Arquivos de programas\Creative

2008-06-24 18:21 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-06-24 18:21 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll

2008-06-24 18:04 . 2002-08-08 01:11 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe

2008-06-24 18:00 . 2008-06-25 21:40 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\My Battle for Middle-earth Files

2008-06-24 17:36 . 2008-06-24 17:36 0 --a------ C:\WINDOWS\PowerReg.dat

2008-06-24 16:20 . 2004-08-18 05:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-06-24 05:50 . 2008-06-24 05:53 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\LimeWire

2008-06-24 05:49 . 2008-06-24 05:49 <DIR> d-------- C:\Arquivos de programas\Java

2008-06-24 05:49 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-24 05:48 . 2008-06-24 05:51 <DIR> d-------- C:\Arquivos de programas\eMule

2008-06-24 05:39 . 2008-06-24 05:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-06-24 05:25 . 2008-06-24 05:26 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\Winamp

2008-06-24 05:25 . 2008-06-24 05:26 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-06-24 05:24 . 2008-06-24 05:50 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-06-24 05:15 . 2008-06-24 05:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-06-24 05:14 . 2008-06-24 05:14 <DIR> d-------- C:\Arquivos de programas\Real

2008-06-24 05:14 . 2008-06-24 05:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-06-22 13:11 . 2008-06-22 13:11 45,448 --a------ C:\LAGUNA.DXF

2008-06-21 16:52 . 2008-06-21 16:52 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2008-06-21 13:18 . 2008-06-21 13:27 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\Autodesk

2008-06-21 13:18 . 2008-06-21 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-06-21 12:16 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-21 03:22 . 2008-06-21 03:22 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\Any Video Converter

2008-06-20 23:00 . 2008-06-29 02:49 <DIR> d-------- C:\flexlm

2008-06-20 22:58 . 2008-06-20 22:58 <DIR> d-------- C:\Arquivos de programas\Rainbow Technologies

2008-06-20 22:56 . 2008-06-20 22:56 <DIR> d-------- C:\Arquivos de programas\ESRI

2008-06-20 22:56 . 2002-12-20 11:09 299,073 --a------ C:\WINDOWS\system32\PythonCOM21.dll

2008-06-20 22:56 . 2002-12-20 11:09 65,536 --a------ C:\WINDOWS\system32\PyWinTypes21.dll

2008-06-20 22:55 . 2008-06-20 23:19 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\ESRI

2008-06-20 22:55 . 2001-04-16 18:25 708,669 --a------ C:\WINDOWS\system32\python21.dll

2008-06-20 22:53 . 2008-06-20 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESRI

2008-06-20 22:53 . 2008-06-20 22:53 <DIR> d-------- C:\Arquivos de programas\Leica Geosystems

2008-06-20 22:53 . 2008-06-20 22:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ESRI

2008-06-20 22:50 . 2008-06-20 22:56 <DIR> d-------- C:\Python21

2008-06-20 22:50 . 2008-06-20 22:53 <DIR> d-------- C:\Arquivos de programas\ArcGIS

2008-06-20 15:55 . 2008-06-20 15:56 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\Ventrilo

2008-06-20 15:55 . 2008-06-20 15:55 <DIR> d-------- C:\Arquivos de programas\Ventrilo

2008-06-20 15:55 . 2008-06-20 15:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-20 06:15 . 2008-06-20 06:20 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-06-20 06:15 . 2008-06-21 16:41 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-06-20 06:14 . 2008-06-20 06:14 <DIR> d-------- C:\Arquivos de programas\GameVicio

2008-06-20 06:14 . 2008-06-21 16:41 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-06-20 06:12 . 2008-06-20 06:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-20 05:46 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-06-20 05:46 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-06-20 05:46 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-06-20 05:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2008-06-20 05:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-06-20 05:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-06-20 05:16 . 2008-06-20 05:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SimCity Societies

2008-06-20 05:16 . 2008-06-20 05:16 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-06-20 05:16 . 2008-06-20 05:16 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-06-20 05:13 . 2008-06-20 05:13 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-06-20 05:11 . 2008-06-20 05:11 <DIR> d-------- C:\Arquivos de programas\Microsoft Visual Studio 8

2008-06-20 05:10 . 2008-06-20 05:14 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-20 05:09 . 2008-06-20 05:09 <DIR> dr-h----- C:\MSOCache

2008-06-20 05:09 . 2008-06-20 05:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-20 05:07 . 2008-06-20 05:07 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-06-20 05:00 . 2008-06-20 05:00 <DIR> dr-h----- C:\Documents and Settings\Paulo\Dados de aplicativos\SecuROM

2008-06-20 05:00 . 2008-06-20 05:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-20 04:51 . 2008-06-20 05:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-20 04:21 . 2008-06-20 04:21 <DIR> d-------- C:\WINDOWS\SWAT 4

2008-06-20 04:19 . 2008-06-20 04:19 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-06-20 00:52 . 2008-06-20 01:05 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-06-20 00:52 . 2008-06-20 04:05 67,469 --a------ C:\WINDOWS\War3Unin.dat

2008-06-20 00:52 . 2008-06-20 01:05 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-06-20 00:11 . 2003-07-20 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-06-20 00:11 . 2005-01-04 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-06-20 00:07 . 2008-06-20 00:07 <DIR> d-------- C:\Program Files

2008-06-20 00:05 . 2008-06-20 00:05 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\DAEMON Tools

2008-06-20 00:05 . 2008-06-20 00:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-19 23:56 . 2008-06-19 23:56 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-06-19 23:56 . 2008-06-19 23:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-06-19 23:28 . 2008-06-19 23:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-06-19 23:28 . 2008-04-13 19:20 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-06-19 23:24 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002680_.tmp

2008-06-19 23:16 . 2008-06-19 23:30 <DIR> d-------- C:\WINDOWS\EHome

2008-06-19 23:04 . 2008-06-22 12:24 <DIR> d-------- C:\Documents and Settings\Paulo\Contacts

2008-06-19 23:03 . 2008-06-19 23:03 268 --ah----- C:\sqmdata04.sqm

2008-06-19 23:03 . 2008-06-19 23:03 244 --ah----- C:\sqmnoopt04.sqm

2008-06-19 23:02 . 2008-06-19 23:02 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-19 22:39 . 2008-06-19 22:39 244 --ah----- C:\sqmnoopt03.sqm

2008-06-19 22:39 . 2008-06-19 22:39 232 --ah----- C:\sqmdata03.sqm

2008-06-19 22:34 . 2008-06-19 22:34 <DIR> d---s---- C:\Documents and Settings\Paulo\UserData

2008-06-19 22:32 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2008-06-19 22:32 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2008-06-19 22:32 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-06-19 22:32 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2008-06-19 22:32 . 2008-04-13 19:20 183,808 --a------ C:\WINDOWS\system32\wuaueng1.dll

2008-06-19 22:32 . 2008-04-13 19:21 167,936 --a------ C:\WINDOWS\system32\wuauclt1.exe

2008-06-19 22:32 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

2008-06-19 22:17 . 2008-06-19 22:17 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-06-19 22:17 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-06-19 22:17 . 2008-06-24 05:15 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-06-19 22:17 . 2008-06-24 05:15 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-06-19 22:17 . 2008-06-19 22:17 244 --ah----- C:\sqmnoopt02.sqm

2008-06-19 22:17 . 2008-06-19 22:17 232 --ah----- C:\sqmdata02.sqm

2008-06-19 22:07 . 2008-06-19 22:07 244 --ah----- C:\sqmnoopt01.sqm

2008-06-19 22:07 . 2008-06-19 22:07 232 --ah----- C:\sqmdata01.sqm

2008-06-19 21:56 . 2008-06-19 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-06-19 21:56 . 2008-06-19 21:56 <DIR> d-------- C:\Arquivos de programas\Avira

2008-06-19 21:51 . 2008-06-19 21:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-19 21:38 . 2008-06-20 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-19 21:36 . 2008-06-20 05:07 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-06-19 21:36 . 2008-06-19 21:36 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-06-19 21:36 . 2008-06-19 21:36 268 --ah----- C:\sqmdata00.sqm

2008-06-19 21:36 . 2008-06-19 21:36 244 --ah----- C:\sqmnoopt00.sqm

2008-06-19 21:35 . 2008-06-19 21:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-19 21:35 . 2008-06-20 00:00 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-06-19 21:28 . 2008-06-19 21:28 <DIR> d-------- C:\Arquivos de programas\ATI Technologies

2008-06-19 21:23 . 2008-06-19 21:23 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-06-19 21:23 . 2008-06-19 21:23 <DIR> d-------- C:\WINDOWS\OPTIONS

2008-06-19 21:23 . 2008-06-19 21:23 <DIR> d-------- C:\Documents and Settings\Paulo\Dados de aplicativos\InstallShield

2008-06-19 21:23 . 2008-06-19 21:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 23:52 558,142 ----a-w C:\WINDOWS\java\Packages\GI4KS6EB.ZIP

2008-06-19 23:52 155,995 ----a-w C:\WINDOWS\java\Packages\KQACEVPZ.ZIP

2008-06-19 23:52 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-06-19 23:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-19 23:49 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-04-13 22:21 769,024 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe

2008-04-13 22:21 744,448 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

2008-04-13 22:21 70,144 ----a-w C:\WINDOWS\notepad.exe

2008-04-13 22:21 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-13 22:21 287,744 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-13 22:21 18,432 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe

2008-04-13 22:21 171,520 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

2008-04-13 22:21 151,040 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe

2008-04-13 22:21 150,528 ----a-w C:\WINDOWS\regedit.exe

2008-04-13 22:21 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-13 22:21 1,035,776 ----a-w C:\WINDOWS\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 06:39 486856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:20 15360]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 06:08 16342528 C:\WINDOWS\RTHDCPL.exe]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-06-24 05:15 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"Autorun Eater"="C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe" [2008-03-15 14:10 438773]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 19:20 15360]

C:\Documents and Settings\Paulo\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"E:\\Jogos\\EA GAMES\\The Battle for Middle-earth \\game.dat"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-06-27 21:23]

R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 12:38]

S2 CSIScanner;CSIScanner;"C:\Arquivos de programas\PrevxCSI\prevxcsi.exe" /service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbee08cd-3e3e-11dd-944c-806d6172696f}]

\Shell\AutoRun\command - D:\MafiaLauncher.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 02:50:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\ARCGIS.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-06-29 2:52:50 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-29 05:52:47

Pre-Run: 12,678,033,408 bytes disponíveis

Post-Run: 12,628,160,512 bytes dispon¡veis

231

e o hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 14:24:18, on 29/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\ESRI\License\arcgis9x\ARCGIS.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896