Autorun Problema

Zephiron · #1 13 de fevereiro de 2008, 23:35

Ei,
Estou tendo o mesmo problema que dgethin. Eu estarei postando os logs ComboFix e HJT da manhã.

**evilfantasy** · #2 14 de fevereiro de 2008, 09:53

Por favor use o fio de remoção de malware e não correm qualquer coisa que não seja exigido.
http://www.computer-juice.com/forums...-posting-7476/

Zephiron · #3 16 de fevereiro de 2008, 19:14

Eu tentei todos os softwares no segmento, e não tiveram resultados. Quando eu começar XP, Sygate aparece dizendo:

C: \\ Documents and Settings \\ Alex \\ Configurações locais \\ Temp \\ ir_ext_temp_19 \\ autorun.exe está tentando se conectar a update.ath.cx [85.88.12.29] usando a porta remota 80 [HTTP - World Wide Web]. Você quer permitir que este programa para acessar a rede?

Zephiron · #4 16 de fevereiro de 2008, 19:37

Desconsidere meu post anterior, por enquanto, por favor.
Parece ter parado depois que eu corri SmitfraudFix.exe

**evilfantasy** · #5 17 de fevereiro de 2008, 09:33

Sem logs eu não posso ver o que está acontecendo. Por favor, post um log de Hijackthis.

Zephiron · #6 17 de fevereiro de 2008, 10:40

Never mind, SmitfraudFix.exe não funcionou, mas depois de executar o SDFix, parece ter parado.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:28, on 2/17/2008
Plataforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C: \\ WINDOWS \\ system32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ ati2sgag.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe
C: \\ WINDOWS \\ system32 \\ ACS.exe
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ WINDOWS \\ Explorer.EXE
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
C: \\ Program Files \\ Apoint2K \\ SynTPEnh.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
C: \\ WINDOWS \\ system32 \\ rundll32.exe
C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe
C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE
C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe
C: \\ Arquivos de Programas \\ NOD32 \\ nod32kui.exe
C: \\ Arquivos de programas \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
C: \\ Program Files \\ iTunes \\ iTunesHelper.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe
C: \\ WINDOWS \\ system32 \\ ctfmon.exe
C: \\ WINDOWS \\ system32 \\ RAMASST.exe
C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
C: \\ Program Files \\ Apoint2K \\ Apntex.exe
C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ guard.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
C: \\ Arquivos de Programas \\ NOD32 \\ nod32krn.exe
C: \\ Arquivos de programas \\ \\ bin \\ iPodService.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ wuauclt.exe
C: \\ Program Files \\ Mozilla Thunderbird \\ thunderbird.exe
C: \\ PROGRA ~ 1 \\ MOZILL ~ 1 \\ FIREFOX.EXE
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ Sniper.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \\ PROGRA ~ 1 \\ SPYBOT ~ 1 \\ SDHelper.dll
O2 - BHO: - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \\ .. \\ Run: [NeroFilterCheck] C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
O4 - HKLM \\ .. \\ Run: [Apoint] C: \\ Program Files \\ Apoint2K \\ SynTPEnh.exe
O4 - HKLM \\ .. \\ Run: [CeEPOWER] C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
O4 - HKLM \\ .. \\ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SmcService] C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe-startgui
O4 - HKLM \\ .. \\ Run: [\\ \\ PAIS \\ EPSON Stylus CX4800 Series] C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P36 "\\ \\ PAIS \\ EPSON Stylus CX4800 Series" / O6 "USB001" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 Series em pais] C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P42 "Auto EPSON Stylus CX4800 Series em pais" / O17 " \\ \\ PAIS \\ Impressora "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [Auto EPSON Stylus CX4800 Series em pais (cópia 1)] C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.EXE / P51 "Auto EPSON Stylus CX4800 Series em pais (cópia 1) "/ O15" \\ \\ PAIS \\ EPSON "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [nod32kui] "C: \\ Arquivos de Programas \\ NOD32 \\ nod32kui.exe" / WAITSERVICE
O4 - HKLM \\ .. \\ Run: [(0228e555-4f9c-4e35-a3ec-b109a192b4c2)] C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe
O4 - HKLM \\ .. \\ Run: [SansaDispatch] C: \\ Arquivos de programas \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ qttask.exe atboottime"
O4 - HKLM \\ .. \\ Run: [iTunesHelper] "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe"
O4 - HKLM \\ .. \\ Run: [AVG Anti-Spyware] "C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe" / minimized
O4 - HKLM \\ .. \\ Run: [CTFMON.EXE] C: \\ WINDOWS \\ system32 \\ ctfmon.exe
O4 - Startup: Last.fm Helper.lnk = C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
O4 - Global Startup: RAMASST.lnk = C: \\ WINDOWS \\ system32 \\ RAMASST.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra 'Tools': Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ SPYBOT ~ 1 \\ SDHelper.dll
O9 - Extra 'Tools': Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ SPYBOT ~ 1 \\ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools': @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O9 - Extra 'Tools': Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ Skype \\ SKYPE4 ~ 1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Program Files \\ Lavasoft \\ Ad-Aware 2007 \\ spoolsv.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \\ WINDOWS \\ system32 \\ ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \\ WINDOWS \\ system32 \\ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC - C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
O23 - Service: EPSON V3 Service2 (03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
O23 - Service: iPod - Apple Inc. - C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \\ Arquivos de Programas \\ NOD32 \\ nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe

--
End of file - 6838 bytes

**evilfantasy** · #7 17 de fevereiro de 2008, 11:52

Abra o Hijackthis e escolha Fazer uma verificação do sistema só.

Coloque uma marca de verificação junto ao seguinte: (se houver)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Importante: Feche todas as janelas, exceto para o HijackThis e clique em Fix checked.

Sair do HijackThis.

----------

Por favor, o download seja efetuado por sUBs de um dos links abaixo.
(Tente todos os três, se necessário)

Importante! ComboFix.exe DEVE ser salvos e correu do Desktop.

Feche qualquer aberto browsers. (Firefox, Internet Explorer, etc) antes de iniciar o ComboFix.
Importante! Temporariamente desabilitar seu antivirus, bloqueio de scripts e qualquer antispyware proteção em tempo real antes efetuando uma varredura.
- Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.
- Se o seu caso não está listado e você não sabe como desativá-lo, por favor, pergunte.
Atenção: Combofix desconecta o computador da internet. A conexão é automaticamente restaurado antes Combofix completa a sua execução.
Double ComboFix.exe, clique e siga as instruções.
- A partir do teclado selecione 1 e pressione Enter
Ao terminar, ele irá produzir um log para você.
Post esse log na sua próxima resposta.

Atenção: Janela Do ComboFix não clique de mouse, enquanto ele estiver sendo executado. Isso pode causar-lhe a tenda

Se Combofix é executado em dificuldade e termina prematuramente, a conexão pode ser restaurada manualmente ao reiniciar o computador.
Importante: Lembre-se de reativar o seu antivírus e antispyware antes de reconectar à Internet.

----------

Por favor, vá para C: \\ SDFix e pós o Report.txt Volte aqui, juntamente com o Log Combofix.

Zephiron · #8 17 de fevereiro de 2008, 13:38

ComboFix 08-02-17.2 - Alex 2008-02-17 15:33:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.984 [GMT -5:00]
Executando de: C: \\ Documents and Settings \\ Alex \\ Desktop \\ ComboFix.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((( Files Created from 2008/01/17 a 2008/02/17 ))))))))))) ))))))))))))))))))))
.

2008-02-16 22:53. 2008-02-16 22:53 d -------- C: \\ WINDOWS \\ ERUNT
2008-02-16 21:19. 2008-02-16 21:25 4.706 - a ------ C: \\ WINDOWS \\ system32 \\ tmp.reg
2008-02-14 21:38. 2008-02-14 21:38 d -------- C: \\ Program Files \\ Shareaza
2008-02-14 21:38. 2008-02-14 21:38 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ Shareaza
2008-02-14 18:39. 2008-02-14 18:39 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Grisoft
2008-02-14 18:39. 2008-02-14 18:39 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ Grisoft
2008-02-14 18:39. 2007/05/30 07:10 10,872 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ AvgAsCln.sys
2008-02-14 18:38. 2008-02-14 18:39 d -------- C: \\ Documents and Settings \\ Alex \\. SunDownloadManager
2008-02-14 18:00. 2008-02-14 18:00 d -------- C: \\ Program Files \\ Lavasoft
2008-02-14 18:00. 2008-02-14 18:01 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Lavasoft
2008-02-14 17:08. 2008-02-14 17:08 d -------- C: \\ Program Files \\ Trend Micro
2008-02-14 17:00. 2008-02-14 17:00 d -------- C: \\ Program Files \\ VS Revo Group
2008-02-14 16:26. 2008-02-14 16:26 d -------- C: \\ Program Files \\ CCleaner
2008-02-14 01:27. 2008-02-14 01:27 d -------- C: \\ Documents and Settings \\ Alex \\ DoctorWeb
2008-02-12 01:17. 2007/11/05 16:34 15,760 - a ------ C: \\ WINDOWS \\ system32 \\ iviaspi.sys
2008-02-12 00:58. 2008-02-14 16:23 d -------- C: \\ Arquivos de programas \\ Any Video Converter
2008-02-12 00:58. 2008-02-14 16:23 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ Any Video Converter
2008-02-12 00:44. 2008-02-14 16:24 d -------- C: \\ Documents and Settings \\ All Users \\ Dados de aplicativos \\ River Past G5
2008-02-12 00:44. 2008-02-14 16:24 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ River Past G5
2008-02-12 00:34. 2008-02-12 00:34 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ ArcSoft
2008-02-12 00:16. 2008-02-14 16:24 d -------- C: \\ Program Files \\ NCH Software
2008-02-12 00:16. 2008-02-12 00:16 d -------- C: \\ Documents and Settings \\ All Users \\ Dados de aplicativos \\ NCH Software
2008-02-11 23:21. 2008-02-11 23:21 d -------- C: \\ Program Files \\ iPod
2008-02-11 23:21. 2008-02-17 15:18 54.156 - ah ----- C: \\ WINDOWS \\ QTFont.qfn
2008-02-11 23:21. 2008-02-11 23:21 1.409 - a ------ C: \\ WINDOWS \\ QTFont.for
2008-02-11 23:20. 2008-02-11 23:21 d -------- C: \\ Program Files \\ iTunes
2008-02-11 23:18. 2008-02-11 23:19 d -------- C: \\ Program Files \\ QuickTime
2008-02-08 19:38. 2008-02-08 19:38 d -------- C: \\ Program Files \\ Mp3tag
2008-02-08 19:38. 2008-02-08 19:48 d -------- C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ Mp3tag
2008-02-05 07:30. 2008/02/05 23:28 23,392 - a ------ C: \\ WINDOWS \\ system32 \\ nscompat.tlb
2008-02-05 07:30. 2008/02/05 23:28 16,832 - a ------ C: \\ WINDOWS \\ system32 \\ amcompat.tlb
2008-02-05 00:40. 2008-02-05 23:34 d -------- C: \\ bin
2008-02-04 18:48. 2008-02-04 18:48 870.128 - a ------ C: \\ WINDOWS \\ system32 \\ mcs.rma
2008-02-04 18:48. 2008-02-04 18:48 4 - a ------ C: \\ WINDOWS \\ system32 \\ C3F1F0
2008-02-04 18:46. 2008-02-04 18:46 d -------- C: \\ Program Files \\ Common Files \\ Real
2008-02-04 18:46. 2008-02-04 18:46 8.413 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mcstrm.sys
2008-02-04 18:45. 2008-02-04 18:45 d -------- C: \\ Program Files \\ Real
2008-02-04 18:11. 2008-02-12 01:16 d -------- C: \\ Program Files \\ SanDisk
2008-02-04 17:47. 2004-08-03 18:56 221.184 - a ------ C: \\ WINDOWS \\ system32 \\ wmpns.dll
2008-02-04 17:39. 2008-02-05 23:32 d -------- C: \\ WINDOWS \\ system32 \\ drivers \\ UMDF
2008-02-01 14:42. 2008-02-01 14:40 691.545 - a ------ C: \\ WINDOWS \\ unins000.exe
2008-02-01 14:42. 2008-02-01 14:42 3.440 - a ------ C: \\ WINDOWS \\ unins000.dat
2008-01-31 23:13. 2008/01/31 23:13 90,112 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTimeVR.qtx
2008-01-31 23:13. 2008/01/31 23:13 57,344 - a ------ C: \\ WINDOWS \\ system32 \\ QuickTime.qts
2008-01-26 20:11. 2008-02-16 16:49 d -------- C: \\ Program Files \\ Steam
2008-01-25 17:25. 2008-01-28 20:17 d -------- C: \\ Program Files \\ \\ Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:46 --------- d ----- w C: \\ Program Files \\ Mozilla Thunderbird
2008-02-17 04:53 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos. Roxo
2008-02-15 03:05 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ LimeWire
2008-02-14 22:59 --------- d ----- w C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-02-12 06:16 --------- d - h - w C: \\ Program Files \\ InstallShield Installation Information
2008-02-12 04:20 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Apple Computer
2008-02-11 12:37 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos openoffice.org2
2008-02-09 00:12 --------- d ----- w C: \\ Arquivos de Programas \\ NOD32
2008-02-06 04:17 --------- d ----- w C: \\ Program Files \\ Windows Media Connect 2
2008-02-04 22:55 --------- d ----- w C: \\ Program Files \\ Last.fm
2008-02-01 19:44 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Spybot - Search & Destroy
2008-02-01 19:43 --------- d ----- w C: \\ Program Files \\ Spybot - Search & Destroy
2008-02-01 01:29 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ gtk-2.0
2008-01-19 02:24 --------- d ----- w C: \\ Program Files \\ DivX
2008-01-07 00:47 --------- d ----- w C: \\ Program Files \\ NCSoft
2008-01-07 00:45 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ InstallShield
2007-12-26 19:43 --------- d ----- w C: \\ Program Files \\ Guitar Pro 5
2007/12/26 19:02 715,248 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ sptd.sys
2007-12-25 04:58 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Dados de aplicativos \\ Apple Computer
2007-12-25 04:56 --------- d ----- w C: \\ Program Files \\ Common Files \\ Apple
2007/12/18 09:51 179,584 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ Mrxdav.sys
2007/12/14 16:32 12,632 ---- aw C: \\ WINDOWS \\ system32 \\ lsdelete.exe
2007/12/07 02:21 824,832 ---- aw C: \\ WINDOWS \\ system32 \\ wininet.dll
2007/12/04 18:38 550,912 ---- aw C: \\ WINDOWS \\ system32 \\ oleaut32.dll
2007/11/29 22:30 200,704 ---- aw C: \\ WINDOWS \\ system32 \\ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \\ WINDOWS \\ system32 \\ libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legítimas por defeito não são mostradas
REGEDIT4

[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ ctfmon.exe" [2004-08-03 18:56 15360]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"NeroFilterCheck" = "C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe" [2004-04-21 20:10 335872]
"Apoint" = "C: \\ Program Files \\ Apoint2K \\ SynTPEnh.exe" [2003-10-30 15:46 192512]
"CeEPOWER" = "C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe" [2004-05-20 09:21 135168]
"BluetoothAuthenticationAgent" = "bthprops.cpl" [2004-08-03 23:56 110592 C: \\ WINDOWS \\ system32 \\ bthprops.cpl]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2007-10-10 19:51 39792]
"SmcService" = "C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe" [2004-10-15 18:40 2577632]
"\\ \\ PAIS \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"Auto EPSON Stylus CX4800 Series em pais" = "C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe" [2007-09-25 00:11 132496]
"Auto EPSON Stylus CX4800 Series em pais (cópia 1)" = "C: \\ WINDOWS \\ system32 \\ spool \\ DRIVERS \\ W32X86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"nod32kui" = "C: \\ Arquivos de Programas \\ NOD32 \\ nod32kui.exe" [2007-09-22 19:28 949376]
"(0228e555-4f9c-4e35-a3ec-b109a192b4c2)" = "C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe" [2005-07-15 16:48 479232]
"SansaDispatch" = "C: \\ Arquivos de programas \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper" = "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe" [2008-02-04 14:18 267048]
"! AVG Anti-Spyware" = "C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7.5 \\ avgas.exe" [2007-06-11 04:25 6731312]

C: \\ Documents and Settings \\ Alex \\ Start Menu \\ Programs \\ Startup \\
Last.fm Helper.lnk - C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe [2007-11-23 20:41:24 106496]

C: \\ Documents and Settings \\ All Users \\ Menu Iniciar \\ Programas \\ Startup \\
RAMASST.lnk - C: \\ WINDOWS \\ system32 \\ RAMASST.exe [2007-05-17 19:28:25 155648]

[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg iTunesHelper \\]
- a ------ 2008-02-04 14:18 267048 C: \\ Program Files \\ iTunes \\ iTunesHelper.exe

R1 ECioctl; ECioctl C: \\ WINDOWS \\ system32 \\ Drivers \\ ECioctl.sys [2004-05-06 12:40]

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-02-12 04:12:01 C: \\ WINDOWS \\ Tasks \\ AppleSoftwareUpdate.job"
- C: \\ Program Files \\ Apple Software Update \\ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:36:26
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

scanning hidden autostart entries ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
ficheiros ocultos: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"\\ \\ \\ \\ PAIS \\ \\ EPSON Stylus CX4800 Series" = "C: \\ WINDOWS \\ \\ system32 \\ \\ spool \\ \\ DRIVERS \\ \\ W32X86 \\ \\ 3 \\ E_FATIADA.EXE \\ / P36 \\" \\ \\ \\ \\ PAIS \\ \\ EPSON Stylus CX4800 Series \\ "/ O6 \\" USB001 \\ "/ M \\" Stylus CX4800 \\ ""
.
Tempo para conclusão: 2008-02-17 15:37:28
ComboFix-quarantined-files.txt 2008-02-17 20:37:03
ComboFix2.txt 2008-02-01 18:40:13
.
2008-02-12 22:03:35 --- EOF ---

SDFix: Version 1,143

Corre por Alex em Sábado 02/16/2008 at 10:55

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \\ DOCUME ~ 1 \\ Alex \\ Desktop \\ SDFix

Verificando Serviços:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Reiniciando ...

Verificação de Arquivos:

No Trojan Files Found

Removendo arquivos temporários ...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:03:09
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

scanning hidden services & ramo de sistema ...

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 ab um, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"p0" = "C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\"
"h0" = dword: 00000000
"ujdew" = hex: 71,01,87,6 a, a3, bf, ad, ca, 49,9 b, dc, e8, d8, 47, a7, 01, fa, 07,8 f, 86,2 d, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 ab um, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ Cfg]
"s1" = dword: 6f80447f
"s2" = dword: a6a05479
"h0" = dword: 00000001

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"h0" = dword: 00000000
"ujdew" = hex: 91, b0, 10,47,0 b, 98,1 b, ef, 71, b1, DC, 9f, 73, d5, 38, e7, d8, B4, 7b, ce, cc, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4 ab um, 4e, cb, 87, db, 38,85, b9, 06,40, ec, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: f3, 31,90,9 f, 77,92,3 a, 67, C8, C7, 14, dc, 15,5 d, 94, f8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"h0" = dword: 00000000
"ujdew" = hex: 91, b0, 10,47,0 b, 98,1 b, ef, 71, b1, DC, 9f, 73, d5, 38, e7, d8, B4, 7b, ce, cc, ..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Reinstall \\ \\% xe3 \\ xce \\ 21 \\ xbf \\ xc1 \\ b]
"DisplayName" = ""
"DeviceDesc" = ""
"ProviderName" = ""
"Mfg" = "\\ x435c \\ x6e6f \\ x7274 \\ x6c6f \\ x435c \\ x616c \\ x7373 \\ x745c \\ 2"
"ReinstallString" = "C: \\ WINDOWS \\ system32 \\ ReinstallBackups \\ \\ xe325 \\ x11ce xc1bf \\ \\ b \\ driverfiles \\ \\ x49c8 \\ 23 \\ x5a00 \\ x7c91 \\ x48b4 \\ 23 \\ x4a54 \\ 23 \\ 1.inf"
"DeviceInstanceIds" = str (7): "\\ \\ temp wzse0.tmp \\ SMBus \\ smbusati.inf"
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ WindowsUpdate \\ Auto Update]
"ScheduledInstallDate" = "2008-02-15 22:00:00"

Procurando ficheiros ocultos ...

Varredura completada com sucesso
processos ocultos: 0
serviços ocultos: 0
ficheiros ocultos: 0

Restantes serviços:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \\ system \\ currentcontrolset \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ StandardProfile \\ AuthorizedApplications \\ list]
"C: \\ Program Files \\ \\ iTunes \\ \\ iTunes.exe" = "C: \\ Program Files \\ \\ iTunes \\ iTunes.exe \\: *: Enabled: iTunes"

[HKEY_LOCAL_MACHINE \\ system \\ currentcontrolset \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ DomainProfile \\ AuthorizedApplications \\ list]

Arquivos restantes:

Files with Hidden Attributes:

Thu 6 Set 2007 4 A. SHR --- "C: \\ WINOS.SYS"
Seg 28 Jan 2008 1.404.240 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SDUpdate.exe"
Seg 28 Jan 2008 5.146.448 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SpybotSD.exe"
Seg 28 Jan 2008 2.097.488 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ TeaTimer.exe"
Tue 5 de fevereiro de 2008 0 A.SH. --- "C: \\ Documents and Settings \\ All Users \\ DRM \\ Cache \\ Indiv01.tmp"
Sex 1 Fev 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT1B.tmp"
Qua 23 Jan 2008 0 A.. H. --- "C: \\ WINDOWS \\ SoftwareDistribution \\ Download \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT23.tmp"

Finished!

**evilfantasy** · #9 17 de fevereiro de 2008, 14:05

SDFix não remover qualquer coisa mas não restaurar o Windows Default Hosts File modo que poderia ter sido a origem do problema.

Não vejo qualquer malware nos logs.

Você vai querer abrir o Spybot e atualizá-lo e executar a imunização.

Tempo para fazer alguma limpeza e garantir o trabalho que tem feito a este ponto.

Clique INÍCIO então RUN
Agora digite ComboFix / u no Runbox
Certifique-se que há um espaço entre Combofix e / u
Then hit Enter.

O procedimento acima será:

Excluir:
- ComboFix e seu associado arquivos e pastas.
- Backups VundoFix, se presente
- A pasta C: \\ Deckard, se presente
- A pasta C: _OtMoveIt, se presente
Repor as definições do relógio.
Ocultar as extensões, se necessário.
Ocultar System / arquivos ocultos, se necessário.
Definir um novo, limpo ponto de restauração.

Download OTMoveIt2 por Oldtimer OTMoveIt2.exe e colocá-lo em seu desktop. (a menos que você já tem)

1. Dê um clique duplo OTMoveIt2.exe para iniciá-lo.
2. Clique no CleanUp! botão.
3. OTMoveIt2 vai baixar uma lista a partir da Internet, se o seu firewall ou outros programas de defesa alerta, permitem o acesso.
4. Clique SIM no prompt seguinte lista (baixado, Você quer começar o processo de limpeza?)

Quando terminar saia do OTMoveIt2

Saída Mantendo-se seguro na web para dicas e ferramentas grátis para mantê-lo seguro no futuro.

Veja também Computador lento? Não pode ser Malware limpeza livre / ferramentas de manutenção para ajudar a manter o bom funcionamento do seu computador.

Zephiron · #10 17 de fevereiro de 2008, 14:26

Ok, feito. Obrigado por toda a ajuda!

Tópicos Similares
Fio	Thread Starter	Fórum	Respostas	Last Post
Autorun Malware?	sungod000	Vírus, spyware e Segurança	5	23 de junho de 2009 12:14
Panda USB e AutoRun Vacina 1.0.0.19 Beta	evilfantasy	Vírus, spyware e Segurança	0	7 de março de 2009 12:47
Autorun CD	severntales	Drives & mídia removível	2	13 de dezembro de 2008 00:28
Sygate Personal Firewall (Autorun Problema)	dgethin	Vírus, spyware e Segurança	16	7 de janeiro de 2008 14:09
CD's não autorun / autostart	rigisme	Drives & mídia removível	11	18 de dezembro de 2007 14:37