|
|
#1
8 de abril de 2008, 18:17
| |||
| |||
 Infectado com Spyware Eu fui infectado com algum tipo de spyware / adware, tenho seguido alguns dos tópicos destacados aqui que tinha uma coisa semelhante, mas sem sucesso. Adware: Mudou a minha área de trabalho para uma mensagem dizendo "ameaça de spyware foi detectado, clique aqui para fazer uma verificação completa", também ele continua a avançar para cima com uma bolha no canto me dizendo a mesma coisa. Eu tentei baixar e executar um conjunto de programas: SmitFraudFix Combofix ATF-Cleaner CCleaner SpyBotSearch & Destroy Mas nenhum deles parece ter fixado qualquer coisa ... please help!  Anexei um grupo de registos mais recentes. Verde |
|
#2
8 de abril de 2008, 22:49
| |||
| |||
| Infectado com Spyware Bem-vindo ao CJ Greenhorn  Excluir esses arquivos / pastas, como se segue: 1. Ir para Iniciar > Correr > Tipo Notepad.exe e clique em OK para abrir o Bloco de Notas. Ele deve ser Notepad, Wordpad não.
Código: Killall:: Folder:: C: \ WINDOWS \ FLEOK File:: C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ system32 \ wmsdkns.exe 4. Em seguida, clique em Arquivo > Salvar 5. Nome do arquivo CFScript.txt - Salve o arquivo para o seu desktop 6. Em seguida, arraste o CFScript (mantenha o botão esquerdo do mouse ao arrastar o arquivo) e largá-la (liberar o botão esquerdo do mouse) em ComboFix.exe como você vê na imagem abaixo. Importante: Realize estas instruções cuidadosamente!  ComboFix irá começar a executar, basta seguir as instruções na tela. Após o reboot (no caso ele pede para reiniciar), que irá produzir um log para você. Post que log (Combofix.txt) em sua próxima resposta. Nota: Não mouseclick combofix da janela enquanto ele está sendo executado. Isso pode fazer com que seu sistema de congelar ---------- Abrir HijackThis e escolha Faça um sistema de verificação só. Coloque uma marca de verificação ao lado dos seguintes entradas: (se houver)
Sair HijackThis. ---------- Faça o download do ATF Cleaner por Atribune. ATF Cleaner.exe Certifique-se de que todos navegador janelas estão fechadas.
---------- Importante: Desinstalar a versão do HijackThis que você tem. é a versão Beta de idade e nós precisamos de ter a nova versão, bem como renomeá-lo para sniper. Primeiro, vá AQUI e fazer estes passos em ordem. Terceiro Passo -- Malwarebytes' Anti-Malware (MBAM) Passo Quatro -- Atualizando Java Passo Seis -- HijackThis Agora execute o Hijackthis um novo scan e post o log, juntamente com os outros. ---------- Próximo post adicione Combofix log MBAM log NOVA HijackThis log
__________________  |
|
#3
9 abr 2008, 11:51
| |||
| |||
| Infectado com Spyware Hey, obrigado pela calorosa recepção e resposta rápida, também kudos to you for the advice! Segui todas as suas instruções de como você disse, depois de adicionar o script para CoMofix o vírus parecia desaparecer, mas eu segui o resto dos passos para makesure de qualquer maneira. Eu fiz HijackThis! scan, mas os arquivos que você me pediu para apagar já não estavam lá, então eu estou adivinhando o ComboFix tem de se livrou deles. Corri um malware bytes tão bem, e ele encontrou alguns arquivos que eu tinha que apagar. Parece que está tudo bem agora, popups nenhum anúncio mais fundo ou bolha, Anexei os logs conforme solicitado. Teve de comprimir 2 deles porque estavam acima do limite de tamanho do arquivo, compactado com o Winrar depois renomeado como. Zip, espero que está ok. Obrigado novamente Evilfantasy. ComboFix 08-04-08.7 - Ashton 2008-04-09 18:21:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.682 [GMT 1:00] Executando de: C: \ Documents and Settings \ Ashton \ Desktop \ ComboFix.exe Comandos utilizados:: C: \ Documents and Settings \ Ashton \ Desktop \ CFScript.txt * Criado um novo ponto restaurar * Residente AV está activa ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED! FILE:: C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ system32 \ wmsdkns.exe . ((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ assistente 180search C: \ Program Files \ 180search Assistant \ 180sa.exe C: \ Program Files \ assistente 180search \ sau.exe C: \ Program Files \ 180searchassistant C: \ Program Files \ 180searchassistant \ saap.exe C: \ Program Files \ 180searchassistant \ sac.exe C: \ Program Files \ 180solutions C: \ Program Files \ 180solutions \ sais.exe C: \ Program Files \ seekmo C: \ Program Files seekmo \ \ seekmohook.dll C: \ Program Files \ stc C: \ Program Files \ stc \ csv5p070.exe C: \ Program Files \ Sysmnt C: \ Program Files \ Sysmnt \ Ssmgr.exe C: \ Program Files \ zango C: \ Arquivos de programas \ zango \ \ zango.exe C: \ WINDOWS \ 180ax.exe C: \ WINDOWS \ 2020search.dll C: \ WINDOWS \ 2020search2.dll C: \ WINDOWS \ bjam.dll C: \ WINDOWS \ bokja.exe C: \ WINDOWS \ cdsm32.dll C: \ WINDOWS \ default.htm C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ FLEOK C: \ WINDOWS \ FLEOK \ 180ax.exe C: \ WINDOWS \ mspphe.dll C: \ WINDOWS \ mssvr.exe C: \ WINDOWS \ saiemod.dll C: \ WINDOWS \ salm.exe C: \ WINDOWS \ stcloader.exe C: \ WINDOWS \ swin32.dll C: \ WINDOWS \ system32 \ msixu.dll C: \ WINDOWS \ system32 \ wer8274.dll C: \ WINDOWS \ system32 \ wmsdkns.exe C: \ WINDOWS \ TEMP \ salm.exe C: \ WINDOWS \ updatetc.exe C: \ WINDOWS \ voiceip.dll . ((((((((((((((((((((((((( Arquivos criados a partir de 2008/03/09 a 2008/04/09 ))))))))))) )))))))))))))))))))) . 2008-04-09 08:52. 2008-04-09 08:52 d -------- C: \ Program Files \ Sun 2008-04-09 08:36. 2008-04-09 08:36 d -------- C: \ Program Files \ Trend Micro 2008-04-09 08:35. 2008-04-09 08:35 d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-04-09 08:35. 2008-04-09 08:35 d -------- C: \ Documents and Settings \ Ashton \ Application Data \ Malwarebytes 2008-04-09 08:35. 2008-04-09 08:35 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-04-09 08:31. 2008-04-09 08:31 d -------- C: \ Program Files \ \ Authentium 2008-04-09 08:31. 2008/04/09 18:11 53,192 - a ------ C: \ WINDOWS \ system32 \ drivers \ rp_skt32.sys 2008-04-09 08:31. 2007/04/19 11:36 48,384 - a ------ C: \ WINDOWS \ system32 \ drivers \ rp_pkt32.sys 2008-04-09 08:30. 2008-04-09 08:30 d -------- C: \ Program Files \ Raxco 2008-04-09 08:30. 2008-04-09 18:07 d -------- C: \ Program Files \ \ Scanner 2008-04-09 08:30. 2008-04-09 08:30 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Raxco 2008-04-09 08:28. 2008-04-09 08:28 d -------- C: \ Documents and Settings \ Ashton \ Application Data \ InstallShield 2008-04-09 08:25. 2008-04-09 08:30 d -------- C: \ Program Files \ Virgin Broadband 2008-04-09 01:42. 2008-04-09 01:42 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion 2008-04-09 01:14. 2008-04-09 01:14 d -------- C: \ Program Files \ Yahoo! 2008-04-09 01:13. 2008-04-09 01:15 d -------- C: \ Program Files \ CCleaner 2008-04-09 00:43. 2008/04/09 01:52 3,314 - a ------ C: \ WINDOWS \ system32 \ tmp.reg 2008-04-09 00:42. 2007-09-06 00:22 289.144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe 2008-04-09 00:42. 2006-04-27 17:49 288.417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe 2008-04-09 00:42. 2008/03/29 00:19 86,528 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe 2008-04-09 00:42. 2008/04/08 22:44 82,432 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe 2008-04-09 00:42. 2003/06/05 21:13 53,248 - a ------ C: \ WINDOWS \ system32 \ Process.exe 2008-04-09 00:42. 2004/07/31 18:50 51,200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe 2008-04-09 00:42. 2007/10/04 00:36 25,600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe 2008-04-09 00:01. 2008-04-09 00:01 d -------- C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-04-08 23:57. 2008-04-08 23:57 d -------- C: \ Program Files \ Spybot - Search & Destroy 2008-04-08 23:57. 2008-04-09 00:46 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-04-08 23:50. 2008-04-08 23:50 d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ ALM 2008-04-08 23:47. 2008-04-08 23:47 d -------- C: \ Program Files \ Bonjour 2008-04-08 23:29. 2008-04-08 23:29 d -------- C: \ Program Files \ Common Files \ Macrovision Shared 2008-04-08 22:42. 2008-04-08 22:42 d -------- C: \ Program Files \ PowerISO 2008-04-07 01:56. 2008/04/07 01:56 1,110 - a ------ C: \ WINDOWS \ mozver.dat 2008-04-01 22:42. 2008-04-01 22:42 <DIR> d - h ----- C: \ Documents and Settings \ All Users \ Application Data \ (0E8E33D8-193A-414A-A909-0F101A142D26) 2008-04-01 22:38. 2008-04-01 22:38 d -------- C: \ Program Files \ Stardock Jogos 2008-03-28 18:39. 2008-03-28 18:39 d -------- C: \ Documents and Settings \ Ashton \ Application Data \ dvdcss 2008-03-14 07:04. 2008/03/14 07:04 46,652 - a ------ C: \ WINDOWS \ system32 \ drivers \ scdemu.sys 2008-03-13 23:07. 2008-03-13 23:07 d -------- C: \ Program Files \ \ NSV . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 07:54 --------- d ----- w C: \ Program Files \ Java 2008-04-09 07:30 --------- d ----- w C: \ Program Files \ CA 2008-04-09 07:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Virgin Broadband 2008-04-09 07:28 --------- d - h - w C: \ Program Files \ InstallShield Installation Information 2008-04-09 01:58 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ Virgin Broadband 2008-04-08 22:47 --------- d ----- w C: \ Program Files \ \ Adobe 2008-02-26 20:59 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ ATI 2008-02-26 20:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ ATI 2008-02-26 20:50 --------- d ----- w C: \ Program Files \ ATI Technologies 2008-02-26 01:30 --------- d ----- w C: \ Program Files \ Jogos-Masters.com 2008-02-25 09:39 --------- d ----- w C: \ Program Files \ Common Files \ INCA Shared 2008-02-25 09:19 --------- d ----- w C: \ Program Files \ GameTribe 2008-02-24 03:18 --------- d ----- w C: \ Program Files \ Temp.p 2008-02-23 22:31 --------- d ----- w C: \ Program Files \ Common Files \ DirectX 2008-02-23 22:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kontiki 2008-02-23 21:42 --------- d ----- w C: \ Program Files \ OGPlanet 2008-02-22 19:06 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ AdobeUM 2008-02-21 19:33 --------- d ----- w C: \ Program Files \ Three Rings Design 2008-02-20 22:40 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Channel4 2008-02-15 19:17 --------- d ----- w C: \ Program Files \ Winamp 2008-02-15 18:00 --------- d ----- w C: \ Program Files \ Hidden City Games 2008-02-15 16:55 --------- d ----- w C: \ Program Files \ SealOnlineUSA 2008-02-13 21:44 --------- d ----- w C: \ Program Files \ Funcom 2007-12-23 19:41 32 ---- ar C: \ Documents and Settings \ All Users \ hash.dat 2004-02-02 10:31 236.510-c - aw C: \ Documents and Settings \ Ashton \ DIAG.EXE 2004-01-30 18:21 62.480-c - aw C: \ Documents and Settings \ Ashton \ FETODI.COM 2004-01-09 14:28 51.356-c - aw C: \ Documents and Settings \ Ashton \ FETND3.sys 2004-01-09 14:27 53.136-c - aw C: \ Documents and Settings \ Ashton \ FETND4.sys 2004-01-09 14:24 40.960-c - aw C: \ Documents and Settings \ Ashton \ FETND5A.sys 2004-01-09 14:23 42.496-c - aw C: \ Documents and Settings \ Ashton \ FETND5B.sys 2003-11-27 15:01 57.344-c - aw C: \ Documents and Settings \ Ashton \ winsetup.exe 2002-10-09 16:29 147.456-c - aw C: \ Documents and Settings \ Ashton \ NTUTIL.DLL 2002-02-20 11:04 15.552-c - aw C: \ Documents and Settings \ Ashton \ WINNDI.DLL . ((((((((((((((((((((((((((((( Snapshot @ 2008-04-09_ 1.41.00.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-04-08 22:11:46 29,696 ---- aw C: \ WINDOWS \ apphelp32.dll + 2008-04-09 17:08:03 9.472 ---- aw C: \ WINDOWS \ apphelp32.dll - 2008-04-08 22:11:46 14,592 ---- aw C: \ WINDOWS \ asferror32.dll + 2008-04-09 17:08:03 8.448 ---- aw C: \ WINDOWS \ asferror32.dll - 2008-04-08 22:11:46 29,952 ---- aw C: \ WINDOWS \ asycfilt32.dll + 2008-04-09 17:08:03 12.800 ---- aw C: \ WINDOWS \ asycfilt32.dll - 2008-04-08 22:11:46 20,480 ---- aw C: \ WINDOWS \ athprxy32.dll + 2008-04-09 17:08:03 18.432 ---- aw C: \ WINDOWS \ athprxy32.dll - 2008-04-08 22:11:46 17,408 ---- aw C: \ WINDOWS \ ati2dvaa32.dll + 2008-04-09 17:08:03 16.896 ---- aw C: \ WINDOWS \ ati2dvaa32.dll - 2008-04-08 22:11:46 10,752 ---- aw C: \ WINDOWS \ ati2dvag32.dll + 2008-04-09 17:08:03 20.480 ---- aw C: \ WINDOWS \ ati2dvag32.dll - 2008-04-08 22:11:46 22,016 ---- aw C: \ WINDOWS \ audiosrv32.dll + 2008-04-09 17:08:03 10.496 ---- aw C: \ WINDOWS \ audiosrv32.dll - 2008-04-08 22:11:47 22,272 ---- aw C: \ WINDOWS \ autodisc32.dll + 2008-04-09 17:08:03 30.464 ---- aw C: \ WINDOWS \ autodisc32.dll - 2008-04-08 22:11:47 12,288 ---- aw C: \ WINDOWS \ avifile32.dll + 2008-04-09 17:08:04 25.856 ---- aw C: \ WINDOWS \ avifile32.dll - 2008-04-08 22:11:47 27,392 ---- aw C: \ WINDOWS \ avisynthex32.dll + 2008-04-09 17:08:04 23.296 ---- aw C: \ WINDOWS \ avisynthex32.dll - 2008-04-08 22:11:47 23,808 ---- aw C: \ WINDOWS \ aviwrap32.dll + 2008-04-09 17:08:04 11.776 ---- aw C: \ WINDOWS \ aviwrap32.dll - 2008-04-08 22:11:47 17,920 ---- aw C: \ WINDOWS \ browserad.dll + 2008-04-09 17:08:04 18.944 ---- aw C: \ WINDOWS \ browserad.dll - 2008-04-08 22:11:45 31,488 ---- aw C: \ WINDOWS \ changeurl_30.dll + 2008-04-09 17:08:03 29.696 ---- aw C: \ WINDOWS \ changeurl_30.dll - 2007-10-10 15:36:22 10,134 ---- ar C: \ WINDOWS \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:00 10.134 ---- ar C: \ WINDOWS \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:18 26,582 ---- ar C: \ WINDOWS \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe + 2008-04-09 07:30:56 26.582 ---- ar C: \ WINDOWS \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe - 2007-10-10 15:36:46 10,134 ---- ar C: \ WINDOWS \ Installer \ (324D4909-7A7B-45CD-B199-E975DC108249) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:31 10.134 ---- ar C: \ WINDOWS \ Installer \ (324D4909-7A7B-45CD-B199-E975DC108249) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:53 10,134 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:45 10.134 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:53 25,214 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe + 2008-04-09 07:31:45 25.214 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe - 2007-10-10 15:36:52 10,134 ---- ar C: \ WINDOWS \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:43 10.134 ---- ar C: \ WINDOWS \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:59 10,134 ---- ar C: \ WINDOWS \ Installer \ (3C441434-737c-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:50 10.134 ---- ar C: \ WINDOWS \ Installer \ (3C441434-737c-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:00 10,134 ---- ar C: \ WINDOWS \ Installer \ (53C32728-D434-4143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:52 10.134 ---- ar C: \ WINDOWS \ Installer \ (53C32728-D434-4143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:02 10,134 ---- ar C: \ WINDOWS \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:55 10.134 ---- ar C: \ WINDOWS \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:48 10,134 ---- ar C: \ WINDOWS \ Installer \ (6EA0ABC4-172B-48d4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:36 10.134 ---- ar C: \ WINDOWS \ Installer \ (6EA0ABC4-172B-48d4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:50 10,134 ---- ar C: \ WINDOWS \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:42 10.134 ---- ar C: \ WINDOWS \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe - 2007-10-10 15:35:46 10,134 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:07 10.134 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe - 2007-10-10 15:35:46 25,214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe + 2008-04-09 07:30:07 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe - 2007-10-10 15:35:46 25,214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe + 2008-04-09 07:30:07 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4df0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe - 2007-10-10 15:36:49 10,134 ---- ar C: \ WINDOWS \ Installer \ (B5C0FD16-3A5D-40d5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:41 10.134 ---- ar C: \ WINDOWS \ Installer \ (B5C0FD16-3A5D-40d5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:57 10,134 ---- ar C: \ WINDOWS \ Installer \ (C831972C-3834-4d9d-A095-8350B324AC3C) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:47 10.134 ---- ar C: \ WINDOWS \ Installer \ (C831972C-3834-4d9d-A095-8350B324AC3C) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:07 10,134 ---- ar C: \ WINDOWS \ Installer \ (D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:29 10.134 ---- ar C: \ WINDOWS \ Installer \ (D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:11 10,134 ---- ar C: \ WINDOWS \ Installer \ (DD1C392B-226D-42C9-b8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:50 10.134 ---- ar C: \ WINDOWS \ Installer \ (DD1C392B-226D-42C9-b8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:32 10,134 ---- ar C: \ WINDOWS \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:10 10.134 ---- ar C: \ WINDOWS \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:09 10,134 ---- ar C: \ WINDOWS \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:32 10.134 ---- ar C: \ WINDOWS \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:01 10,134 ---- ar C: \ WINDOWS \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:53 10.134 ---- ar C: \ WINDOWS \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe - 1998-10-29 16:45:06 306.688 ---- aw C: \ WINDOWS \ IsUninst.exe + 1998-10-29 15:45:06 306.688 ---- aw C: \ WINDOWS \ IsUninst.exe - 2008-04-08 22:11:49 14,080 ---- aw C: \ WINDOWS \ msa64chk.dll + 2008-04-09 17:08:06 11.776 ---- aw C: \ WINDOWS \ msa64chk.dll - 2008-04-08 22:11:49 26,368 ---- aw C: \ WINDOWS \ msapasrc.dll + 2008-04-09 17:08:06 26.624 ---- aw C: \ WINDOWS \ msapasrc.dll - 2008-04-08 22:11:48 25,344 ---- aw C: \ WINDOWS \ ntnut.exe + 2008-04-09 17:08:05 8.960 ---- aw C: \ WINDOWS \ ntnut.exe - 2008-04-08 22:11:47 18,432 ---- aw C: \ WINDOWS \ shdocpe.dll + 2008-04-09 17:08:05 32.000 ---- aw C: \ WINDOWS \ shdocpe.dll - 2008-04-08 22:11:48 21,504 ---- aw C: \ WINDOWS \ shdocpl.dll + 2008-04-09 17:08:05 27.904 ---- aw C: \ WINDOWS \ shdocpl.dll - 2007-09-24 22:30:28 135,168 ---- aw C: \ WINDOWS \ system32 \ java.exe + 2008-02-22 00:23:35 135.168 ---- aw C: \ WINDOWS \ system32 \ java.exe - 2007-09-24 22:30:30 135,168 ---- aw C: \ WINDOWS \ system32 \ javaw.exe + 2008-02-22 00:23:39 135.168 ---- aw C: \ WINDOWS \ system32 \ javaw.exe - 2007-09-24 23:31:42 139,264 ---- aw C: \ WINDOWS \ system32 \ javaws.exe + 2008-02-22 01:33:32 139.264 ---- aw C: \ WINDOWS \ system32 \ javaws.exe - 2008-04-08 22:11:50 9,984 ---- aw C: \ WINDOWS \ system32 \ MSNSA32.dll + 2008-04-09 17:08:07 14.336 ---- aw C: \ WINDOWS \ system32 \ MSNSA32.dll - 2008-04-08 22:11:48 31,488 ---- aw C: \ WINDOWS \ system32 \ ntnut32.exe + 2008-04-09 17:08:05 28.928 ---- aw C: \ WINDOWS \ system32 \ ntnut32.exe - 2008-04-08 22:11:48 21,760 ---- aw C: \ WINDOWS \ system32 \ shdocpe.dll + 2008-04-09 17:08:05 26.880 ---- aw C: \ WINDOWS \ system32 \ shdocpe.dll - 2008-04-08 22:11:48 19,712 ---- aw C: \ WINDOWS \ system32 \ SIPSPI32.dll + 2008-04-09 17:08:06 30.720 ---- aw C: \ WINDOWS \ system32 \ SIPSPI32.dll - 2008-04-08 22:11:47 12,800 ---- aw C: \ WINDOWS \ winsb.dll + 2008-04-09 17:08:04 18.432 ---- aw C: \ WINDOWS \ winsb.dll - 2007-10-10 15:35:42 1.233.920 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ msxml4.dll + 2008-04-09 07:30:03 1.233.920 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ msxml4.dll - 2007-10-10 15:35:42 82.432 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ Msxml4r.dll + 2008-04-09 07:30:03 82.432 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ Msxml4r.dll . - Snapshot reset à data actual -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * entradas vazias & legit entradas padrão não são mostrados REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run] "MsnMsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352] "SB Audigy 2 Startup Menu" = "/ L: ENG" [] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 08:56 15360] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ RunOnce] "IndexCleaner" = "C: \ Program Files \ Virgin Broadband \ SoundMAX \ IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "DLA" = "C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit" [2004-03-15 01:04 122933] "GrooveMonitor" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ Lib" [2003-08-19 01:01 110592] "Nwiz" = "C: \ Program Files \ Creative \ SBAudigy2 \ Surround Mixer \ NvStartup" [2002-10-29 09:18 49152] "NeroFilterCheck" = "C: \ Program Files \ Creative \ SBAudigy2 \ UpdateService / install" [2002-09-30 01:00 45056] "RTHDCPL" = "RTHDCPL.EXE" [2003-02-20 23:45 28672 C: \ WINDOWS \ system32 \ VTTimer.exe] "AsioReg" = "regsvr32.exe" [2004-08-04 08:56 11776 C: \ WINDOWS \ system32 \ regsvr32.exe] "IgfxTray" = "C: \ WINDOWS \ NeroCheck.exe" [2000-05-11 01:00 90112] "NeroFilterCheck" = "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" [2004-05-25 22:35 335872] "SunJavaUpdateSched" = "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.EXE" [2003-01-27 17:16 376912] "WinampAgent" = "C: \ Program Files \ Winamp \ winampa.exe" [2008-01-15 23:54 37376] "StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006-11-10 13:35 90112] "CTFMON.EXE" = "C: \ Program Files \ PowerISO \ CTFMON.EXE" [2008-03-15 00:50 233472] "workflow" = "D: \ installs \ workflow.exe" [] "Broadbandadvisor.exe" = "C: \ Program Files \ Virgin Broadband \ conselheiro \ Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "SoundMAX" = "C: \ Program Files \ Virgin Broadband \ SoundMAX \ Rps.exe" [2007-09-05 14:10 310000] "FreedomNeedsReboot" = "C: \ Program Files \ Virgin Broadband \ SoundMAX \ ZkRunOnceR.exe" [2007-09-05 14:10 13552] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ RunOnce] "IndexCleaner" = "C: \ Program Files \ Virgin Broadband \ SoundMAX \ IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004-08-04 08:56 15360] C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Startup \ Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2004-12-14 05:44:06 29696] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 09:15:54 65588] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.X264" = x264vfw.dll "msacm.ac3acm" = AC3ACM.acm "msacm.scg726" = scg726.acm "msacm.alf2cd" = alf2cd.acm "vidc.dvsd" = mcdvd_32.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DAEMON Tools] - a ------ 2007-08-29 16:09 171464 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ Sessmgr.exe" = "C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Arquivos de Programas \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ livecall.exe" = "C: \ \ Program Files \ Stardock Jogos \ \ Sins of Solar Empire um \ \ Pecados de um Empire.exe Solar" = "C: \ \ Arquivos de Programas \ \ Bonjour \ \ mDNSResponder.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "15808: TCP" = 15808: TCP: BitComet 15808 TCP "15808: UDP" = 15808: UDP: BitComet 15808 UDP "3724: TCP" = 3724: TCP: Blizzard Downloader: 3724 Iadusb S3; GlobespanVirata USB IAD LAN Modem; C: \ WINDOWS \ system32 \ DRIVERS \ glauiad.sys [2004-07-02 09:20] S3 Radialpoint Serviços de Segurança; Virgin Broadband SoundMAX C: \ WINDOWS \ system32 \ dllhost.exe [2004-08-04 08:56] S3 XDva037; XDva037; C: \ WINDOWS \ system32 \ XDva037.sys [] . Conteúdo da 'Tarefas agendadas' pasta "2008-04-03 19:15:02 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job" - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe . ************************************************** ************************ CatchMe 0.3.1351 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net Rootkit scan 2008-04-09 18:26:36 5/1/2600 Windows Service Pack 2 NTFS digitalizar processos escondidos ... escaneamento automático entradas escondidas ... digitalizar os arquivos ocultos ... varredura foi concluída com êxito ficheiros ocultos: 0 ************************************************** ************************ . ------------------------ Other Running Processes ----------------------- -- . C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Virgin Broadband \ PCguard \ Fws.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ CTsvcCDA.exe C: \ Program Files \ Common Files \ Authentium \ AntiVirus \ dvpapi.exe C: \ Program Files \ CA \ PPRT \ bin \ ITMRTSVC.exe C: \ Program Files \ Raxco \ PerfectDisk \ PDAgent.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ Program Files \ Analog Devices \ SoundMAX \ spkrmon.exe C: \ WINDOWS \ system32 \ Wdfmgr.exe C: \ WINDOWS \ System32 \ Mspmspsv.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE C: \ Program Files \ Raxco \ PerfectDisk \ PDEngine.exe C: \ Program Files \ Virgin Broadband \ conselheiro \ BroadbandadvisorComHandler.exe C: \ Program Files \ Virgin Broadband \ SoundMAX \ rpsupdaterR.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe C: \ Program Files \ MSN Messenger \ usnsvc.exe . ************************************************** ************************ . Tempo para conclusão: 2008-04-09 18:31:56 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-04-09 17:31:47 ComboFix2.txt 2008-04-09 00:59:01 ComboFix3.txt 2008-04-09 00:41:25 Pre-Run: 12340674560 bytes free Post-Run: 12324302848 bytes free . 2008-03-22 04:20:29 --- EOF --- |
|
#4
9 de abril de 2008, 12:02
| |||
| |||
| Infectado com Spyware Looks good. Agora execute o ATF Cleaner novamente para se livrar dos arquivos maliciosos nas pastas temp. Eu coloquei o log Combofix para o cargo. Tenho certeza que você pode ver isso: ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED! Isso é comum e você pode instalar o console de recuperação, se você optar por seguir as instruções AQUI Hora de fazer alguma limpeza e segurança do trabalho que realizaram.
 O procedimento acima irá:
1. Dê um clique duplo OTMoveIt2.exe para lançá-la. Vista usuários botão direito e escolha Executar como Administrador 2. Clique sobre a CleanUp! botão. 3. OTMoveIt2 vai baixar uma lista a partir da Internet, se o seu firewall ou outros programas defensiva alerta, permitem o acesso. 4. Clique SIM na próxima prompt (lista descarregado, você deseja começar a limpeza processo?)
Definir um novo ponto depois da limpeza restaurar o seu sistema permitirá que o seu computador para o roll-back para um estado funcional limpa, se necessário.
Out of date software tem vulnerabilidades de segurança que pode explorar malware.
Veja também Computador lento? Não pode ser Malware gratis limpeza / manutenção ferramentas para ajudar a manter o seu computador executando liso. Deixe-me saber se alguma coisa aparece.
__________________ |
