Nid ajudar! ~ Eu não posso remover este adware / vírus!

jomm43point67 · #1 14 jan 2008, 19:29

Nome: Trojan.Win32.Obfuscated.gx Tipo: Tróia Risco impacto: Extremamente Alto Falsa crítica de erro de sistema de aviso

**evilfantasy** · #2 14 de janeiro de 2008, 21:18

Permite obter uma HJT log.

Download e renomear HijackThis (HJT)

Dê um duplo clique sobre HJTInstall.
Clique sobre a Instalar botão.
Será automaticamente no lugar HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Após a instalação, HijackThis deve abrir para você.
- Fechar HijackThis e renomeá-lo.
- Vá para C: \ Program Files \ Trend Micro \HijackThis.exe
- Clique direito sobre HijackThis.exe e selecione Renomeie.
- Tipo de sniper.exe e pressione Digite.
- Botão direito do mouse ligado sniper.exe e selecione Enviar para > Desktop (criar atalho)
Na área de trabalho aberto HiackThis.
Se utilizar o Windows Vista, certifique-se de Executar como administrador
Clique sobre a Faça um sistema de digitalizar e salvar um arquivo de log botão
HijackThis fará a varredura e, em seguida, será aberto um log no Bloco de Notas.
Copie e cole o log na sua postagem.
- Não HijackThis correção tem nada ainda. A maior parte do que ele encontra serão inofensivos ou mesmo exigido.

Mesmo que temos HijackThis renomeado para sniper, vamos ainda se referem a ele como HijackThis ou HJT.

Próximo post adicione
HijackThis log

jomm43point67 · #3 14 de janeiro de 2008, 23:55

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 2:49:52, em 15/01/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: Baixar todos com Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra context menu item: Baixar selecionados com o Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra context menu item: Baixar com Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Serviços - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Controle) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
Fim do processo - 5867 bytes

**evilfantasy** · #4 15 jan 2008, 00:47

O log não mostra qualquer malware at all.

Executar este e postar o log depois.

Faça o download do Combofix por subcategorias de um dos links abaixo.
(Experimente todos os três, se necessário)

IMPORTANTE - Combofix.exe DEVE ser guardadas até à sua Desktop.

Feche todos os browsers abertos. (Firefox, Internet Explorer, etc)
Fechar / desativar todos os anti virus e anti malware programas para que não interfiram com Combofix. <- IMPORTANTE
- Clique em este link para ver uma lista dos programas que devem ser desativados. Se o seu caso não está listado e você não sabe como desativá-lo, por favor, pergunte.
Dê um clique duplo combofix.exe e siga as instruções.
- A partir do teclado selecione 1 e pressione Digite
Quando terminar, ela irá produzir um log para você.
Post que a log na sua próxima resposta.

Não mouseclick combofix da janela enquanto está a rodar.
O scan irá desativar temporariamente seu desktop.
Se interrompida, pode deixar o seu computador congelado.
Se isto ocorrer, por favor, reinicie para restaurar a área de trabalho.

**evilfantasy** · #5 15 jan 2008, 08:52

Thats não de todo o registo.

Se você precisa de ir para C: \ combofix.txt e postar todo o log.

jomm43point67 · #6 15 jan 2008, 09:47

Citação:

Originally Posted by evilfantasy

Thats não de todo o registo.

Se você precisa de ir para C: combofix.txt e postar todo o log.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Executando de: C: \ Downloads \ Software \ ComboFix.exe
* Criado um novo ponto restaurar
ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
.
((((((((((((((((((((((((( Arquivos criados a partir de 2007/12/16 a 2008/01/16 ))))))))))) ))))))))))))))))))))
.
2008/01/15 22:29. 2000/08/31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 14:46. 2008/01/15 14:46 <dir> d -------- C: \ Program Files \ Trend Micro
2008/01/15 13:35. 2008/01/15 13:36 <dir> d -------- C: \ Program Files \ Common Files \ Adobe
2008/01/15 12:08. 2007/10/10 15:55 6065664 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ieframe.dll
2008/01/15 12:08. 2007/06/30 19:31 2455488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008/01/15 12:08. 2007/06/30 19:36 991,232 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008/01/15 12:08. 2007/10/10 15:55 459,264 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008/01/15 12:08. 2007/10/10 15:55 383,488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008/01/15 12:08. 2007/10/10 15:55 267,776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008/01/15 12:08. 2007/10/10 15:55 63,488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008/01/15 12:08. 2007/10/10 15:55 52,224 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008/01/15 12:08. 2007/10/10 02:59 13,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008/01/15 09:09. 2004/08/03 08:56 221,184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008/01/15 08:13. 2008/01/15 08:13 <dir> d -------- C: \ Arquivos de Programas \ Fraps
2008/01/15 01:15. 2008/01/15 12:49 <dir> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/15 01:15. 2006/09/06 17:43 22,752 - a ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008/01/15 00:59. 2008/01/15 00:59 <dir> d -------- C: \ Program Files \ IObit
2008/01/15 00:55. 2008/01/15 00:55 1167 - a ------ C: \ WINDOWS \ mozver.dat
2008/01/15 00:00. 2008/01/15 00:01 1074 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008/01/14 23:05. 2008/01/14 23:23 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/14 23:04. 2008/01/14 23:04 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/14 22:39. 2008/01/14 23:00 <dir> d -------- C: \ Program Files \ EsetOnlineScanner
2008/01/14 22:31. 2008/01/14 22:31 <dir> d -------- C: \ Downloads
2008/01/13 13:51. 2008/01/13 13:54 <dir> d -------- C: \ Documents and Settings \ Jomel \ Dados de aplicativos \ NCH Swift Sound
2008/01/13 13:51. 2008/01/13 13:52 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ NCH Swift Sound
2008/01/13 13:50. 2008/01/13 17:35 <dir> d -------- C: \ Program Files \ NCH Swift Sound
2008/01/13 08:30. 2008/01/13 08:30 <dir> d -------- C: \ Program Files \ HELP
2008/01/13 08:10. 2008/01/13 08:10 <dir> d -------- C: \ Program Files \ Free Download Manager
2008/01/13 08:10. 2008/01/15 22:29 <dir> d -------- C: \ Documents and Settings \ Jomel \ Dados de aplicativos \ Free Download Manager
2008/01/13 08:10. 2008/01/13 08:10 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FreeDownloadManager.ORG
2008/01/12 20:03. 2008/01/12 20:03 <dir> d -------- C: \ Program Files \ AVI MPEG RM WMV Splitter
2008/01/12 18:38. 2008-01-12 18:39 26 - a ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008/01/08 06:45. 2008/01/14 19:34 <dir> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/01/08 06:44. 2006/05/25 14:52 162,304 - a ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008/01/08 06:44. 2003/02/02 19:06 153,088 - a ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008/01/08 06:44. 2005/08/26 00:50 77,312 - a ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008/01/08 06:44. 2002/03/06 00:00 75,264 - a ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008/01/08 06:44. 2006/06/19 12:01 69,632 - a ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008/01/07 21:59. 2008/01/07 21:59 <dir> d --- s ---- C: \ Documents and Settings \ Jomel \ UserData
2008/01/06 20:56. 2004/08/03 23:08 26,496 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ usbstor.sys
2008/01/05 18:55. 2008/01/05 18:55 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008/01/05 09:16. 2008/01/05 09:16 <dir> d -------- C: \ Program Files \ K-Lite Codec Pack
2008/01/04 16:13. 2008/01/04 16:13 <dir> d -------- C: \ Program Files \ ZillaSoft.ws
2008/01/04 16:13. 2004/02/05 13:53 389,120 - a ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008/01/04 16:13. 2004/01/09 04:54 188,416 - a ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008/01/04 16:12. 2005/08/27 02:38 1435272 - a ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008/01/04 16:12. 2002/03/04 12:27 1140472 - a ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008/01/04 16:12. 2000/05/22 04:00 1066176 - a ------ C: \ WINDOWS \ system32 \ Mscomctl.ocx
2008/01/04 16:12. 2003/11/19 13:59 512,688 - a ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008/01/04 16:12. 2001/07/28 12:50 265,753 - a ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008/01/04 16:12. 2004/03/08 23:00 131,856 - a ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008/01/04 16:12. 2000/07/14 23:00 118,784 - a ------ C: \ WINDOWS \ system32 \ MSSTDFMT.DLL
2008/01/04 16:12. 2000/07/15 05:00 101,888 - a ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008/01/04 16:12. 1999/01/26 19:36 11,012 - a ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007/12/31 20:24. 2007/12/31 20:24 <dir> d -------- C: \ Documents and Settings \ Jomel \ Dados de aplicativos \ Ahead
2007/12/31 17:07. 2007/12/31 17:07 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ Yahoo!
2007/12/31 17:07. 2007/12/31 17:07 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2007/12/30 22:27. 2007/12/30 22:27 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ WebCompiler3
2007/12/30 22:00. 2008-01-15 08:21 49 - a ------ C: \ WINDOWS \ NeroDigital.ini
2007/12/30 21:58. 2007/12/30 21:58 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ FDRLab
2007/12/29 20:21. 2007/12/29 20:21 <dir> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007/12/29 14:40. 2007/12/29 14:40 <dir> d -------- C: \ Documents and Settings \ Jomel \ Incompleta
2007/12/29 14:39. 2008/01/12 19:10 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ LimeWire
2007/12/29 14:39. 2007/09/24 23:31 69,632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007/12/29 14:37. 2007/12/29 14:38 <dir> d -------- C: \ Program Files \ Java
2007/12/29 14:36. 2007/12/29 14:36 <dir> d -------- C: \ Program Files \ Common Files \ Java
2007/12/29 11:25. 2008/01/01 20:43 <dir> d -------- C: \ Program Files \ LimeWire
2007/12/28 23:32. 2007/12/29 21:36 <dir> d -------- C: \ Program Files \ Common Files \ Macromedia
2007/12/28 23:28. 2007/12/29 20:15 <dir> d -------- C: \ WINDOWS \ Downloaded Instalações
2007/12/28 22:36. 2007/12/28 22:36 <dir> d -------- C: \ Program Files \ uTorrent
2007/12/28 22:36. 2008/01/14 22:12 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ uTorrent
2007/12/28 22:13. 2007/12/28 22:13 <dir> d -------- C: \ Program Files \ CCleaner
2007/12/28 19:48. 2007/12/28 19:50 <dir> d -------- C: \ WINDOWS \ nview
2007/12/28 19:48. 2006/10/22 12:22 208,896 - a ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007/12/28 19:48. 2008/01/15 21:49 88,566 - a ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007/12/28 19:48. 2006/10/22 12:22 17,056 - a ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007/12/28 19:47. 2006/10/22 15:06 208,896 - a ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007/12/28 15:05. 2007/12/28 15:11 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2007/12/28 14:55. 2007/12/28 15:03 <dir> d -------- C: \ Program Files \ Yahoo!
2007/12/28 10:39. 2008/01/14 23:05 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ SUPERAntiSpyware.com
2007/12/28 10:39. 2007/12/28 10:39 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2007/12/28 09:13. 2007/12/28 09:13 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ NVIDIA
2007/12/27 21:37. 2008/01/08 11:43 <dir> d -------- C: \ Program Files \ EA SPORTS
2007/12/27 21:05. 2006/09/29 20:42 <dir> d -------- C: \ Program Files \ Support
2007/12/27 21:05. 2006/09/29 20:42 <dir> d -------- C: \ Program Files \ principal
2007/12/27 21:05. 2007/12/29 21:36 <dir> d -------- C: \ Program Files \ Macromedia
2007/12/27 21:05. 2006/09/29 20:42 <dir> d -------- C: \ Program Files \ IE
2007/12/27 21:03. 2006/09/29 20:42 <dir> d -------- C: \ Program Files \ DirectX
2007/12/27 19:59. 2008/01/10 22:39 <dir> d -------- C: \ Documents and Settings \ Jomel \ Application Data \ AVG7
2007/12/27 19:58. 2007/12/27 19:58 <dir> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/27 19:58. 2007/12/27 19:58 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/27 19:58. 2008/01/07 22:53 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ avg7
2007/12/27 19:58. 2007/12/27 19:58 499,712 - a ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007/12/27 19:58. 2007/12/27 19:58 348,160 - a ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007/12/27 18:48. 2007/12/27 18:48 <dir> d -------- C: \ NVIDIA
2007/12/27 18:44. 2004/08/03 23:10 10,880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/27 18:44. 2004/08/03 23:10 10,880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/27 18:44. 2004/08/03 22:58 5504 - a ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/27 18:44. 2004/08/03 22:58 5,504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/27 18:37. 2001/11/22 20:08 712,704 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2007/12/28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007/12/04 10:33 682,496 ---- aw C: \ WINDOWS \ system32 \ divx.dll
2007/11/30 07:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007/11/30 07:28 81,920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007/11/21 18:23 81,920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007/11/07 09:26 721,920 ---- aw C: \ WINDOWS \ system32 \ lsasrv.dll
2007/10/29 22:43 1.287.680 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll
2007/10/28 01:40 227,328 ---- aw C: \ WINDOWS \ system32 \ Wmasf.dll
2007/10/22 11:39 267,272 ---- aw C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007/10/22 11:37 17,928 ---- aw C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007/10/17 17:23 10,752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2001/11/23 04:08 712,704 ---- ar C: \ WINDOWS \ inf \ OTHER \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT; C: \ WINDOWS \ system32 \ SetupNT.sys [2000-10-25 04:27]
* Serviço recém-criado * - PROCEXP90
.
************************************************** ************************
CatchMe 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
5/1/2600 Windows Service Pack 2 NTFS
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
ficheiros ocultos: 0
************************************************** ************************
.
Conclusão time: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 15 de janeiro de 2008, 10:12

Primeiro, vá para este tutorial e instalar o console de recuperação.

----------

Baixar FixIEDef por ShadowPuterDude para o desktop.
Dê um clique duplo FixIEDef.exe
- se estiver executando Vista, clique OK sobre o FixIEDef está sendo executado como administrador popup

ATENÇÃO: FixIEDef irá matar todos os exemplares da Internet Explorer e Explorer que estão em execução, durante a remoção dos arquivos maliciosos. Os ícones do menu Iniciar e no seu Desktop não serão visíveis enquanto FixIEDef está removendo arquivos maliciosos. Isto é necessário para remover partes da infecção que de outro modo não seriam removidos.

FixIEDef vai voltar tudo ao normal, quando tiver terminado o processo de remoção.

Clique Sair uma vez terminados Todos FixIEDef exibe a mensagem.
Fixe o FixIEDef.log para sua próxima mensagem. O registo será em seu desktop.

----------

Execute um novo scan HijackThis e postar o log.

----------

Próximo post adicione
FixIEDef log
Nova HijackThis log

jomm43point67 · #8 15 de janeiro de 2008, 17:21

************************************************** ******************************
* *
* * FixIEDef Log
* Versão 1.0.0.875 *
* *
************************************************** ******************************
Criado em 08:12:02 na quarta-feira, 16 de janeiro de 2008
Sistema Operacional: Windows XP
Nível de Service Pack: Service Pack 2
Sistema Langauge: Inglês
Processador: X86
-------------------------------------------------- ------------------------------
! Os arquivos que foram apagados!
Não ficheiros maliciosos encontrados
-------------------------------------------------- ------------------------------
! Diretórios que foram retirados!
Não malicioso diretórios a ser removido
-------------------------------------------------- ------------------------------
! Registro as entradas que foram removidas!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473A-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntVersion \ DateTime
================================================== ==============================
Todos Feito:)
ShadowPuterDude
Safe Surf!




Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 8:13:36, em 16/01/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ NOTEPAD.EXE
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: Baixar todos com Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra context menu item: Baixar selecionados com o Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra context menu item: Baixar com Free Download Manager -- file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Serviços - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Controle) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
Fim do processo - 5838 bytes

**evilfantasy** · #9 15 de janeiro de 2008, 17:32

Seu Java está desatualizada deixando o sistema vulnerável.
As versões mais antigas do Java malware têm vulnerabilidades que podem usar para infectar seu sistema.

Ir para>> http://java.sun.com/javase/downloads/index.jsp
Sobre a Sun Java página seleccione o download 4. Java Runtime Environment (JRE) 6 Update 4 para instalar a nova versão.
Em seguida vá para Adicionar / Remover Programas e remova todas as versões mais antigas.
Não desinstale Java (JRE) 6 Update 4.
Em seguida, vá para C: \ Program Files \Java e eliminar as antigas pastas.
Certifique-se de manter a jre1.6.0_04

O log parece bem agora.

Como está o computador agora?

jomm43point67 · #10 15 de janeiro de 2008, 23:16

uau! finalmente! i desmantelados 4-adware trojans!

Um grande Obrigado a você senhor!
mais poder!

este site é tão legal! _m /

Similar Threads
Fio	Thread Starter	Fórum	Respostas	Última postagem
Não é possível remover vírus	avz10	Vírus, spyware e Segurança	1	15 de outubro de 2009 09:09
Iexplore.exe Vírus Please Help Me Remover	dmx434343	Vírus, spyware e Segurança	9	1. De março de 2009 12:19
Adware.NetPumper - Spyware / Malware / Virus?	hopthwoks	Vírus, spyware e Segurança	2	9. De fevereiro de 2009 20:37
AVG cant remover vírus	TomIsFat	Vírus, spyware e Segurança	6	30. De dezembro de 2007 16:11