|
|
#1
21 de janeiro de 2008, 20:16
| |||
| |||
 Problema grave Adware Tenho um grave problema. Ive tem algum tipo de adware no meu computador. Quando Im surf, ou simplesmente ter o meu navegador aberto, um pop-up vai aparecer cada 2-3 minutos. Ive tentou usar AVG Anti-Virus, AVG Anti-Spyware, CounterSpy, e Bazooka Scanner. Todos eles encontraram toneladas de coisas, eu consegui livrar de todos eles, i digitalizados novamente, tudo desapareceu. Exceto por um pequeno número bastante TrackingCookies, mas que não deveria contribuir para o adware problema. Estes são suppost a ser os melhores programas. Todas as sugestões para o que eu preciso para usar ou o que devo fazer? |
|
#2
21 de janeiro de 2008, 20:34
| |||
| |||
| Problema grave Adware Permite ter um olhar mais atento. Download e renomear HijackThis (HJT)
__________________  |
|
#3
21 de janeiro de 2008, 20:50
| |||
| |||
| Problema grave Adware Logfile da Trend Micro HijackThis v2.0.2 Scan guardado em 10:50:07, em 1/21/2008 Plataforma: Windows XP SP2 (WinNT 5/01/2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Executando processos: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Slysoft \ CloneCD \ CloneCDTray.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ DAEMON Tools \ daemon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O4 - HKLM \ .. \ Run: [engenheiro de gravação de som] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [CloneCDTray] "C: \ Program Files \ Slysoft \ CloneCD \ CloneCDTray.exe" / s O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe" / minimizada O4 - HKLM \ .. \ Run: [LXCFCATS] rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCFtim e.dll, _RunDLLEntry @ 16 O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Program Files \ DAEMON Tools \ daemon.exe"-lang 1033 O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe O9 - Extra button: Yahoo! Serviços - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: ShopperReports - Compare os preços dos produtos - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (arquivo ausente) O9 - Extra button: ShopperReports - Compare travel rates - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (arquivo ausente) O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll O16 - DPF: (39B0684F-D7BF-4743-B050-FDC3F48F7E3B) -- http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: (67A5F8DC-1A4B-4D66-9F24-A704AD929EEE) (System Requirements Lab) -- http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: (9BDF4724-10AA-43D5-BD15-AEA0D2287303) (MSN Games - Texas Holdem Poker) -- http://zone.msn.com/bingame/zpagames...e.cab60231.cab O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe -- Fim do processo - 7993 bytes |
|
#4
21 de janeiro de 2008, 20:59
| |||
| |||
| Problema grave Adware Isso não revelar muito, teremos de fazer mais alguns scans profundo. Algumas entradas vazias para fixar com HJT reais rápido. Abrir HijackThis e escolha Faça um sistema de verificação só. Coloque uma marca de verificação junto aos seguintes entradas: O9 - Extra button: ShopperReports - Compare os preços dos produtos - (C5428486-50A0-4a02-9D20-520B59A9F9B2) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (arquivo ausente) O9 - Extra button: ShopperReports - Compare travel rates - (C5428486-50A0-4a02-9D20-520B59A9F9B3) - C: \ Program Files \ ShoppingReport \ Bin \ 2.0.26 \ ShoppingReport.dll (arquivo ausente) Feche todas as janelas excepto no HijackThis e clique em Fix controlados. Sair HijackThis. --------- Baixar CCleaner
Baixar SUPERAntiSpyware Free Edition (SAS)
Próximo post adicione SUPERAntiSpyware log
__________________ |
|
#5
21 de janeiro de 2008, 22:20
| |||
| |||
| Problema grave Adware ok eu finalmente tenho-o feito, mas .... pop ainda aqui, mesmo assim veja o log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Produzido em 01/22/2008 às 00:10 Aplicação Versão: 3/9/1008 Core Rules Database Version: 3385 Trace Rules Database Version: 1379 Scan type: Complete Scan Total Scan Time: 00:48:33 Memória itens digitalizados: 556 Memória ameaças detectadas: 0 Secretaria itens digitalizados: 4213 Secretaria ameaças detectadas: 0 Arquivo itens digitalizados: 39567 Arquivo ameaças detectadas: 8 Adware.Tracking Cookie C: \ Documents and Settings \ Richard \ Cookies \ richard@login.revenueloop [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@publishers.clickb ooth [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ DoubleClick [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.pointroll [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [2]. Txt C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt RootKit.TnCore / Trace C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk |
|
#6
21 de janeiro de 2008, 22:23
| |||
| |||
| Problema grave Adware Este scan irá demorar cerca de 5 a 10 minutos. Faça o download do Combofix por subcategorias de um dos links abaixo. (Experimente todos os três, se necessário)IMPORTANTE - Combofix.exe DEVE ser guardadas até à sua Desktop.
O scan irá desativar temporariamente seu desktop. Se interrompida, pode deixar o seu computador congelado. Se isto ocorrer, por favor, reinicie para restaurar a área de trabalho. Próximo post Combofix log
__________________ |
|
#7
21. De janeiro de 2008, 22:48
| |||
| |||
| Problema grave Adware ok fiz isso. ive mas ainda tem popups :-( Heres o log: ComboFix 08-01-21.3 - Richard 2008-01-22 0:30:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.628 [GMT -5:00] Executando de: C: \ Documents and Settings \ Ricardo \ Desktop \ ComboFix.exe * Criado um novo ponto restaurar ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED! . ((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ temp \ tn3 C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk. . . . não conseguiu apagar . ((((((((((((((((((((((((( Arquivos criados a partir de 2007/12/22 a 2008/01/22 ))))))))))) )))))))))))))))))))) . 2008/01/22 00:36. 2008/01/22 00:36 167,545 --------- C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk 2008/01/22 00:34. 2008/01/22 00:34 <dir> d -------- C: \ Temp \ tn3 2008/01/22 00:29. 2000/08/31 08:00 51,200 - a ------ C: \ WINDOWS \ Nircmd.exe 2008/01/21 23:10. 2008/01/21 23:10 <dir> d -------- C: \ Program Files \ CCleaner 2008/01/21 22:47. 2008/01/21 22:47 <dir> d -------- C: \ Program Files \ Trend Micro 2008/01/21 22:21. 2008/01/22 00:16 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware 2008/01/21 02:10. 2008/01/21 02:10 <dir> d -------- C: \ Program Files \ Lavasoft 2008/01/21 02:09. 2008/01/21 22:20 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008/01/20 22:04. 2008/01/20 22:04 <dir> d -------- C: \ Program Files \ Bazooka Scanner 2008/01/20 17:41. 2007/05/30 07:10 10,872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys 2008/01/20 16:39. 2008/01/20 16:39 86,144 - a ------ C: \ WINDOWS \ system32 \ drivers \ ALCXWDMM.sys 2008/01/12 16:25. 2008/01/12 16:25 <dir> d -------- C: \ Program Files \ Electronic Arts 2008/01/12 15:11. 2005/06/24 16:24 438,272-ra ------ C: \ WINDOWS \ system32 \ vp6vfw.dll 2008/01/12 15:11. 2004/12/10 09:06 327,680 - a ------ C: \ WINDOWS \ system32 \ vp6dec.ax 2008/01/12 15:06. 2008/01/12 15:20 <dir> d - h ----- C: \ WINDOWS \ Msdownld.tmp 2008/01/10 19:21. 2008/01/10 19:21 <dir> d -------- C: \ Program Files \ uTorrent 2008/01/10 19:01. 2008/01/10 19:21 <dir> d -------- C: \ Program Files \ megamaps 2008/01/08 22:43. 2008/01/10 19:30 <dir> d -------- C: \ Program Files \ Guitar Pro 5 2008/01/06 05:19. 2008/01/06 05:19 <dir> d -------- C: \ Program Files \ Power Tab Software 2008/01/03 22:31. 2008/01/03 22:31 <dir> d -------- C: \ AeriaGames 2008/01/03 21:30. 2008/01/12 21:55 <dir> d -------- C: \ UnrealTournament 2007/12/25 14:25. 2007-12-28 16:53 90 - a ------ C: \ WINDOWS \ RCAMPEG4VC.ini 2007/12/25 14:18. 2006/09/13 14:52 561,152 - a ------ C: \ WINDOWS \ system32 \ xvidcore.dll 2007/12/25 14:18. 2006/09/13 15:01 237,568 - a ------ C: \ WINDOWS \ system32 \ xvidvfw.dll 2007/12/25 14:18. 2005/12/30 15:34 2864 - a ------ C: \ WINDOWS \ system32 \ xvid.inf 2007/12/25 14:17. 2007/12/25 14:17 <dir> d -------- C: \ Program Files \ RCA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/01/20 20:59 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação 2008/01/17 00:48 --------- d ----- w C: \ Program Files \ Yahoo! 2008/01/16 01:15 --------- d ----- w C: \ Program Files \ Lx_cats 2008/01/11 00:21 --------- d ----- w C: \ Program Files \ Xfire 2008/01/11 00:21 --------- d ----- w C: \ Program Files \ LimeWire 2007/12/22 10:47 --------- d ----- w C: \ Program Files \ DriftCity 2007/12/20 07:35 --------- d ----- w C: \ Arquivos de Programas \ Sierra On-Line 2007/12/18 08:02 --------- d ----- w C: \ Program Files \ NHN E.U.A. 2007/12/17 21:17 --------- d ----- w C: \ Program Files \ Bethesda Softworks 2007/12/05 04:14 --------- d ----- w C: \ Program Files \ Slysoft 2007/12/03 03:06 --------- d ----- w C: \ Program Files \ TGTSoft 2007/11/25 18:18 --------- d ----- w C: \ Program Files \ Common Files \ Sonic Shared 2007/11/22 05:03 --------- d ----- w C: \ Program Files \ Cliprex DVD Player Professional . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * entradas vazias & legit entradas padrão não são mostrados REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 07:00 15360] "DAEMON Tools" = "C: \ Program Files \ DAEMON Tools \ daemon.exe" [2007-08-29 10:09 171464] "Yahoo! Pager" = "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe" [2007-08-30 17:43 4670704] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "Engenheiro de gravação de som" = "SOUNDMAN.EXE" [2006-11-16 16:42 577536 C: \ WINDOWS \ SOUNDMAN.EXE] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2005-08-12 13:43 45056] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2007-09-26 13:42 267064] "CloneCDTray" = "C: \ Program Files \ Slysoft \ CloneCD \ CloneCDTray.exe" [2006-09-28 14:21 57344] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-20 17:18 579072] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe" [2007-06-11 04:25 6731312] "LXCFCATS" = "C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCFtime.dll" [2005-07-20 12:47 73728] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-20 17:18 219136] C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Startup \ Wireless Configuration Utility HW.15.lnk - C: \ Program Files \ TRENDnet \ TRENDnet TEW-421PC_TEW-423PI \ WlanCU.exe [2007-01-30 13:57:42 577536] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ shellexecutehooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "LogonUI.EXE" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ Sonic CinePlayer Quick Launch.lnk] path = C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Inicializar \ Sonic CinePlayer Quick Launch.lnk backup = C: \ WINDOWS \ pss \ Sonic CinePlayer Launch.lnkCommon Inicialização Rápida [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] --------- 2004-10-13 11:24 1694208 C: \ Program Files \ Messenger \ msmsgs.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2007-06-29 05:24 286720 C: \ Program Files \ QuickTime \ qttask.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SBCSTray] C: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSTray.exe R0 videX32; videX32; C: \ WINDOWS \ system32 \ DRIVERS \ videX3 2.sys [2006-10-17 07:22] R0 xfilt; VIA SATA IDE Hot-plug Driver; C: \ WINDOWS \ system32 \ DRIVERS \ xfilt.sys [2006-10-18 04:39] R1 ALCXWDMM; ALCXWDMM; C: \ WINDOWS \ system32 \ drivers \ ALCX WDMM.sys [2008-01-20 16:39] R1 Cinemsup; Cinemsup; C: \ WINDOWS \ system32 \ drivers \ cine msup.sys [2002-07-19 09:10] R3 odysseyIM3; Odyssey Network Services Miniport; C: \ WINDOWS \ system32 \ DRIVERS \ odysseyIM3.sy s [2007-08-17 20:35] S3 rtl8180; Realtek RTL8180 Wireless LAN (Mini-) PCI NIC NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ RTL8180.SYS [2003-12-30 12:20] S3 SetupNTGLM7X; SetupNTGLM7X; D: \ NTGLM7X.sys [] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (5ed3c7c1-4bdf-11dc-8daa-806d6172696f)] \ Shell \ AutoRun \ command - D: \ Autorun.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267-DB51-0008-030706070804)] C: \ WINDOWS \ system32 \ vsc32.exe . ************************************************** ************************ CatchMe 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net Rootkit scan 2008-01-22 00:37:48 5/1/2600 Windows Service Pack 2 NTFS digitalizar processos escondidos ... escaneamento automático entradas escondidas ... digitalizar os arquivos ocultos ... varredura foi concluída com êxito ficheiros ocultos: 0 ************************************************** ************************ . Conclusão tempo: 2008/01/22 0:42:14 - máquina foi reinicializada ComboFix-quarantined-files.txt 2008-01-22 05:42:10 . 2008-01-11 00:38:07 --- EOF --- |
|
#8
21 de janeiro de 2008, 22:57
| |||
| |||
| Problema grave Adware Agora download O vingador Por Swandog46E guarde-o para seu desktop.
Código: Pastas para apagar: C: \ Temp \ tn3 Arquivos para apagar: C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk Registro para excluir as chaves: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267 - DB51-0008-030706070804)
Próximo post Vingador log
__________________ |
|
#9
21 de janeiro de 2008, 23:09
| |||
| |||
| Problema grave Adware ok aqui u ir, ainda popups btw. Logfile O vingador da versão 1, por Swandog46 Correndo da chave de registo: \ Registry \ Machine \ System \ CurrentControlSet \ Service s \ hptxmheu ******************* Script arquivo localizado em: wqwsrviw Não foi possível abrir arquivo script! Erro Não foi possível abrir arquivo script! Status: 0xc000003b Abort! |
|
#10
21 de janeiro de 2008, 23:16
| |||
| |||
| Problema grave Adware oops meu mau i redecorou ele, primo de log didnt olhar direito, e, aparentemente, i didnt fazer algo direito, pela primeira vez, veja o novo registo. Ah, e existem ainda popups. Logfile O vingador da versão 1, por Swandog46 Correndo da chave de registo: \ Registry \ Machine \ System \ CurrentControlSet \ Service s \ mkawvjax ******************* Script arquivo localizado em: \? \ C: \ WINDOWS \ system32 \ ygueewld.txt Script arquivo aberto com sucesso. Script arquivo lido com sucesso Backups abriu com sucesso no diretório C: \ vingador ******************* Início de processo script file: Pasta C: \ Temp \ tn3 eliminado com sucesso. File C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk eliminado com sucesso. Chave do Registro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \ (2352721C-2267-DB51-0008-030706070804) excluído com sucesso. Completed script transformação. ******************* Pronto! Terminate. |
