to com um problema serissimo!
estou com um spyware no meu pc que não sei tirar! já passei 3 programas! e nada!!
Me ajude a tirar olhem a imagem!
Attached Files
Edição feita por: Tiagorj, 19/05/2005, 19:04.
Posted 19/05/2005, 19:03
Edição feita por: Tiagorj, 19/05/2005, 19:04.
Posted 19/05/2005, 19:45
Posted 19/05/2005, 20:46
Posted 19/05/2005, 20:57
Posted 19/05/2005, 21:03
Posted 19/05/2005, 21:47
Posted 19/05/2005, 21:49
Posted 19/05/2005, 22:54
Posted 20/05/2005, 12:13
Logfile of HijackThis v1.97.7 Scan saved at 20:11:48, on 08/05/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\ATIUPDPL.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\RUNDLL32.EXE C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.10.1:3128;gopher=172.16.10.1:3128;http=172.16.10.1:3128;https=172.16.10.1:3128;socks=172.16.10.1:3128 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {34D60D21-BDD4-11D9-B11F-00E02BF224C6} - C:\WINDOWS\SYSTEM\AOOI.DLL O2 - BHO: (no name) - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\ARQUIVOS DE PROGRAMAS\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARQUIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\Run: [ashMaiSv] C:\ARQUIV~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\RunServices: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0 O4 - HKCU\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe O4 - HKCU\..\RunServices: [SpySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0 O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = NET FACIL O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.10.1
Posted 20/05/2005, 12:33
Bom ... esses foram os que me chamaram atenção, caso não dê certo, é só fazer outro log ...Logfile of HijackThis v1.97.7
Scan saved at 20:11:48, on 08/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ATIUPDPL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=172.16.10.1:3128;gopher=172.16.10.1:3128;http=172.16.10.1:3128;https=172.16.10.1:3128;socks=172.16.10.1:3128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {34D60D21-BDD4-11D9-B11F-00E02BF224C6} - C:\WINDOWS\SYSTEM\AOOI.DLL
O2 - BHO: (no name) - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\ARQUIVOS DE PROGRAMAS\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARQUIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [ashMaiSv] C:\ARQUIV~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [atiupdpl] C:\WINDOWS\SYSTEM\atiupdpl.exe
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = NET FACIL
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.10.1
Posted 20/05/2005, 13:14
brother, ja tive o msmo problema com esse desgracento spy..tentei uam porrada de anti-spy, os mais conhecidos e váriso outros e nada..nao sei cmo, mas o meu norton 2004, removeu ele...de-repente vale tentar.Oi galera!
to com um problema serissimo!
estou com um spyware no meu pc que não sei tirar! já passei 3 programas! e nada!!
Me ajude a tirar olhem a imagem!
Posted 24/01/2009, 15:42
0 membro(s), 0 visitante(s) e 0 membros anônimo(s)