1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Spyware Vxgame

Discussão em 'Dúvidas e Suporte Técnico PC' iniciada por funnykid, 26 de Janeiro de 2007. (Respostas: 12; Visualizações: 808)

  1. funnykid

    funnykid Power Member

    Malta, tou infectado com este spyware Vxgame.

    Ja tentei de tudo para o tirar mas nao deu.

    Ajudem-me
    please
     
  2. luikki

    luikki Power Member

  3. funnykid

    funnykid Power Member

    com a primeira solução ele não encontra nenhum dll, e com a segunda o programa em trial não remove files
     
  4. luikki

    luikki Power Member

    na segunda solução tens as indicações para a remoção MANUAL!!!!!!!
     
  5. funnykid

    funnykid Power Member

    Já fiz isso e continua a dar o mesmo erro.

    eu já vi noutros foruns, utilizadores k mandam uns logs com um prog qualquer(k num sei o nome)

    alguem me pode ajudar assim???

    tenho mesmo urgência
     
  6. luikki

    luikki Power Member

    tens de fazer o que te indiquei, mas antes tens de desactivar o restauro de sistema....se não resultar, podes usar....
    o prog de que falas é o hijackthis....
    instala-o, pede um scan and save a log file (não feches a janela) e posta a logfile, aqui....
    faz "analyse" e depois marca as linhas que estiverem marcadas a vermelho na janela que ficou aberta e faz "fix".........
     
  7. funnykid

    funnykid Power Member

    OK.. vou testar isso.. posto ja o logfile.. daki a 10 15 min

    obrigado
     
  8. funnykid

    funnykid Power Member

    Ja agora, o analyse faço quando? faço depois de postar o logfile?

    ou faço o analyse e posto o logfile depois com o resultado?!

    pa fazer isso é em modo normal?! ou em modo segurança!?
     
    Última edição: 26 de Janeiro de 2007
  9. luikki

    luikki Power Member

    depois de fazeres past à file, tens no fundo da página "analyse"
    podes fazer em modo de segurança
     
  10. funnykid

    funnykid Power Member

    aki tá o log

    Logfile of HijackThis v1.99.1
    Scan saved at 22:07:18, on 26-01-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programas\VIA\VIAudioi\SBADeck\ADeck.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programas\Microsoft IntelliType Pro\type32.exe
    C:\Programas\Microsoft IntelliPoint\point32.exe
    C:\Programas\DAEMON Tools\daemon.exe
    C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Programas\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\adirss.exe
    C:\WINDOWS\system32\lnwin.exe
    C:\Programas\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Nuno Miguel\Ambiente de trabalho\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2070
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programas\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Programas\VIA\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programas\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ppmate] C:\Programas\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
    O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpyHunter] C:\Programas\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D991CA9-C2C6-484A-A098-3F12A5661B03}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{216A6B67-05C6-451E-97A8-50D102F9A341}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4831C8BE-E1CA-4112-9C73-EB82F2F6179A}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62741A03-7B6E-424D-8DAC-FE07176F3DA3}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6578A5D3-F7A2-48DE-9171-ABACE95BA886}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AAB77E5F-C0FA-4CD6-B6DA-53BE2A92659C}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1414952-89FC-41A8-811C-22EA200ECC86}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D2090C3C-26BD-4631-B9AC-788C664243B0}: NameServer = 207.69.188.185
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D699CAC1-7623-4040-ADA2-DB300CD949AD}: NameServer = 207.69.188.185
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1D991CA9-C2C6-484A-A098-3F12A5661B03}: NameServer = 207.69.188.185
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1D991CA9-C2C6-484A-A098-3F12A5661B03}: NameServer = 207.69.188.185
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304BB60787} - C:\WINDOWS\system32\zrmyv.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe







    ja agora, não apareceu nada a vermelho
     
    Última edição: 26 de Janeiro de 2007
  11. luikki

    luikki Power Member

    agora, postas esta file, AQUI, e fazes analyse.....
    vão aparecer linhas marcadas com um X vermelho que depois marcas no resultado do hijackthis e fazes fix....
    já vi que tens para aí uma grande lixeira (e isto é outro assunto) com restos de software da symantec... depois de resolveres o problema pelo qual cá vieste, resolvemos estes.....
     
  12. funnykid

    funnykid Power Member

    Ora.. ja fiz o fix e ja foram removidos...
    portanto.. parece k o problema tá resolvido..
    e agora ajuda-me lá com a lixeira pf
     
  13. luikki

    luikki Power Member

    instala e o corre o ccleaner e o mv regclean para limpares o registo .....e o spybot para limpares outros eventuais spywares....
    para removeres "porcaria" da symantec usa isto....
    quando terminares faz uma desfragmentação....
    se precisares de mais ajuda, diz.
     

Partilhar esta Página