Jump to content


Foto

sou redirecionado quando tento entrar no terra uol etc



Existem 7 respostas neste tópico

#1 dhms21    

dhms21
  • Participante
  • 5 mensagens

Publicado 20 August 2011 - 12:58 AM

sempre que tento entrar no site www.terra.com.br sou redirecionado para outro site que não tem nada haver. ja passei antivírus e usei o programa Malwarebytes' Anti-Malware e nada deu certo ainda. o que posso fazer se puderem passar o passo a passo agradeco. o site q sou redirecionado é www.goodleads.g. mais um monte de coisas que na da pra entender.

PUBLICIDADE  
 

#2 XERLOUCO ROUMS    

XERLOUCO ROUMS

    Malwares Expert

  • Colaborador
  • 7022 mensagens

Publicado 20 August 2011 - 07:27 AM

Amigo, siga as instruções deste tópico, Logs do HijackThis ** leia antes de postar ** e poste o log.
Posted Image

#3 dhms21    

dhms21
  • Participante
  • 5 mensagens

Publicado 20 August 2011 - 02:02 PM

ola pesquisando encontrei essa resposta abaixo.
tentei entrar usando meu celular como modem, e deu certo nao sou redirecionado para site nenhum. sera que o problema esta no modem mesmo?



Não é vírus...

Você terá que resetar seu modem (roteador) para as configurações de fábrica e reconfigurá-lo para o modo que ele trabalha aí, ativando o Firewall dele.

Se não souber fazer isso, recomendo procurar na internet manuais de como fazer tal coisa. Se achar difícil, procure um técnico para fazê-lo.
Fonte(s):
http://twitter.com/Eric_hc



segue meu log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:24, on 20/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Video Web Camera\traybar.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\ARQUIV~1\LAUNCH~1\LManager.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Lexmark Pro700 Series\lxeemon.exe
C:\Arquivos de programas\Lexmark Pro700 Series\ezprint.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe
C:\Arquivos de programas\Microsoft Security Client\msseces.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxext.exe
C:\Arquivos de programas\Video Web Camera\CEC_MAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
c:\Arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Daniel\Meus documentos\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Arquivos de programas\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [lxeemon.exe] "C:\Arquivos de programas\Lexmark Pro700 Series\lxeemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark Pro700 Series\ezprint.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1308870582796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1308883343140
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....r_installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC80E6F-CA2E-4C62-8183-EE71816A6CCC}: NameServer = 189.40.226.80 189.40.224.5
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe
O23 - Service: lxee_device - - C:\WINDOWS\system32\lxeecoms.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9663 bytes




#4 XERLOUCO ROUMS    

XERLOUCO ROUMS

    Malwares Expert

  • Colaborador
  • 7022 mensagens

Publicado 21 August 2011 - 10:37 AM

Na grande maioria das vezes redirecionamentos são provocados por adwares ou vírus. Siga estas instruções para verificarmos a existência de algum deles:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs)
Salve-o na sua área de trabalho.
  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Selecione, copie e cole o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:
  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Posted Image

#5 dhms21    

dhms21
  • Participante
  • 5 mensagens

Publicado 21 August 2011 - 02:22 PM

segue em anexo o log.

ComboFix 11-08-21.01 - Daniel 21/08/2011 13:56:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1518 [GMT -3:00]
Executando de: c:\documents and settings\Daniel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\POL
c:\arquivos de programas\POL\menu.gif
c:\arquivos de programas\POL\POL.chm
c:\arquivos de programas\POL\qs.html
c:\arquivos de programas\POL\tray.gif
c:\arquivos de programas\POL\Uninstall.exe
c:\documents and settings\All Users\Dados de aplicativos\MPK
c:\documents and settings\All Users\Dados de aplicativos\MPK\mpk.db
c:\documents and settings\All Users\SPL3.tmp
c:\windows\system32\wdir
c:\windows\XSxS
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))
.
.
2011-08-21 16:17 . 2011-08-21 16:17 28752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\MpKsl90873878.sys
2011-08-20 17:09 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\mpengine.dll
2011-08-13 21:35 . 2011-08-13 21:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\3DVIA
2011-08-13 21:35 . 2011-08-13 21:35 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\3DVIA
2011-08-13 21:34 . 2007-07-19 21:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-08-13 21:34 . 2006-09-28 19:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-08-13 21:34 . 2011-08-13 21:34 -------- d-----w- c:\windows\Logs
2011-08-13 21:34 . 2011-08-13 21:34 -------- d-----w- c:\arquivos de programas\Virtools
2011-08-07 17:14 . 2011-08-07 17:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared
2011-08-07 17:13 . 2011-08-07 17:15 -------- d-----w- c:\arquivos de programas\Real
2011-08-06 23:21 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-05 18:37 . 2011-07-12 23:39 6881616 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-05 11:32 . 2011-08-05 11:32 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\PCHealth
2011-08-05 11:31 . 2011-08-05 11:31 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\PCHealth
2011-08-05 03:11 . 2011-08-05 03:11 -------- d-----w- c:\windows\Temp3EEFB77F-2776-09DD-0B7A-C2A339BE3369-Signatures
2011-08-05 03:11 . 2011-08-05 03:11 -------- d-----w- C:\296fcfc784b134b44d7e
2011-08-03 12:08 . 2011-08-03 12:08 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google
2011-08-03 06:03 . 2011-08-03 06:03 -------- d-----w- c:\arquivos de programas\CCleaner
2011-08-03 06:03 . 2011-08-03 06:03 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
2011-08-03 06:02 . 2011-08-03 06:03 -------- d-----w- c:\arquivos de programas\Google
2011-08-01 16:20 . 2003-11-12 00:59 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2011-08-01 16:20 . 2003-04-01 12:36 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2011-08-01 16:20 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-08-01 16:20 . 1998-06-24 06:00 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-01 16:20 . 2008-02-09 17:48 86016 ----a-w- c:\windows\system32\CS.ocx
2011-08-01 16:20 . 2007-08-02 14:50 65536 ----a-w- c:\windows\system32\IEMonitor.ocx
2011-08-01 16:20 . 2007-03-01 20:41 86016 ----a-w- c:\windows\system32\SuperPicture.ocx
2011-08-01 11:43 . 2011-08-01 11:43 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\NokiaAccount
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-07 17:13 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-07 17:13 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-15 13:29 . 2011-06-23 17:09 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2011-06-23 17:25 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2011-06-23 22:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 23:36 . 2011-06-23 23:38 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-06-23 23:36 . 2011-06-23 23:38 207368 ----a-w- c:\windows\UNINST32.EXE
2011-06-23 23:36 . 2011-06-23 23:38 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-06-23 23:23 . 2011-06-23 23:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-06-23 23:22 . 2011-06-23 23:30 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-06-23 23:22 . 2011-06-23 23:30 205232 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-06-23 23:22 . 2011-06-23 23:30 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-06-23 23:22 . 2011-06-23 23:30 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2011-06-23 23:22 . 2011-06-23 23:30 169256 ----a-w- c:\windows\system32\SynCOM.dll
2011-06-23 23:17 . 2011-06-23 23:27 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-23 23:16 . 2009-03-02 16:03 38912 ----a-w- c:\windows\system32\drivers\l1c51x86.sys
2011-06-23 23:16 . 2011-06-23 23:24 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2011-06-23 23:16 . 2011-06-23 23:24 405504 ----a-w- c:\windows\vncutil.exe
2011-06-23 23:16 . 2011-06-23 23:24 1826816 ----a-w- c:\windows\SkyTel.exe
2011-06-23 23:16 . 2011-06-23 23:24 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-23 23:16 . 2011-06-23 23:24 1482752 ----a-w- c:\windows\RtlUpd.exe
2011-06-23 23:16 . 2011-06-23 23:24 9715200 ----a-w- c:\windows\RTLCPL.EXE
2011-06-23 23:16 . 2011-06-23 23:24 5891584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-06-23 23:15 . 2011-06-23 23:24 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-06-23 23:15 . 2011-06-23 23:24 122880 ----a-w- c:\windows\RtkAudioService.exe
2011-06-23 23:15 . 2011-06-23 23:24 18702336 ----a-w- c:\windows\RTHDCPL.EXE
2011-06-23 23:15 . 2011-06-23 23:24 2170880 ----a-w- c:\windows\MicCal.exe
2011-06-23 23:15 . 2011-06-23 23:24 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-06-23 23:14 . 2011-06-23 23:24 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-06-23 23:14 . 2011-06-23 23:24 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-06-23 23:14 . 2011-06-23 23:24 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2011-06-23 23:14 . 2011-06-23 23:24 57344 ----a-w- c:\windows\ALCMTR.EXE
2011-06-23 23:12 . 2011-06-23 23:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-06-23 23:09 . 2011-06-23 23:23 831488 ----a-w- c:\windows\RtlExUpd.dll
2011-06-23 23:04 . 2011-06-23 23:05 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-06-23 23:03 . 2011-06-23 23:05 57344 ----a-w- c:\windows\system32\igxprd32.dll
2011-06-23 23:03 . 2011-06-23 23:05 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2011-06-23 23:03 . 2011-06-23 23:05 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2011-06-23 23:03 . 2011-06-23 23:05 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2011-06-23 23:03 . 2011-06-23 23:05 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2011-06-23 23:03 . 2011-06-23 23:05 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2011-06-23 23:03 . 2011-06-23 23:05 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2011-06-23 23:03 . 2011-06-23 23:05 294912 ----a-w- c:\windows\system32\igldev32.dll
2011-06-23 23:03 . 2011-06-23 23:05 141848 ----a-w- c:\windows\system32\igfxtray.exe
2011-06-23 23:03 . 2011-06-23 23:05 256536 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-06-23 23:03 . 2011-06-23 23:05 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-06-23 23:03 . 2011-06-23 23:05 48128 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-06-23 23:03 . 2011-06-23 23:05 163840 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-06-23 23:03 . 2011-06-23 23:08 180224 ----a-w- c:\windows\system32\igfxres.dll
2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxrita.lrc
2011-06-23 23:03 . 2011-06-23 23:05 184320 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-06-23 23:03 . 2011-06-23 23:05 155648 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-06-23 23:03 . 2011-06-23 23:05 131072 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-06-23 23:03 . 2011-06-23 23:05 126976 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-06-23 23:03 . 2011-06-23 23:05 192512 ----a-w- c:\windows\system32\igfxrell.lrc
2011-06-23 23:03 . 2011-06-23 23:05 192512 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxresp.lrc
2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-06-23 23:03 . 2011-06-23 23:05 110592 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-06-23 23:03 . 2011-06-23 23:05 3293184 ----a-w- c:\windows\system32\igfxress.dll
2011-06-23 23:03 . 2011-06-23 23:05 110592 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-06-23 23:03 . 2011-06-23 23:05 137752 ----a-w- c:\windows\system32\igfxpers.exe
2011-06-23 23:03 . 2011-06-23 23:05 204800 ----a-w- c:\windows\system32\igfxpph.dll
2011-06-23 23:03 . 2011-06-23 23:05 159744 ----a-w- c:\windows\system32\igfxrara.lrc
2011-06-23 23:03 . 2011-06-23 23:05 24576 ----a-w- c:\windows\system32\igfxexps.dll
2011-06-23 23:03 . 2011-06-23 23:05 208896 ----a-w- c:\windows\system32\igfxdev.dll
2011-06-23 23:03 . 2011-06-23 23:05 170520 ----a-w- c:\windows\system32\igfxext.exe
2011-06-23 23:03 . 2011-06-23 23:05 135168 ----a-w- c:\windows\system32\igfxdo.dll
2011-06-23 23:03 . 2011-06-23 23:05 122880 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-06-23 23:03 . 2011-06-23 23:05 530968 ----a-w- c:\windows\system32\igfxcfg.exe
2011-06-23 23:02 . 2011-06-23 23:05 166424 ----a-w- c:\windows\system32\hkcmd.exe
2011-06-23 23:02 . 2011-06-23 23:05 102400 ----a-w- c:\windows\system32\hccutils.dll
2011-06-23 23:02 . 2011-06-23 23:05 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-06-23 18:30 . 2011-06-23 17:20 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2011-06-23 17:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:30 . 2011-06-23 17:15 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 17:29 . 2011-06-23 17:28 648 ----a-w- c:\windows\system32\presetup.cmd
2011-06-23 12:05 . 2011-06-23 17:05 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2011-06-23 17:08 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2011-06-23 17:08 1859072 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-23 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-23 137752]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-23 18702336]
"AzMixerSel"="c:\arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe" [2011-06-23 53248]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2011-06-23 1430824]
"Camera Assistant Software"="c:\arquivos de programas\Video Web Camera\traybar.exe" [2009-06-24 630784]
"LManager"="c:\arquiv~1\LAUNCH~1\LManager.exe" [2011-06-23 875016]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-04-08 254696]
"lxeemon.exe"="c:\arquivos de programas\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\arquivos de programas\Lexmark Pro700 Series\ezprint.exe" [2010-05-17 148280]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-08-07 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
.
R1 MpKsl90873878;MpKsl90873878;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\MpKsl90873878.sys [21/8/2011 13:17 28752]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2/3/2009 13:03 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [23/6/2011 20:26 145408]
S1 jarlrqxp;jarlrqxp;\??\c:\windows\system32\drivers\jarlrqxp.sys --> c:\windows\system32\drivers\jarlrqxp.sys [?]
S1 MpKsl3f1d288c;MpKsl3f1d288c;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{5E29B871-5513-457F-A0BF-836031434874}\MpKsl3f1d288c.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{5E29B871-5513-457F-A0BF-836031434874}\MpKsl3f1d288c.sys [?]
S1 MpKsl8c2d8a34;MpKsl8c2d8a34;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{191BB2AA-CFE3-4E1F-823E-EABB9F3F6858}\MpKsl8c2d8a34.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{191BB2AA-CFE3-4E1F-823E-EABB9F3F6858}\MpKsl8c2d8a34.sys [?]
S1 MpKslfa73f845;MpKslfa73f845;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{F5BACEB3-BFD0-4332-92A4-3920FB4BFB50}\MpKslfa73f845.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{F5BACEB3-BFD0-4332-92A4-3920FB4BFB50}\MpKslfa73f845.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/8/2011 03:03 135664]
S2 KMService;KMService;c:\windows\system32\srvany.exe [23/6/2011 22:05 8192]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [24/6/2011 15:20 193192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/6/2011 20:24 1684736]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/8/2011 03:03 135664]
S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/1/2010 21:37 4640000]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 13:16 753504]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MPKSL90873878
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc51a3caeae4d4.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-03 06:03]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-03 06:03]
.
2011-08-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]
.
2011-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-776561741-515967899-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
2011-08-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-776561741-515967899-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: Interfaces\{DCC80E6F-CA2E-4C62-8183-EE71816A6CCC}: NameServer = 189.40.226.80 189.40.224.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Tempo para conclusão: 2011-08-21 14:04:34
ComboFix-quarantined-files.txt 2011-08-21 17:04
.
Pré-execução: 9 pasta(s) 122.005.061.632 bytes disponíveis
Pós execução: 12 pasta(s) 122.068.709.376 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 67D015D6A0A77345CD8A113A39187F77


outra pergunta, porque quando entro usando o celular como modem funciona tudo normal, so tenho alteração quando uso a internet wi-fi da minha casa.

#6 dhms21    

dhms21
  • Participante
  • 5 mensagens

Publicado 23 August 2011 - 08:46 AM

oi alguém pode ajudar?

#7 XERLOUCO ROUMS    

XERLOUCO ROUMS

    Malwares Expert

  • Colaborador
  • 7022 mensagens

Publicado 23 August 2011 - 12:48 PM

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Dir Look::
c:\windows\Temp3EEFB77F-2776-09DD-0B7A-C2A339BE3369-Signatures
C:\296fcfc784b134b44d7e


Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

http://users.pandora...es/CFScript.gif

O ComboFix irá rodar, aguarde o exame terminar.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga as instruções deste tópico, Logs do HijackThis ** leia antes de postar **, abra um tópico próprio e poste o log.


Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Acesse o VirusTotal.com ou o Jotti.com

Clique em Procurar. Na janela para escolher o arquivo, na caixa Nome do Arquivo cole esta linha abaixo:

c:\windows\system32\drivers\jarlrqxp.sys

Clique no botão Abrir e na página do site, clique em Posted Image

Agüarde a análise, depois copie e salve o resultado.

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

Posted Image

Se isso acontecer, então apenas copie o link indicado na imagem e cole na sua resposta. Poste o novo log do ComboFix.
Posted Image

#8 dhms21    

dhms21
  • Participante
  • 5 mensagens

Publicado 24 August 2011 - 12:23 AM

bom dia, resetei meu modem e agora meu computador esta funcionando normalmente. obrigado amigo o problema estava no modem pq agora esta funcionando normalmente.


PUBLICIDADE