1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

ajuda para apagar VIRUS ALERT

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Luis_M, 9 de Julho de 2008. (Respostas: 12; Visualizações: 4405)

Estado do Tópico:
Fechado a novas mensagens.
  1. Luis_M

    Luis_M Power Member

    ja utilizei o Ad-Aware e o Spybot - Search & Destroy e nao fizeram nada tambem nao consigo mudar a imagem de fundo ajudem-me ja nao sei o que fazer.

    [​IMG]
    [​IMG]
     
    Última edição: 9 de Julho de 2008
  2. freezeer

    freezeer Power Member

    ola .. para que te possa ajudar cria um log com o programa hijackthis e posta aqui... cumps
    Podes efectuar o download no site oficial da TrendMicro: Download
     
  3. Luis_M

    Luis_M Power Member

    ve la se e isto

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21: VIRUS ALERT!, on 09-07-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Programas\Executive Software\Diskeeper\DkService.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
    C:\Programas\Brother\ControlCenter2\brctrcen.exe
    C:\Programas\Gaming\GamingCenter\Panel.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\PeerGuardian2\pg2.exe
    C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pt/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O1 - Hosts: 121.128.133.26 C:\Programas\Silkroad\Silkroad.exe
    O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: QXK Olive - {AF4EBF01-2871-49E4-BF25-8F0564359C31} - C:\WINDOWS\wbxdpgfevkl.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing)
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programas\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [StartCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Programas\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programas\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Acer Mouse] C:\Programas\Gaming\GamingCenter\Panel.exe
    O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SeePassword] C:\Programas\SeePassword\SeePassword.exe
    O4 - HKLM\..\Run: [Antivirus] C:\Programas\VAV\vav.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PeerGuardian] C:\Programas\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Hide IP Platinum] C:\Programas\Hide IP Platinum\hideippla.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Programas\VAV\vav.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.pt/
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://www.earn2life.com/plugin/Earn2Life.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F3F53C62-1404-41B0-9EFA-1FB9B8780332}: NameServer = 192.168.2.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O21 - SSODL: fsrpknov - {D6F0A0EA-E96A-4FBD-B270-E429083DF873} - C:\WINDOWS\fsrpknov.dll
    O21 - SSODL: fdxbameg - {1DB91A59-764B-4218-9408-2282F7C0C711} - C:\WINDOWS\fdxbameg.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programas\Executive Software\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 11525 bytes
     
  4. spytech

    spytech Mega BOINC

  5. Luis_M

    Luis_M Power Member

    ja fiz isso e nao deu em nada
     
  6. DarkButterfly

    DarkButterfly Power Member

    Instala o SUPERAntiSpyware, actualiza e verifica.

    faz fix a estas entradas no Hijackthis:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.d ll (file missing)
    O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing)
    O4 - HKLM\..\Run: [Antivirus] C:\Programas\VAV\vav.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Programas\VAV\vav.exe
    O21 - SSODL: fsrpknov - {D6F0A0EA-E96A-4FBD-B270-E429083DF873} - C:\WINDOWS\fsrpknov.dll - NÃO É UM FICHEIRO DO WINDOWS
    O21 - SSODL: fdxbameg - {1DB91A59-764B-4218-9408-2282F7C0C711} - C:\WINDOWS\fdxbameg.dll (file missing)


    Caso isto não resolva e o SUPERAntiSpyware também não, faz o download da versão de teste de 15 dias 100% funcional do Sunbelt Counterspy no sítio oficial.

    Boa sorte.
     
    Última edição: 9 de Julho de 2008
  7. spytech

    spytech Mega BOINC

    não deu em nada? tens ai uns X vermelhos e alguns ?

    só se conheceres as entradas todas...
     
  8. Luis_M

    Luis_M Power Member

    ok ja consegui apagar o viros obrigado a todos so mais uma coisa como e que posso apagar o Vista Antivirus 2008 no Adicionar ou remover programas nao aparece nada lá para o apagar
     
  9. DarkButterfly

    DarkButterfly Power Member

    Resolveste com o Hijackthis?

    Contudo, aconselho, a que faças uma verificação com o SUPERAntiSpyware Free Edition e com o Sunbelt Counterspy que já havia mencionado. Digo isto, pois, apesar, do Hijackthis (se for o caso) tenha aparentemente resolvido o assunto, o mesmo não quer dizer que tudo tenha sido eficazmente resolvido. Até aconselharia instalares mesmo o Counterspy, pois caso ainda haja algo por eliminar, e não seja possivel com o sistema a correr, o próprio Counterspy reinicia o sistema e elimina o que houver para eliminar antes mesmo do sistema "arrancar".
     
  10. nono54

    nono54 Power Member

  11. Shakazulu.pt

    Shakazulu.pt Power Member

    Tenho o mesmo problema, apareceme virus alert ao lado da hora, ja usei varios anti spyware, desde superantispyware, adware, avg, norton 360, counter spy. twister antivirus e nada. não conseguem detectar o problema.

    Como fizeste para resolver para apagar o virus?!
     
  12. Nelinho10

    Nelinho10 Banido

    tens logo em cima a resoluçao.usa o hijack this e corre depois posta o log
     
Estado do Tópico:
Fechado a novas mensagens.

Partilhar esta Página