1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Como remover virus

Discussão em 'Windows 7 e anteriores' iniciada por leficoma, 13 de Novembro de 2008. (Respostas: 19; Visualizações: 1347)

  1. leficoma

    leficoma Power Member

    Boa noite

    Tou com um problema que penso que seja virus.
    O q acontece é q qd abro o IE abre-me sempre outras paginas. Para alem disso, o simbolo das actualizaçoes automaticas esta sempre a vermelho no system tray e nao me deixa ligar as actualizaçoes.
    Ja corri o avg e o spybot e nada.
    O q me aconselham a fazer?!

    Cumps
     
  2. Dark_Webster

    Dark_Webster Power Member

    Acho que esse é o virus que apanhei à coisa de duas horas. O Windows Defender deu por ele e apagou-o. Ainda tive que fazer uns quantos scans de sistema e apagar os pontos de restauro ate ele sair.

    Procura por W32.Vundo, pode ser que seja igual ao que eu tive.
     
  3. Blue Zee

    Blue Zee Power Member

    Tente isto.

    Se estiver a usar o Spybot S&D e o SpywareBlaster, desactive as imunizações antes de fazer o scan com o SUPERAntiSpyware.

    Zee
     
  4. leficoma

    leficoma Power Member

    Boa noite

    Tentei fazer o q me disseram e nem um nem outro funcionaram. Fiz uma busca e nao encontrou nada.
    Depois tentei com o superantispyware e ele encontrou os trojans com o nome...Vundo. Contudo nao consigo remove-los. O computador passa-se e reinicia.
    Ajudem-me por favor.

    Cumps
     
  5. Blue Zee

    Blue Zee Power Member

    Corra o SUPERAntiSpyware em Modo de Segurança (pressione F8 repetidamente ao arrancar o PC).

    Diga-nos se assim resulta.

    Zee


    P.S.:
    Pode também correr primeiro o Vundofix.
     
    Última edição: 14 de Novembro de 2008
  6. leficoma

    leficoma Power Member

    Bom dia

    Nao resulta mesmo assim.
    Nem com o Vundofix.

    Ta complicado...
     
  7. Blue Zee

    Blue Zee Power Member

    Descarregue o HijackThis v. 2.0.2 daqui (use o Installer):
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Instale e arranque o programa usando o ícone criado no ambiente de trabalho.

    Clique Do a System Scan and Save a Log File.

    Quando o scan acabar será criado um ficheiro de texto com o seu log.

    Copie o log e coloque-o aqui.

    NÃO
    tente usar o HJT para qualquer limpeza sem ajuda.

    Logo que coloque o log veremos como prosseguir.

    Zee
     
  8. carnicero

    carnicero Power Member



    saca o Combo Fix e corre apenas a aplicação. Retira virus como o tanas. Confia 5*.

    abraço:x2:
     
  9. Ruimofernandes

    Ruimofernandes Power Member

    Passa tambem o smitfraudfix e bankerfix. Podes tambem ter bankers.
     
  10. leficoma

    leficoma Power Member

    Bem...ai vai o Logfile

    Obrigado pela paciencia.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:47:55, on 16-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programas\Microsoft IntelliType Pro\itype.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programas\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
    C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programas\Java\jre1.6.0_07\bin\jusched.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\TomTom HOME 2\HOMERunner.exe
    C:\Programas\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\CyberLink\Shared Files\RichVideo.exe
    C:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\TVersity\Media Server\MediaServer.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
    O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)
    O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
    O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)
    O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe
    O4 - HKLM\..\Run: [itype] "C:\Programas\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.est...81.84.29.39_1498&=&req=1220009719843OneCC.cab
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{157A74B9-2932-4944-9DC7-404D751852EC}: NameServer = 212.113.161.226,212.113.161.227
    O17 - HKLM\System\CS1\Services\Tcpip\..\{157A74B9-2932-4944-9DC7-404D751852EC}: NameServer = 212.113.161.226,212.113.161.227
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: qrdhjh.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)
    O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programas\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
    O23 - Service: Autodesk EDM Server - Autodesk - C:\Programas\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Programas\TVersity\Media Server\MediaServer.exe
    --
    End of file - 11085 bytes
     
  11. Blue Zee

    Blue Zee Power Member

    Faça isto e depois coloque um novo log do HJT.

    Zee
     
  12. paraai5

    paraai5 Power Member

    Fixed and cheked nestas entradas, depois de olhares para elas com a devida atenção e não as conheçeres como instalações feitas por ti.

    O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)

    O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)

    O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)

    O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)

    O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)

    O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)

    O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b

    O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe

    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.esta...19843OneCC.cab

    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

    O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)

    O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)

    Parece me que é tudo..lol
     
  13. leficoma

    leficoma Power Member

    Nao consigo descarregar este ficheiro

    Cumps

     
  14. Blue Zee

    Blue Zee Power Member

  15. paraai5

    paraai5 Power Member

    Boas,


    Já fizeste fixed and chequed as linhas que te indiquei em cima no hijack ? E não resultou?
     
  16. Blue Zee

    Blue Zee Power Member

    Tenha calma que o caminho não é bem por aí, pelo menos para já.

    Zee
     
  17. paraai5

    paraai5 Power Member


    Mas se fizeste a analise ao log do hijack, sabes que ele tem ali muita coisa que corregir, e pode bem começar por lá.
     
  18. leficoma

    leficoma Power Member

    Bem...aqui esta o ficheiro criado. Pelo que entendo diz que nao detectou trojans. Mas isto pra mim é chines.

    Cumps

    SDFix: Version 1.240
    Run by Administrador on 17-11-2008 at 23:17
    Microsoft Windows XP [VersÆo 5.1.2600]
    Running From: C:\SDFix
    Checking Services :

    Restoring Default Security Values
    Restoring Default Hosts File
    Rebooting

    Checking Files :
    No Trojan Files Found



    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-17 23:33:15
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    scanning hidden registry entries ...
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710
    "AppInit_DLLs"="qrdhjh.dll"
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "D:\\DOCs\\UTILITARIOS\\emule0.48a-Xtreme6.1\\emule.exe"="D:\\DOCs\\UTILITARIOS\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"
    "C:\\Programas\\eMule\\emule.exe"="C:\\Programas\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Programas\\TVAnts\\Tvants.exe"="C:\\Programas\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Programas\\SopCast\\SopCast.exe"="C:\\Programas\\SopCast\\SopCast.exe:*:Enabled:SopCast"
    "C:\\Documents and Settings\\Utilizador\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Utilizador\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:PowerDVD"
    "C:\\Programas\\DNA\\btdna.exe"="C:\\Programas\\DNA\\btdna.exe:*:Enabled:DNA"
    "C:\\Programas\\BitTorrent\\bittorrent.exe"="C:\\Programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Programas\\Bowlfish\\eMule.exe"="C:\\Programas\\Bowlfish\\eMule.exe:*:Enabled:eMule"
    "C:\\Programas\\Azureus\\Azureus.exe"="C:\\Programas\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Programas\\TVersity\\Media Server\\TVersity.exe"="C:\\Programas\\TVersity\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server"
    "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Protocol"
    "C:\\Programas\\Internet Explorer\\iexplore.exe"="C:\\Programas\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Documents and Settings\\Utilizador\\Definições locais\\Temp\\occ.exe"="C:\\Documents and Settings\\Utilizador\\Definições locais\\Temp\\occ.exe:*:Enabled:OneCC Module"
    "C:\\Programas\\DreMule\\emule.exe"="C:\\Programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
    "C:\\Programas\\Bonjour\\mDNSResponder.exe"="C:\\Programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Programas\\iTunes\\iTunes.exe"="C:\\Programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="C:\\Programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
    "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Programas\\TVersity\\Media Server\\MediaServer.exe"="C:\\Programas\\TVersity\\Media Server\\MediaServer.exe:*:Enabled:TVersity Media Server"
    "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    Remaining Files :

    Files with Hidden Attributes :
    Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programas\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
    Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programas\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
    Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programas\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
    Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programas\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
    Fri 31 Oct 2008 73,216 ..SHR --- "C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe"
    Wed 5 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 3 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
    Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c948e02212d240149f18da43d547284b\BIT2.tmp"
    Finished!
     
  19. Blue Zee

    Blue Zee Power Member

    Comece por criar um ponto de restauro fresco.

    Descarregue e instale o seguinte programa:

    A versão Slim do CCleaner (sem toolbar, em Inglês):
    http://www.ccleaner.com/download/builds.aspx

    Depois de instalado o programa acima, reinicie em Modo de Segurança depois de pressionar F8 ao arrancar o sistema, faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada uma):
    Código:
    O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
    O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)
    O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
    O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)
    O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)
    O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b
    O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.esta...19843OneCC.cab
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O20 - AppInit_DLLs: qrdhjh.dll
    O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)
    O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)
    
    Faça a limpeza clicando em Fix checked, confirme se necessário e encerre o HJT.

    Reinicie o sistema de novo em Modo de Segurança.

    Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.

    Terminada a limpeza reinicie o sistema em Modo Normal.

    Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

    Actualize as definições clicando no botão Check for Updates...

    Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.

    E desmarque todos os outros. Agora clique em Close para sair deste menu.

    Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.

    Se estiver a usar o Spybot S&D e o SpywareBlaster, desactive as imunizações antes de fazer o scan com o SUPERAntiSpyware.

    Encerre o programa, reinicie o PC e teste.

    Desinstale todas as versões de Java que tem via Adicionar ou Remover Programas, apague a pasta C:\Programas\Java e instale a última versão daqui.

    Diga-nos se resultou.

    Zee
     
  20. leficoma

    leficoma Power Member

    Boa noite

    Quero agradecer as ajudas que me prestaram, mas como a remoçao do virus estava a ser demasiado complexa para mim, decidi fazer uma formatação do windows.

    Obrigado a todos mais uma vez
     

Partilhar esta Página