Como remover virus

L

leficoma

Power Member
Boa noite

Tou com um problema que penso que seja virus.
O q acontece é q qd abro o IE abre-me sempre outras paginas. Para alem disso, o simbolo das actualizaçoes automaticas esta sempre a vermelho no system tray e nao me deixa ligar as actualizaçoes.
Ja corri o avg e o spybot e nada.
O q me aconselham a fazer?!

Cumps
 
Acho que esse é o virus que apanhei à coisa de duas horas. O Windows Defender deu por ele e apagou-o. Ainda tive que fazer uns quantos scans de sistema e apagar os pontos de restauro ate ele sair.

Procura por W32.Vundo, pode ser que seja igual ao que eu tive.
 
Boa noite

Tentei fazer o q me disseram e nem um nem outro funcionaram. Fiz uma busca e nao encontrou nada.
Depois tentei com o superantispyware e ele encontrou os trojans com o nome...Vundo. Contudo nao consigo remove-los. O computador passa-se e reinicia.
Ajudem-me por favor.

Cumps
 
leficoma disse:
Boa noite

Tentei fazer o q me disseram e nem um nem outro funcionaram. Fiz uma busca e nao encontrou nada.
Depois tentei com o superantispyware e ele encontrou os trojans com o nome...Vundo. Contudo nao consigo remove-los. O computador passa-se e reinicia.
Ajudem-me por favor.

Cumps
Clicar para expandir...
Corra o SUPERAntiSpyware em Modo de Segurança (pressione F8 repetidamente ao arrancar o PC).

Diga-nos se assim resulta.

Zee


P.S.:
Pode também correr primeiro o Vundofix.
 
Última edição:
leficoma disse:
Bom dia

Nao resulta mesmo assim.
Nem com o Vundofix.

Ta complicado...
Clicar para expandir...
Descarregue o HijackThis v. 2.0.2 daqui (use o Installer):
 http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

 Instale e arranque o programa usando o ícone criado no ambiente de trabalho.

 Clique Do a System Scan and Save a Log File.

 Quando o scan acabar será criado um ficheiro de texto com o seu log.

 Copie o log e coloque-o aqui.

NÃO tente usar o HJT para qualquer limpeza sem ajuda.

 Logo que coloque o log veremos como prosseguir.

 Zee
 
Bem...ai vai o Logfile

Obrigado pela paciencia.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:55, on 16-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Microsoft IntelliType Pro\itype.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Java\jre1.6.0_07\bin\jusched.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\TomTom HOME 2\HOMERunner.exe
C:\Programas\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\TVersity\Media Server\MediaServer.exe
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)
O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)
O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [itype] "C:\Programas\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.est...81.84.29.39_1498&=&req=1220009719843OneCC.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{157A74B9-2932-4944-9DC7-404D751852EC}: NameServer = 212.113.161.226,212.113.161.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{157A74B9-2932-4944-9DC7-404D751852EC}: NameServer = 212.113.161.226,212.113.161.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: qrdhjh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)
O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programas\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programas\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programas\Ficheiros comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Programas\TVersity\Media Server\MediaServer.exe
--
End of file - 11085 bytes
 
Fixed and cheked nestas entradas, depois de olhares para elas com a devida atenção e não as conheçeres como instalações feitas por ti.

O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)

O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)

O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)

O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)

O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)

O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)

O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b

O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.esta...19843OneCC.cab

O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)

O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)

Parece me que é tudo..lol
 
Bem...aqui esta o ficheiro criado. Pelo que entendo diz que nao detectou trojans. Mas isto pra mim é chines.

Cumps

SDFix: Version 1.240
Run by Administrador on 17-11-2008 at 23:17
Microsoft Windows XP [VersÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 23:33:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"="qrdhjh.dll"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\DOCs\\UTILITARIOS\\emule0.48a-Xtreme6.1\\emule.exe"="D:\\DOCs\\UTILITARIOS\\emule0.48a-Xtreme6.1\\emule.exe:*:Enabled:eMule"
"C:\\Programas\\eMule\\emule.exe"="C:\\Programas\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programas\\TVAnts\\Tvants.exe"="C:\\Programas\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Programas\\SopCast\\SopCast.exe"="C:\\Programas\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Documents and Settings\\Utilizador\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Utilizador\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Programas\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:PowerDVD"
"C:\\Programas\\DNA\\btdna.exe"="C:\\Programas\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Programas\\BitTorrent\\bittorrent.exe"="C:\\Programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programas\\Bowlfish\\eMule.exe"="C:\\Programas\\Bowlfish\\eMule.exe:*:Enabled:eMule"
"C:\\Programas\\Azureus\\Azureus.exe"="C:\\Programas\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programas\\TVersity\\Media Server\\TVersity.exe"="C:\\Programas\\TVersity\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Protocol"
"C:\\Programas\\Internet Explorer\\iexplore.exe"="C:\\Programas\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Utilizador\\Definições locais\\Temp\\occ.exe"="C:\\Documents and Settings\\Utilizador\\Definições locais\\Temp\\occ.exe:*:Enabled:OneCC Module"
"C:\\Programas\\DreMule\\emule.exe"="C:\\Programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
"C:\\Programas\\Bonjour\\mDNSResponder.exe"="C:\\Programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programas\\iTunes\\iTunes.exe"="C:\\Programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="C:\\Programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programas\\TVersity\\Media Server\\MediaServer.exe"="C:\\Programas\\TVersity\\Media Server\\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :

Files with Hidden Attributes :
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programas\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programas\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programas\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programas\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Fri 31 Oct 2008 73,216 ..SHR --- "C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe"
Wed 5 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 3 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c948e02212d240149f18da43d547284b\BIT2.tmp"
Finished!
 
Comece por criar um ponto de restauro fresco.

 Descarregue e instale o seguinte programa:

A versão Slim do CCleaner (sem toolbar, em Inglês):
http://www.ccleaner.com/download/builds.aspx

Depois de instalado o programa acima, reinicie em Modo de Segurança depois de pressionar F8 ao arrancar o sistema, faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada uma):
Código: 
O2 - BHO: (no name) - {0747E7F9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
O2 - BHO: (no name) - {0AF6F4C1-A419-4EED-BA4E-CBF12A16ADFE} - C:\WINDOWS\system32\rqRKCttu.dll (file missing)
O2 - BHO: (no name) - {3A3F3FC9-85D0-4653-95B9-6BECE96EB233} - C:\WINDOWS\system32\puremugx.dll (file missing)
O2 - BHO: (no name) - {5443F82A-085A-4A40-AA3E-D384E2A75118} - (no file)
O2 - BHO: (no name) - {6946A48D-F00B-4AA1-A69C-A8D87FE3D760} - (no file)
O2 - BHO: {7610d8aa-d6c4-b089-b784-bb18594f0c7a} - {a7c0f495-81bb-487b-980b-4c6daa8d0167} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [6c3a0571] rundll32.exe "C:\WINDOWS\system32\jrjpejdf.dll",b
O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-0770095794-1943414732-509843067-7543\hdav.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.126.downloads.esta...19843OneCC.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O20 - AppInit_DLLs: qrdhjh.dll
O20 - Winlogon Notify: opnlMcAR - opnlMcAR.dll (file missing)
O20 - Winlogon Notify: rqRKCttu - rqRKCttu.dll (file missing)
 Faça a limpeza clicando em Fix checked, confirme se necessário e encerre o HJT.

 Reinicie o sistema de novo em Modo de Segurança.

Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.

Terminada a limpeza reinicie o sistema em Modo Normal.

Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

Actualize as definições clicando no botão Check for Updates...

Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.

E desmarque todos os outros. Agora clique em Close para sair deste menu.

Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.

 Se estiver a usar o Spybot S&D e o SpywareBlaster, desactive as imunizações antes de fazer o scan com o SUPERAntiSpyware.
Encerre o programa, reinicie o PC e teste.

 Desinstale todas as versões de Java que tem via Adicionar ou Remover Programas, apague a pasta C:\Programas\Java e instale a última versão daqui.

Diga-nos se resultou.

Zee
 
Boa noite

Quero agradecer as ajudas que me prestaram, mas como a remoçao do virus estava a ser demasiado complexa para mim, decidi fazer uma formatação do windows.

Obrigado a todos mais uma vez
 
Inicie sessão ou registe-se para poder participar.
Back
Topo