1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Estou a dar em doido!!!!!

Discussão em 'Dúvidas e Suporte Técnico PC' iniciada por jc_per, 29 de Junho de 2007. (Respostas: 6; Visualizações: 1047)

  1. Boa Noite,

    Depois de ter sido infectado por virus e de os ter eliminado, agora não consigo aceder às drives c: e d:, surge sistematicamente a mensagem: "o windows não consegue localizar 'copy.exe'..." Eu sei que posso aceder aos discos clicando no lado direito do rato e depois clicar "abrir"....mas não deixa de ser uma grande chatice!!!!

    Please Help!

    Aqui fica o logfile do hijackthis:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:52:02, on 29-06-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programas\ASUS\ASUS Live Update\ALU.exe
    C:\Programas\ASUS\Power4 Gear\BatteryLife.exe
    C:\Programas\Wireless Console 2\wcourier.exe
    C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
    C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
    C:\Programas\Brother\ControlCenter2\brctrcen.exe
    C:\Programas\QuickTime\qttask.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\Programas\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Programas\PowerISO\PWRISOVM.EXE
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programas\Asus\Asus ChkMail\ChkMail.exe
    C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Programas\Brother\Brmfcmon\BrMfcmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Programas\Internet Explorer\iexplore.exe
    D:\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epistemelinks.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar5.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ASUS Live Update] "C:\Programas\ASUS\ASUS Live Update\ALU.exe"
    O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\ASUS\Power4 Gear\BatteryLife.exe" 1
    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Programas\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Programas\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Programas\Asus\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Monitor de estado.lnk = C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165275887484
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 11855 bytes
     
  2. edusantos

    edusantos Power Member

    faz um fomat c:

    remédio santo:-D
     
  3. mistic_girl

    mistic_girl Power Member

    Tens o Cd do windows? Faz reparação ...
    De certeza que ainda não tens o vírus no teu computador, podes não o ter eliminado por completo por causa da restauração do computador. Passa o Kaspersky online scanner, kaspersky.com. Pode ser que ele encontre algum vestígio!


    Inté

    Depois diz qualquer coisa!
     
  4. benedek

    benedek Power Member

    activa a opção para ver os ficheiros ocultos. procura no rais umficheiro autorun.inf. abra o ficheiro com un editor de texto. se vais encontrar uma linha que contem " copy.exe" fencha o ficheiro e apaga. esta resolvido!
     
  5. tonebiclas

    tonebiclas Power Member

    simples: format!
    só assim terás o SO completamente limpo.
     
  6. benedek

    benedek Power Member

    o virus era o "copy.exe" e foi eliminado. "autorun.inf" não e um executavel e não e detectado como virus por isso não e apagado.
     
  7. Problema resolvido

    Boa noite,

    Começo por agradecer todas as sugestões de ajuda. Mas dando uma volta no google consegui forma de resolver o problema, assim:

    Iniciar > Executar e escreva estes comando (um de cada vez):

    [​IMG] cmd /c del /q /f /A C:\autorun.inf carregue em OK
    [​IMG] cmd /c del /q /f /A D:\autorun.inf carregue em OK

    Pode vir a ser útil para outros membros

    Mais uma vez obrigado

    jcp
     

Partilhar esta Página