1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

SUPERAntiSpyware reinicia PC

Discussão em 'Windows 7 e anteriores' iniciada por tiago123, 3 de Dezembro de 2008. (Respostas: 20; Visualizações: 1263)

  1. tiago123

    tiago123 Power Member

    Fiz o scan com o SAS e ele encontrou 36 treaths quando clikei segueinte para eleminar ele começou o processo e depois foi como se o explorer.exe se tivesse desligado e o PC desligou.

    Tou a voltar a fazer o scan preciso de ajuda urgentemente!!!
     
  2. Blue Zee

    Blue Zee Power Member

    Em alguns casos o SAS reinicia para conseguir eliminar as ameaças.

    Qual foi o resultado do novo scan?

    Quais foram os problemas que o levaram a fazer o scan?
     
  3. tiago123

    tiago123 Power Member

    Virus!!!!

    O SAS encontra vundo small-gen e vundo next-gen e ainda adware cookies e rogue.trace qualquer coisa quando vai eleminar o PC Desliga!!!
     
  4. Blue Zee

    Blue Zee Power Member

    Mau sinal...

    Tente o SDFix.

    Zee
     
  5. tiago123

    tiago123 Power Member

  6. tiago123

    tiago123 Power Member

    No fim deu isto:



    SDFix: Version 1.240
    Run by user on 04-12-2008 at 14:31

    Microsoft Windows XP [VersÆo 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\rqRhfDSL.dll - Deleted
    C:\Documents and Settings\user\Defini‡äes locais\Temp\ubi1D2.tmp.exe - Deleted
    C:\Documents and Settings\user\Defini‡äes locais\Temp\ubi606.tmp.exe - Deleted
    C:\DOCUME~1\user\DEFINI~1\Temp\tmp1E.tmp - Deleted
    C:\DOCUME~1\user\DEFINI~1\Temp\tmp6.tmp - Deleted
    C:\DOCUME~1\user\DEFINI~1\Temp\tmpC1.tmp - Deleted
    C:\DOCUME~1\user\DEFINI~1\Temp\tmpDB.tmp - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-04 14:36:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programas\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:54,9e,24,a4,2c,29,f7,4c,1b,5d,10,cf,79,d1,2c,56,15,ca,4a,5a,a3,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,19,80,51,60,f7,f6,c0,c7,31,4f,5c,13,67,09,af,bf,2f,..
    "khjeh"=hex:7e,69,32,b9,17,99,4d,6b,9f,4f,d2,65,77,ac,77,b5,1a,0c,4c,ab,c1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:0d,c1,7c,6c,58,0c,6a,7f,a0,44,29,eb,49,98,74,43,47,90,58,db,f1,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programas\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:54,9e,24,a4,2c,29,f7,4c,1b,5d,10,cf,79,d1,2c,56,15,ca,4a,5a,a3,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,19,80,51,60,f7,f6,c0,c7,31,4f,5c,13,67,09,af,bf,2f,..
    "khjeh"=hex:7e,69,32,b9,17,99,4d,6b,9f,4f,d2,65,77,ac,77,b5,1a,0c,4c,ab,c1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:0d,c1,7c,6c,58,0c,6a,7f,a0,44,29,eb,49,98,74,43,47,90,58,db,f1,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Programas\\MSN Messenger\\msnmsgr.exe"="C:\\Programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Programas\\MSN Messenger\\livecall.exe"="C:\\Programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Programas\\eMule\\emule.exe"="C:\\Programas\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
    "C:\\Programas\\ASoft\\AutoExit\\AutoExit.exe"="C:\\Programas\\ASoft\\AutoExit\\AutoExit.exe:*:Enabled:Public Release Version"
    "C:\\Programas\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Programas\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
    "C:\\Programas\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Programas\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
    "C:\\Programas\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"="C:\\Programas\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe:*:Enabled:Crysis"
    "C:\\Programas\\Electronic Arts\\EADM\\Core.exe"="C:\\Programas\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
    "C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "D:\\ZON.exe"="D:\\ZON.exe:*:Enabled:Guia interactivo ZON"
    "C:\\Programas\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programas\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
    "C:\\Programas\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe"="C:\\Programas\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
    "C:\\Programas\\iTunes\\iTunes.exe"="C:\\Programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Programas\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Programas\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
    "C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\\Programas\\CrosuS\\CrosuSApp.exe"="C:\\Programas\\CrosuS\\CrosuSApp.exe:*:Enabled:Crosus"
    "C:\\Programas\\IGWarlord\\igwarlord.exe"="C:\\Programas\\IGWarlord\\igwarlord.exe:*:Enabled:IGWarlord"
    "C:\\Programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    "C:\\Programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Programas\\MSN Messenger\\msnmsgr.exe"="C:\\Programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Programas\\MSN Messenger\\livecall.exe"="C:\\Programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 25 Aug 2008 355 ...H. --- "C:\Boot.BAK"
    Mon 1 Jan 1990 40,960 ..SHR --- "C:\WINDOWS\system32\KcrndDrv.dll"
    Mon 1 Dec 2008 3,722 ...HR --- "C:\Documents and Settings\user\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!
     
  7. tiago123

    tiago123 Power Member

    No SAS:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/04/2008 at 02:45 PM

    Application Version : 4.22.1014

    Core Rules Database Version : 3661
    Trace Rules Database Version: 1641

    Scan type : Quick Scan
    Total Scan Time : 00:05:51

    Memory items scanned : 600
    Memory threats detected : 1
    Registry items scanned : 454
    Registry threats detected : 9
    File items scanned : 12151
    File threats detected : 17

    Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\MLJCSMJA.DLL
    C:\WINDOWS\SYSTEM32\MLJCSMJA.DLL
    C:\WINDOWS\SYSTEM32\MLJAQNKE.DLL
    C:\WINDOWS\SYSTEM32\NNNLLIBX.DLL
    C:\WINDOWS\SYSTEM32\SSQRLDDC.DLL

    Trojan.Vundo-Variant/NextGen
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8566DF0-E1C4-4A6A-93EB-110D131B0589}
    HKCR\CLSID\{A8566DF0-E1C4-4A6A-93EB-110D131B0589}
    HKCR\CLSID\{A8566DF0-E1C4-4A6A-93EB-110D131B0589}\InprocServer32
    HKCR\CLSID\{A8566DF0-E1C4-4A6A-93EB-110D131B0589}\InprocServer32#ThreadingModel

    Unclassified.Unknown Origin
    HKU\S-1-5-21-1060284298-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

    Adware.Tracking Cookie
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    C:\Documents and Settings\user\Cookies\[email protected][2].txt
    C:\Documents and Settings\user\Cookies\[email protected][1].txt
    ads1.mediaops.com.br [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\82u0guvu.default\cookies.txt ]
    ad.yieldmanager.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\82u0guvu.default\cookies.txt ]
    ad.yieldmanager.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\82u0guvu.default\cookies.txt ]
    ad.yieldmanager.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\82u0guvu.default\cookies.txt ]

    Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\RemoveRP

    Rogue.Component/Trace
    HKLM\Software\Microsoft\D8623098
    HKLM\Software\Microsoft\D8623098#d8623098
    HKLM\Software\Microsoft\D8623098#Version

    Adware.Vundo/Variant
    C:\RECYCLER\S-1-5-21-1060284298-1770027372-839522115-1003\DC34.DLL
     
  8. Blue Zee

    Blue Zee Power Member

    Lá apagou umas coisitas más...

    Por onde é que anda a navegar? E que anda a descarregar para o sistema?

    Como é que está o PC agora? Bem, mais ou menos, ou nem por isso?

    Faça um scan com o Malwarebytes Anti-Malware.

    Instale, actualize e faça um scan total.

    Diga-me quais são os problemas depois e coloque um log do HJT (depois de correr o Malwarebytes Anti-Malware).

    Zee
     
  9. Madcaddie

    Madcaddie Dr. Super labrego
    Staff Member

    O titulo foi alterado para uma descrição mais correcta e perceptivel para quem possa ter o mesmo problema

    cumprimentos
     
    Última edição: 4 de Dezembro de 2008
  10. tiago123

    tiago123 Power Member

    Depois de tudo consegui eleminar tudo mas fiz scan com o nod32 actualizado e diz que tenho um virus chamado Themida
     
  11. Blue Zee

    Blue Zee Power Member

    E não limpa?

    Tente correr o anti-vírus em Modo de Segurança.

    Zee
     
  12. tiago123

    tiago123 Power Member

  13. tiago123

    tiago123 Power Member

    outra coisa podia me explicar o que este Themida faz??


    Obrigado
     
  14. Blue Zee

    Blue Zee Power Member

    Está aqui uma discussão interessante sobre o tema.

    Zee
     
  15. tiago123

    tiago123 Power Member

    obrigado mas eu nao consigo eleminar a.......... do Themida ja esprementei tudo
     
  16. Blue Zee

    Blue Zee Power Member

    Veja se tem este ficheiro:

    C:\WINDOWS\win32.exe
     
  17. tiago123

    tiago123 Power Member

    Nao tenho o ficheiro mencionado
     
  18. tiago123

    tiago123 Power Member

    Pelo o nome penso que esse ficheiro seja importante ou entao um "apoio" a um virus
     
  19. Blue Zee

    Blue Zee Power Member

    Qual é o nome e localização do ficheiro identificado pelo anti-vírus?
     
  20. tiago123

    tiago123 Power Member

    voltei a dar scan no pc com o SAS e deu me 19 Adware.TrackingCookie
    o nod32 não encontrou o themida
    ja agora existe alguma maneira de acabar com estes Adware.TrackingCookie de uma vez por todas tenho um que já eliminei umas 3 vezes e chama-se doubleclick.net
     

Partilhar esta Página