1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Não consigo instalar HijackThis e outros

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Crazygar, 3 de Janeiro de 2009. (Respostas: 21; Visualizações: 1667)

  1. Boas

    Tou com um problema.
    Não consigo entrar em nenhum sites de segurança(Avast,Avg,etc.), como tal não consegui ir buscar a nova Key para o Avast Home edition.
    Então fiz downloud do AVG, instalei-o, mas agora não faz actualizações pk não consegue ir ao site da AVG.
    Entretanto fui tentado resolver o probl, já tentei instalar o SUPERAntiSpyware, o Malwarebytes' Anti-Malware e o HijackThis e nada.
    Faço executar e nada acontece, aparecem no gestor de Tarefas mas não instalam.
    O unico k consegui foi o CCleaner, já corri mas nada.


    Será k alguma alma caridosa me pode ajudar?
     
  2. Blue Zee

    Blue Zee Power Member

    Altere o nome do instalador do Malwarebytes para setup.exe.

    Tente instalar mas renomeie a pasta de destino, em vez de C:\Programas\Malwarebytes' Anti-Malware chame-lhe C:\Programas\xpto.

    Depois de instalado desta forma, localize o ficheiro

    C:\Programas\xpto\mbam.exe

    e altere o nome para xpto.exe.

    Agora faça duplo clique sobre o xpto.exe, funciona?

    Se sim, tente actualizar e diga-me o resultado.

    Zee
     
  3. Tens firewall, as vezes pode ser alguma tarefa na firewall que tenhs posto para permitir, se nao nessas ocasioes existe sempre a forma mais facil........Format
     
  4. Fiz o que o Blue Zee me disse. deu resultado em parte.
    Ele iniciou a instalação, algo não não fazia antes, mas não conclui a instalação. Estranho!!!
    Contudo ele está instalado.
    Mas quando faço double click nada acontece. O mesemo já me acontecia com o Spybot - Search & Destroy.

    Não tenho firewall sem ser a que vem no windows e não lhe mexi.
     
  5. Já consegui instalar o hijackthis.

    Aqui vai o relatório

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:27:09, on 03-01-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe
    C:\WINDOWS\system32\WinSys.exe
    D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    D:\Programas\Nero\Nero8\InCD\InCD.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\TomTom HOME 2\HOMERunner.exe
    C:\Programas\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Programas\ANYCOM\Blue USB-200-250\BTTray.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programas\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F3 - REG:win.ini: load=C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] D:\Programas\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SpamNullifier] C:\Programas\SpamNullifier\SN.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [TZ Spyware Remover] C:\Programas\TrackZapper.com\TZ Spyware Remover\SpyRem.exe /STARTUP
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\spoolsv.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\mqtgsvc.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp officejet 4100 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1167926277312
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9869 bytes
     
  6. Blue Zee

    Blue Zee Power Member

    Esqueceu-se de renomear a pasta de destino do Malwarebytes.

    Faça um fix a estas entradas com o HJT:

    F3 - REG:win.ini: load=C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\spoolsv.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\mqtgsvc.exe /waitservice
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'Default user')


    Faça o Fix Checked, confirme se necessário, encerre o HJT e reinicie o sistema.

    Desinstale o TrackZapper via Adicionar ou Remover Programas.

    Reinicie o sistema, teste, faça um novo scan com o HJT e coloque o log.

    Boa sorte.

    Zee
     
  7. Já fiz o que disseste, mas não encontrei no adicionar e remover Programas o TrackZapper. Fiz uma busca e encontrei uma pasta vazia. Achas k apago a pasta.


    Já corri o Hijackthis e vê lá o relatório



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51:35, on 03-01-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\RTHDCPL.EXE
    D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    D:\Programas\Nero\Nero8\InCD\InCD.exe
    C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\TomTom HOME 2\HOMERunner.exe
    C:\Programas\DAEMON Tools Lite\daemon.exe
    C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programas\ANYCOM\Blue USB-200-250\BTTray.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F3 - REG:win.ini: load=C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] D:\Programas\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SpamNullifier] C:\Programas\SpamNullifier\SN.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [TZ Spyware Remover] C:\Programas\TrackZapper.com\TZ Spyware Remover\SpyRem.exe /STARTUP
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsrv.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\ADMINI~1\APPLIC~1\rsvp.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\ADMINI~1\APPLIC~1\logman.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\ADMINI~1\APPLIC~1\logman.exe /waitservice (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp officejet 4100 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1167926277312
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9897 bytes
     
  8. Obrigadão pela ajuda!

    Olha continuo sem actualizações e sem conseguir executar os programas Malwarebytes e Spybots.

    Será mesmo virus ou trojans?
     
  9. Blue Zee

    Blue Zee Power Member

    Fez a limpeza com o HJT...??

    Faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada uma):

    F3 - REG:win.ini: load=C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\clipsr v.exe
    O4 - HKCU\..\Run: [TZ Spyware Remover] C:\Programas\TrackZapper.com\TZ Spyware Remover\SpyRem.exe /STARTUP

    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\spoolsv.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\mqtgsvc.exe /waitservice
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice (User 'Default user')


    Faça a limpeza clicando em Fix checked, confirme se necessário e encerre o HJT.

    Reinicie o sistema, teste e coloque um novo log do HJT.

    Zee
     
  10. Aqui vai o ultimo Log.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:58:27, on 03-01-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\RTHDCPL.EXE
    D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    D:\Programas\Nero\Nero8\InCD\InCD.exe
    C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\TomTom HOME 2\HOMERunner.exe
    C:\Programas\DAEMON Tools Lite\daemon.exe
    C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programas\ANYCOM\Blue USB-200-250\BTTray.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Programas\Bonjour\mDNSResponder.exe
    D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] D:\Programas\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] D:\Programas\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SpamNullifier] C:\Programas\SpamNullifier\SN.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp officejet 4100 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1167926277312
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Programas\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9089 bytes
     
  11. Blue Zee

    Blue Zee Power Member

    Como é que estamos quanto aos problemas que tinha?
     
  12. Ok


    O AVG continua sem fazer updates, continuo sem conseguir entrar em alguns sites(www.avast.com por exemplo) e continuo sem conseguir executar o Malwarebytes e Spybots.

    Ou seja continua igual.

    O k k achas que será? um virus?
     
  13. Blue Zee

    Blue Zee Power Member

    Vírus ou outro malware.

    Já testou o Malwarebytes em Modo de Segurança?

    Vá à pasta:

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    Localize um ficheiro chamado HOSTS (sem extensão) e mude-lhe o nome para OLDHOSTS.
    Teste.

    Vá anda à pasta

    C:\Programa\Malwarebytes' Anti-Malware

    Localize o ficheiro mbam.exe e crie uma cópia com o nome xpto.exe.

    Criada a cópia, faça duplo clique sobre xpto.exe.

    O Malwarebytes corre?

    Zee
     
    Última edição: 3 de Janeiro de 2009
  14. Copiei o mbam.exe mudei-lhe de nome e resultou, já tou a correr o Malwarebytes.

    Problema é que não actualiza.

    Mudei o nome do ficheiro, não resultou.
    Ainda não experimentei nada em modo de segurança, acho que nem sei reiniciar nesse modo, mas eu descubro.

    O problema é que o "virus" me está a blokear o acesso a certos sites.
    Como é k isso é possivel?

    Olha continuo a agradecer o tempo que estás a gastar cmg.

    Vou ter que me ausentar, amanha ou ainda hoje vou ver as tuas respostas para ver se consigo resolver este problema.

    Obrigado
     
  15. Lusitanius

    Lusitanius Suspenso

  16. Blue Zee

    Blue Zee Power Member

    Descarregue a base de dados actualizada:
    http://www.gt500.org/malwarebytes/mbam-rules.exe

    Antes de executar mude-lhe o nome para regras.exe e então faça o duplo clique para instalar.

    No final corra o MAM usando de novo o ficheiro renomeado.

    Boa sorte,

    Zee
     
  17. AlexC

    AlexC Power Member

    Boa noite,

    Apesar da boa intenção subjacente à sugestão do Lusitanius, aconselho-te a que não uses o Combofix. É uma ferramenta difícil de usar e sem supervisão de alguém entendido podes danificar o teu sistema.

    Segue à risca as instruções do Blue Zee. Já ajudou e vem ajudando muita gente neste fórum.

    Caso não consigam de maneira nenhuma descarregar/actualizar software de segurança, sugiro, como solução de recurso, que tentem o Kaspersky Virus Removal Tool. Trata-se de uma ferramenta de remoção de malware que vem já actualizada.

    -Descarrega o programa para o ambiente de trabalho.
    O link para download é este: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
    Caso não consigas também usar este link, faz download do programa em: http://www.softpedia.com/
    Escreve "Kaspersky Virus Removal Tool" na caixa de procura.

    -Isola o computador da Internet (desligar o cabo do computador, desactivar o wireless...).

    -Reinicia o Pc em modo de segurança ("Iniciar>executar>msconfig>BOOT.INI>SAFEBOOT>Ok" ou pressiona a tecla F8 intermitentemente, ou F5 em alguns casos, durante o arranque).

    -Se tiveres pens que utilizes frequentemente liga-as ao computador. Instala o programa. Para além do que já vem marcado para ser examinado, marca "O meu computador" e as pens que eventualmente tenhas ligado.

    Informação sobre o rootkit TSSServ, referido pelo Lusitanius, pode ser encontrada aqui: http://www.linhadefensiva.org/2008/12/praga-digital-bloqueia-acesso-a-linha-defensiva/

    Boa sorte.
     
    Última edição: 4 de Janeiro de 2009
  18. Está resolvido!!!


    O Malwarebytes conseguiu remover. aqui vai o relatorio


    Malwarebytes' Anti-Malware 1.31
    Versão do banco de dados: 1456
    Windows 5.1.2600 Service Pack 3

    03-01-2009 22:48:03
    mbam-log-2009-01-03 (22-48-03).txt

    Tipo de Verificação: Completa (C:\|D:\|E:\|)
    Objetos verificados: 148912
    Tempo decorrido: 52 minute(s), 19 second(s)

    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 0
    Chaves do Registo infectadas: 2
    Valores do Registo infectados: 0
    Ítens do Registo infectados: 2
    Pastas infectadas: 0
    Ficheiros infectados: 14

    Processos da Memória infectados:
    (Nenhum item malicioso foi detectado)

    Módulos de Memória Infectados:
    (Nenhum item malicioso foi detectado)

    Chaves do Registo infectadas:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valores do Registo infectados:
    (Nenhum item malicioso foi detectado)

    Ítens do Registo infectados:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

    Pastas infectadas:
    (Nenhum item malicioso foi detectado)

    Ficheiros infectados:
    C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Delete on reboot.




    Já actualizou o AVG e já consigo correr todos os programas.

    Tudo graças a voçes

    Muito obrigado a todos

    e

    em especial ao Blue Zee

    Continuem com o bom trabalho
     
  19. Blue Zee

    Blue Zee Power Member

    As notícias são boas, mas sugiro actualize o MAM, reinicie o sistema e faça um novo scan completo.

    A base de dados que utilizou foi a 1456, enquanto a actual é a 1612.

    Se tudo estiver bem, o log final deverá estar limpo.

    Zee
     
  20. Lusitanius

    Lusitanius Suspenso

    Mas tu já alguma vez usaste o Combofix? Aquilo é só executar o software e aguardar, não existem opções nem escolhas :Whatever: O Combofix só elimina o malware, portanto não danifica nada no sistema. Deves estar com certeza a fazer confusão com outro software qualquer.
     

Partilhar esta Página