1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Não tenho Gestor de Tarefas nem csg aceder a regedit...

Discussão em 'Windows 7 e anteriores' iniciada por Koldblood, 15 de Dezembro de 2008. (Respostas: 12; Visualizações: 1011)

  1. Olá,

    Pedia que alguém pudesse dar uma vista de olhos abalizada a este assunto e que me possa ajudar sff. Obrigado

    Estive a ver vários posts do forúm e fiz muitos dos procedimentos: Instalei e corri o CCS e o SAS de acordo com este post http://forum.zwame.pt/showpost.php?p=3374343&postcount=1213

    No SAS encontrou 10 coisas que resolveu.

    Utilizei tb esta vossa dica:

    "Iniciar > Executar > gpedit.msc
    Configuração do utilizador
    Modelos administrativos
    Sistema (clique sobre a pasta apenas)
    Impedir o acesso às ferramentas de edição do registo
    Escolher Desactivado (ou Não configurado)"

    E apesar de estar desactivado continua a não aparecer o Gestor de Tarefas.

    Outra coisa é que agora está-me sempre a aparecer é umas janelas da firewall do windows ao qual eu cancelo sempre... que me recorde isto nunca ou raramente aparecia e agora é sistemático :(

    Também de acordo com as vossas indicações e na expectativa de dar o minimo trabalho a algum companheiro que possa dar uma ajuda instalei o Hijackthis e deu-me o seguinte log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:47:15, on 15-12-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\vpqwmr.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\dytha.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\jolgqq.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F2 - REG:system.ini: Shell=Explorer.exe "
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Automático EPSON Stylus Photo R220 Series em JOAOBATISTA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P56 "Automático EPSON Stylus Photo R220 Series em JOAOBATISTA" /O22 "\\JOAOBATISTA\EPSONSty" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\bbg01\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P38 "\\bbg01\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [\\BBG05\EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE /FU "C:\DOCUME~1\bpereira\DEFINI~1\Temp\E_S50.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\Software\..\Telephony: DomainName = BBG.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{685F9691-E01D-4404-BA35-C7795B18921B}: NameServer = 192.168.0.100
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BBG.local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    --
    End of file - 7912 bytes
     
  2. nunot

    nunot [email protected] Member

    muda de spyware, corre um antivirus em condições.

    alguns campos a mais :
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\vpqwmr.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\dytha.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\jolgqq.exe
     
  3. Só mais uma cena... tenho o AVG instalado... mas não o csg correr pois quando duplo clico não dá nada e com o botão direito apenas me dá a opção Exit disponivel :S
     
  4. Blue Zee

    Blue Zee Power Member

    Corra o CCleaner como indicado no post que refere.

    Reinicie o sistema.

    Use o HJT para fazer um fix a estas entradas:

    F2 - REG:system.ini: Shell=Explorer.exe "
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

    Confirme se necessário, encerre o HJT e reinice o sistema.

    Teste.

    Resolveu?

    Zee


    Edit:
    No final coloque um novo log do HJT.
     
    Última edição: 15 de Dezembro de 2008
  5. Desde já obrigado pela atenção Zee :)

    Fiz conforme pedido e continua a não aparecer o gestor de tarefas :(

    Reparei que o F2 apagou e não voltou. Agora o O7 primeiramente apagou mas quando fiz reboot ele estava lá novamente, ainda pensei que podia ter errado qualquer coisa e voltei a apagar e fazer o reboot mas ele volta a lá estar.

    Deixo o novo HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:46:31, on 15-12-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winsdod.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winptks.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winfolkkv.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Automático EPSON Stylus Photo R220 Series em JOAOBATISTA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P56 "Automático EPSON Stylus Photo R220 Series em JOAOBATISTA" /O22 "\\JOAOBATISTA\EPSONSty" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\bbg01\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P38 "\\bbg01\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [\\BBG05\EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE /FU "C:\DOCUME~1\bpereira\DEFINI~1\Temp\E_S50.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\Software\..\Telephony: DomainName = BBG.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{685F9691-E01D-4404-BA35-C7795B18921B}: NameServer = 192.168.0.100
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BBG.local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 7872 bytes
     
  6. Blue Zee

    Blue Zee Power Member

    Corra o SDFix e depois coloque um novo log.

    Zee
     
  7. Continua a não me aparecer o gestor de tarefas :(

    Só consegui correr o windows em modo de segurança na opção "restaurar serviços de directórios...". Só carregar em modo de segurança, ou rede, ou comandos do DOS, dava sempre um ecrã azul e voltava a reiniciar... pelo meio perguntava Press Esc Loading SPTD.sys... tentei com e sem ESC e não dava nada... só correu em segurança na opção acima.

    Corri o SDFix que reportou o seguinte: (tem mais umas coisas que não sei se é relevante colocar

    SDFix: Version 1.240
    Run by administrator on 15-12-2008 at 16:26

    Microsoft Windows XP [VersÆo 5.1.2600]
    Running From: C:\sdfix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\10.tmp - Deleted
    C:\11.tmp - Deleted
    C:\13.tmp - Deleted
    C:\14.tmp - Deleted
    C:\15.tmp - Deleted
    C:\16.tmp - Deleted
    C:\17.tmp - Deleted
    C:\19.tmp - Deleted
    C:\1A.tmp - Deleted
    C:\1B.tmp - Deleted
    C:\1C.tmp - Deleted
    C:\1D.tmp - Deleted
    C:\1E.tmp - Deleted
    C:\1F.tmp - Deleted
    C:\20.tmp - Deleted
    C:\21.tmp - Deleted
    C:\22.tmp - Deleted
    C:\23.tmp - Deleted
    C:\24.tmp - Deleted
    C:\25.tmp - Deleted
    C:\26.tmp - Deleted
    C:\27.tmp - Deleted
    C:\28.tmp - Deleted
    C:\29.tmp - Deleted
    C:\2A.tmp - Deleted
    C:\2B.tmp - Deleted
    C:\2C.tmp - Deleted
    C:\2D.tmp - Deleted
    C:\2E.tmp - Deleted
    C:\2F.tmp - Deleted
    C:\30.tmp - Deleted
    C:\31.tmp - Deleted
    C:\32.tmp - Deleted
    C:\33.tmp - Deleted
    C:\34.tmp - Deleted
    C:\35.tmp - Deleted
    C:\36.tmp - Deleted
    C:\37.tmp - Deleted
    C:\38.tmp - Deleted
    C:\39.tmp - Deleted
    C:\3A.tmp - Deleted
    C:\3B.tmp - Deleted
    C:\3C.tmp - Deleted
    C:\3D.tmp - Deleted
    C:\3E.tmp - Deleted
    C:\3F.tmp - Deleted
    C:\WINDOWS\system32\1.reg - Deleted
    C:\Programas\Setup.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 16:39:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002728196f9]
    "000e6d3134ab"=hex:d2,0c,af,56,56,4d,b4,77,7b,06,30,7f,a4,c8,b4,67
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94120f6e]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:8fb6d6fa
    "s1"=dword:a2e8bb7f
    "s2"=dword:fd976e9f
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:36,ee,7f,04,bb,a8,10,08,00,af,e0,66,d2,fd,04,80,b1,04,a0,d5,bf,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0002728196f9]
    "000e6d3134ab"=hex:d2,0c,af,56,56,4d,b4,77,7b,06,30,7f,a4,c8,b4,67
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a94120f6e]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:36,ee,7f,04,bb,a8,10,08,00,af,e0,66,d2,fd,04,80,b1,04,a0,d5,bf,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll"
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710
    "LoadAppInit_DLLs"=dword:00000001

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :


    E o um novo log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:54:53, on 15-12-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winvjfyq.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winayxj.exe
    C:\DOCUME~1\bpereira\DEFINI~1\Temp\winggejp.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Automático EPSON Stylus Photo R220 Series em JOAOBATISTA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P56 "Automático EPSON Stylus Photo R220 Series em JOAOBATISTA" /O22 "\\JOAOBATISTA\EPSONSty" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\bbg01\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P38 "\\bbg01\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [\\BBG05\EPSON Stylus Photo 1400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE /FU "C:\DOCUME~1\bpereira\DEFINI~1\Temp\E_S50.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\Software\..\Telephony: DomainName = BBG.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{685F9691-E01D-4404-BA35-C7795B18921B}: NameServer = 192.168.0.100
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BBG.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BBG.local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 7839 bytes
     
  8. Blue Zee

    Blue Zee Power Member

    Na situação em que está o sistema a solução é formatar e reinstalar.

    Está demasiado comprometido para se tentar qualquer reparação. Melhor do que ninguém saberá o que fez ou tem feito para chegar a esta situação.

    Para sua segurança, repito, formate e reinstale tudo de fresco.

    Se tem acedido a bancos ou sites seguros com esse PC, recomendo vivamente que altere rapidamente as senhas de acesso e passwords.

    Não querendo ser alarmista, faça-o rapidamente mas não com o PC nesse estado.

    Se for um PC de entretenimento, melhor, mas formatar e reinstalar é obrigatório, mais rápido e acima de tudo muito mais seguro.

    Lamento.

    Não esqueça: descarregue o SP3 daqui (seleccione o idioma correcto!):
    http://www.microsoft.com/downloads/d...displaylang=en

    Instale offline.

    Depois de instalado não deixe de visitar o Windows Update.

    Boa sorte,

    Zee
     
    Última edição: 15 de Dezembro de 2008
  9. EU não abro nenhum ficheiro exe, qualquer tipo de site que não seja fidedigno não clico em qualquer janela popup, não abro e-mails de quem não conheço o remetente... o problema é que este pc está em rede...

    Obrigado pela sua ajuda e atenção.

    Abraço
     
  10. Blue Zee

    Blue Zee Power Member

    O meu comentário não é nenhuma acusação e/ou recriminação.

    Trata-se apenas de uma opinião pessoal sobre o sistema analisado e a solução que tecnicamente entendo ser a mais correcta e acima de tudo a mais segura.

    Apenas isso.

    De resto a decisão final será sempre sua.

    Boa sorte,

    Zee
     
  11. Sim claro eu percebi e agradeço a sua atenção e vou seguir o seu conselho... mas aproveitava para lhe perguntar mais uma coisa: Se eu fizer um backup das pastas que necessito que são essencialmente ficheiros .doc, .xls e jpgs e passar para outro pc ou gravar num dvd e quando voltar a colocar esse backup no pc formatado ele vai ficar infectado ou com o mesmo problema novamente?

    Obrigado
     
  12. Blue Zee

    Blue Zee Power Member

    Em princípio, documentos e fotos não causarão problemas.

    Para maior segurança use um bom anti-vírus e faça um scan ao suporte (pen, CD ou DVD) antes de os copiar de volta.

    Não deverá ter problemas.

    Zee
     
  13. Mais uma vez obrigado :)
     

Partilhar esta Página