1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

perdi ambiente de trabalho loooooooool

Discussão em 'Windows 7 e anteriores' iniciada por kcc_alex, 14 de Fevereiro de 2008. (Respostas: 6; Visualizações: 1872)

  1. kcc_alex

    kcc_alex Banido

    boas
    a pouco estava no pc e apareceu me o aviso de um possível trojan e de um momento para o outro desapareceu me o ambiente de trabalho, os incons e a barra de ferramentas, apenas fiquei com a imagem de fundo e para abrir alguma aplicacao tenho de fazer crtl+alt+del caso contrario nao tenho nada no ecra...
    Sabem alguma solução pra isto sem ter de formatar?
    o pc funciona normalmente, pois agora estou na net, mas nao me aparece nada no ecra....:005:

    help!!!
     
  2. paraai5

    paraai5 Power Member

    http://hijackthis.de/ - fazes o dowload corres e depois postas o log.

    CCcleaner, ad ware, programas que te permitam fazer ums limpeza ao Pc.

    Tesn varios topicos aqui no forum sobre como o usar o Hijack .
     
  3. kcc_alex

    kcc_alex Banido

    Logfile of HijackThis v1.99.1
    Scan saved at 19:37:52, on 14-02-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Programas\cFosSpeed\spd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Programas\Creative\Shared Files\CTDevSrv.exe
    C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Explorer.exe
    C:\Programas\uTorrent\uTorrent.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\update.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Programas\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\DEFINI~1\Temp\Rar$EX00.390\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/star
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programas\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Programas\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Programas\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programas\Ray Adams\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - Startup: SAPO ADSL.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programas\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189634057665
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://apps.fe.up.pt/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programas\cFosSpeed\spd.exe" -service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programas\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Programas\TGTSoft\StyleXP\StyleXPService.exe

    e agora?
     
  4. Queiros

    Queiros Power Member

    já agora para voltares a ter Ambiente de trabalho experimenta ctrl+alt+del e no separador "Aplicações" escolhe "Nova tarefa..." depois escreves "explorer.exe" e deve funcionar...
     
  5. kcc_alex

    kcc_alex Banido

    nao da na mesma! o explorer esta a ser executado como sempre...
     
  6. Queiros

    Queiros Power Member

    então não sei, não te posso ajudar com o hijackthis, não percebo nada disso... tenta anti-spywares
     
  7. paraai5

    paraai5 Power Member

    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Programas\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Programas\AdVantage\AdVantage.exe"

    Se não reconheceres estas duas linhas faz fixed and cheked com o hijack e apaga-as....
     

Partilhar esta Página