1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Virus, alguem me consegue ajudar?

Discussão em 'Windows 7 e anteriores' iniciada por Fr0Zen, 13 de Março de 2009. (Respostas: 15; Visualizações: 1225)

  1. Tenho um virus que não faço a menor ideia de como resolver, esse virus faz com que sempre que eu saco algum ficheiro que diga que é uma "binary file" o PC desliga-se automáticamente, como se eu tivesse mandado encerrar...
    também me acontece isso quando tento correr alguma coisa que abra o DOS :s

    não consigo aceder a registry, e quando meto registry editor no google o PC também se desliga automáticamente, e quando tive a fazer scan ao PC do outro dia o PC também se reiniciou :'(

    Já pensei em formatar, mas só queria fazer isso se fosse mesmo a unica hipotese possivel :S obrigado pela vossa ajuda desde já.
     
  2. tonee

    tonee Power Member

    Pode parecer estúpido, mas já tentaste em modo de segurança?
     
  3. Blue Zee

    Blue Zee Power Member

    Sugiro instale o Malwarebytes Anti-Malware.

    Actualize e faça um scan completo, limpando o que houver e se houver para limpar.

    Reinicie e teste.

    Boa sorte,

    Zee
     
  4. Tentei, mas aquilo ficou parado durante bastante tempo, portanto desisti de tenter, pensei que fosse um erro qualquer, mas se o anti-virus que o Blue zee não funcionar vou tentar outra vez :)
     
  5. davidm_silva

    davidm_silva Power Member

    O melhor será tentar a instalação em modo de segurança, pois o processo em modo normal está a correr, o que possivelmente poderá impedir o sucesso da instalação/configuração.
    Passa aí o hijackthis e coloca aqui o log, dado que desta forma pode ser possível parar o processo malicioso.
     
  6. Tá aqui o log do highjack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:41:42, on 14-03-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\RTHDCPL.EXE
    E:\Winamp\winampa.exe
    C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    E:\steam\steam.exe
    C:\Programas\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\winlogon.exe
    C:\Programas\MessengerDiscovery\MessengerDiscovery Live.exe
    C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\services.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\CDBurnerXP\NMSAccessU.exe
    C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\lsass.exe
    C:\Programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1738568061F344A1A4CB20704FFEDA01\MessengerForSkype.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
    O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
    O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
    O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
    O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
    O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
    O1 - Hosts: <tr>
    O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
    O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
    O1 - Hosts: </tr>
    O1 - Hosts: </table>
    O1 - Hosts: <br>
    O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
    O1 - Hosts: <tr>
    O1 - Hosts: <td bgcolor=003399 colspan=2>
    O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
    O1 - Hosts: </td>
    O1 - Hosts: </tr></table>
    O1 - Hosts: <br>
    O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
    O1 - Hosts: <tr>
    O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
    O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
    O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
    O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
    O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
    O1 - Hosts: <form action="http://search.yahoo.com/search">
    O1 - Hosts: <input size="14" name="p" value="">&nbsp;
    O1 - Hosts: <input type="SUBMIT" value="Search">
    O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
    O1 - Hosts: </form></td></tr></table>
    O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
    O1 - Hosts: <tr bgcolor=ccccff><td>
    O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
    O1 - Hosts: </td></tr>
    O1 - Hosts: <tr><td>
    O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
    O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
    O1 - Hosts: </td></tr>
    O1 - Hosts: <tr><td align=right>
    O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
    O1 - Hosts: </td></tr>
    O1 - Hosts: </table>
    O1 - Hosts: </td></tr></table>
    O1 - Hosts: </td>
    O1 - Hosts: <td width=1>&nbsp;</td>
    O1 - Hosts: <td valign=top align=center width=445>
    O1 - Hosts: <script language="JavaScript" type="text/javascript"
    O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
    O1 - Hosts: </script>
    O1 - Hosts: <noscript>
    O1 - Hosts: <iframe
    O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
    O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
    O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
    O1 - Hosts: </iframe>
    O1 - Hosts: </noscript>
    O1 - Hosts: </td>
    O1 - Hosts: </tr>
    O1 - Hosts: </table>
    O1 - Hosts: <br>
    O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
    O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
    O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
    O1 - Hosts: <font face=arial size=-2><A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
    O1 - Hosts: </font></td></tr></table></td></tr></table>
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO_1.3.1.15.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\smss.exe"
    O4 - Startup: Empty.pif = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programas\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - E:\superantyspyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programas\Java\jre6\bin\jqs.exe" -service -config "C:\Programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Programas\CDBurnerXP\NMSAccessU.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
     
  7. davidm_silva

    davidm_silva Power Member

    C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\winlogon.exeC:\Documents and Settings\Ikilikuz\Definições locais\Application Data\services.exe
    C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\lsass.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" <- olha o meu velho amigo
    O1 - Hosts: Yahoo!
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Yahoo! - Help
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Sorry, the page you requested was not found.
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Search Yahoo!
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: &nbsp
    O1 - Hosts:
    O1 - Hosts: •&nbsp;advanced search •&nbsp;most popular
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: •&nbsp;advanced search •&nbsp;most popular
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Yahoo! Web Hosting
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Yahoo! Web Hosting has three affordable plans to meet your needs - starting at just $11.95.
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: Learn more...
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: &nbsp;
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: src=http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff
    O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
    O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts:
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book ·
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts ·
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions ·
    O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay ·´
    Bem, que paciência. Marca tudo o que diz 01 - Hosts:...

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
    O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\smss.exe"
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programas\BitComet\tools\BitCometBHO_1.3.1.15.d ll/206 (file missing)

    Finalmente. Pronto. Marca estas entradas e faz "Fix checked".
     
  8. Blue Zee

    Blue Zee Power Member

    Fr0Zen,

    Correu o Malwarebytes Anti-Malware? Coloque aqui o relatório final.

    No HJT inclua ainda um fix a estes:

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - Startup: Empty.pif = ?


    No final reinicie o sistema e instale a versão actual do HijackThis.

    Use o instalador (Installer), que cria as pastas apropriadas e coloca um ícone no ambiente de trabalho.

    Arranque o programa usando esse ícone e clique no botão Do a system scan and save a logfile.

    No final abrir-se-á um texto em Notepad. Copie esse texto e coloque-o aqui.

    Inclua um comentário à situação do sistema após o fix com o HJT.

    Zee
     
  9. Não consegui fazer o download do "Malwarebytes Anti-Malware" porque quando tentava iniciar o download, o meu PC reiniciava-se e tambem tentei no modo de segurança e aconteceu o mesmo :s

    mas vou agora fazer o fix nesses que me indicaram.
     
  10. Blue Zee

    Blue Zee Power Member

    Tem aqui os atalhos directos para o instalador do MBAM:
    http://dw.com.com/redir?edId=3&site...8036fe5e87a029c660&pid=11004434&psid=10804572

    E para a base de dados actual:
    http://www.gt500.org/malwarebytes/mbam-rules.exe

    Basta fazer clique direito sobre os atalhos e seleccionar Guardar como...

    Primeiro corre o instalador, seguindo-se a base de dados.

    Estando instalado e actualizado é fazer um scan completo ao sistema, aguardando pacientemente pelo final, confirmar que está tudo seleccionado e limpar ou mandar para quarentena.

    Boa sorte.

    Zee
     
  11. Eu tentei baixar o ficheiro por esse link que me deste, mas continuou a dar o mesmo erro, que é assim que me aparece o ficheiro para aceitar começar o download, o PC desliga-se :(

    de qualquer maneira, eu já tentei eliminar o que voces disseram para eliminar no highjackthis, mas algumas dessas coisas continuam lá, por mais vezes que eu fassa fix aquilo continua inalterado :s essas que não mudaram foram:

    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
    O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
    O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\smss.exe"
    O4 - Startup: Empty.pif = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

    pelo menos das que eu reparei...

    aqui fica o novo log do HJT

    F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO_1.3.1.15.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
    O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ikilikuz\Definições locais\Application Data\smss.exe"
    O4 - Startup: Empty.pif = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - E:\superantyspyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programas\Java\jre6\bin\jqs.exe" -service -config "C:\Programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Programas\CDBurnerXP\NMSAccessU.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


    Obrigado pela ajuda pessoal
     
  12. Blue Zee

    Blue Zee Power Member

    Suspeito que está a caminho de uma formatação e reinstalação, mais rápido e sempre mais seguro.

    Não quer pensar nisso?

    Tente fazer os fix arrancando em Modo de Segurança.

    Pressione repetidamente a tecla F8 ao arrancar o sistema.

    Ao colocar logs do HJT, coloque o texto completo, desde o início. Conseguiu instalar a versão mais recente do HJT?

    Zee
     
  13. sim, já pensei nisso, se não conseguir resolver isto até terça feira vou arranjar o CD do WinXP e formatar o computador, acho que é mesmo a opção mais rapida :s
     
  14. Blue Zee

    Blue Zee Power Member

    Vejo aí demasiados problemas para chegar ao fim e estar seguro de que os resultados foram 100% positivos.

    Mas tentamos.

    Tente os fix em Modo de Segurança para ver se consegue limpar.

    Zee
     
  15. Amaral

    Amaral Power Member

    Formatar é a melhor solução nestes casos.
     
  16. davidm_silva

    davidm_silva Power Member

    Tenta correr o hijackthis em modo de segurança. Em último recurso, que vai ser necessário, faz download do Combofix a partir de outro computador e corre-o nesse.
     

Partilhar esta Página