Hentek
2015-08-21, 08:27
Hey guys, I'm having the same issue as this guy https://forums.spybot.info/showthread.php?49644-Can-t-Install-any-Antivirus-and-Task-Manager-Disabled
I don't know what to do anymore.. Help please ;-;
Here's my hijackthis log;
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 03:17:42, on 21/8/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 40.0.2 (x86 pt-BR)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Java\jre7\bin\jqs.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamscheduler.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamservice.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbam.exe
D:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Arquivos de programas\Garena Plus\ggdllhost.exe
D:\DOCUME~1\User\CONFIG~1\Temp\winqafriv.exe
D:\WINDOWS\explorer.exe
D:\DOCUME~1\User\CONFIG~1\Temp\winbquwpd.exe
D:\WINDOWS\system32\notepad.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\User\Dados de aplicativos\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [HDAudDeck] D:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKCU\..\Run: [Mal Updater 2] D:\Arquivos de programas\Mal Updater 2\MalUpdater.exe
O4 - HKCU\..\Run: [GarenaPlus] "D:\Arquivos de programas\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1409082233-1364589140-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1409082233-1364589140-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - D:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Onda Communication - (no file)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 6921 bytes
I don't know what to do anymore.. Help please ;-;
Here's my hijackthis log;
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 03:17:42, on 21/8/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 40.0.2 (x86 pt-BR)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Java\jre7\bin\jqs.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamscheduler.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamservice.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbam.exe
D:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Arquivos de programas\Garena Plus\ggdllhost.exe
D:\DOCUME~1\User\CONFIG~1\Temp\winqafriv.exe
D:\WINDOWS\explorer.exe
D:\DOCUME~1\User\CONFIG~1\Temp\winbquwpd.exe
D:\WINDOWS\system32\notepad.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\User\Dados de aplicativos\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [HDAudDeck] D:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKCU\..\Run: [Mal Updater 2] D:\Arquivos de programas\Mal Updater 2\MalUpdater.exe
O4 - HKCU\..\Run: [GarenaPlus] "D:\Arquivos de programas\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1409082233-1364589140-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1409082233-1364589140-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - D:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Arquivos de programas\Malwarebytes Anti-MalwareBEST2\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Onda Communication - (no file)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 6921 bytes