Editor de registo

S

Silvering

Membro
Alguém sabe como posso fornecer ,a mim mesmo, autorização para aceder ao editor de registo do windows?

Não consigo aceder-lhe. Sempre que tento, o PC deixa uma mensagem de aviso a dizer que não tenho permissão do admin para lhe aceder, qualquer coisa assim, e reinicia.

Mas eu sou o admin do computador :S ...

Isto dantes não acontecia.

Alguém sabe como posso consentir estas autorizações ??
 
Última edição:
Boas

Para te pudermos ajudar, primeiro tens que nos dizer qual é a versão do Windows em que queres aceder ao editor de registo...

Cumps ;)
 
Silvering disse:
Alguém sabe como posso fornecer ,a mim mesmo, autorização para aceder ao editor de registo do windows?

Não consigo aceder-lhe. Sempre que tento, o PC deixa uma mensagem de aviso a dizer que não tenho permissão do admin para lhe aceder, qualquer coisa assim, e reinicia.

Mas eu sou o admin do computador :S ...

Isto dantes não acontecia.

Alguém sabe como posso consentir estas autorizações ??
Clicar para expandir...
É sinal de malware.

Descarregue e instale o HijackThis.

Use o instalador (Installer), que cria as pastas apropriadas e coloca um ícone no ambiente de trabalho.

Arranque o programa usando esse ícone e clique no botão Do a system scan and save a logfile.

No final abrir-se-á um texto em Notepad. Copie esse texto e coloque-o aqui.

Depois disso veremos o que terá de estranho que possa estar a causar problemas.

Zee
 
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\mshta.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Documents and Settings\Diogo\Os meus documentos\Windows.Sidebar.XP.Ptg(extras)\Windows.Sidebar.XP.Ptg(extras)\outros\VisualTooltip2\VisualToolTip.exe
O4 - HKLM\..\Run: [msig] C:\WINDOWS\system32\disk10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu2.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--
End of file - 8797 bytes
 
Tens vírus! Os bad#.exe são backdoors! - Só acho estranho que o Kaspersky não "ladre"!

Corre o antivírus até ao fim!
 
Última edição:
Silvering disse:
...
Clicar para expandir...
 Comece por criar um ponto de restauro fresco.

 Descarregue e instale os seguintes programas:

A versão Slim do CCleaner (sem toolbar):
http://www.ccleaner.com/download/builds.aspx

SUPERAntiSpyware FREE

Depois de instalados os programas acima faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada uma):
Código: 
O4 - HKLM\..\Run: [msig] C:\WINDOWS\system32\disk10.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Faça a limpeza clicando em Fix checked, confirme se necessário e encerre o HJT.

 Reinicie o sistema de novo em Modo de Segurança.

Assegure-se que pode ver todas as pastas e ficheiros, e apague os ficheiros, se existirem:

 C:\WINDOWS\system32\disk10.exe
 C:\WINDOWS\system32\system.exe
 C:\WINDOWS\system32\bad1.exe
 C:\WINDOWS\system32\bad2.exe
 C:\WINDOWS\system32\bad3.exe

 Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.

Terminada a limpeza reinicie o sistema em Modo Normal.

Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

Actualize as definições clicando no botão Check for Updates...

Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.

E desmarque todos os outros. Agora clique em Close para sair deste menu.

Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.

 Se estiver a usar o Spybot S&D e o SpywareBlaster, desactive as imunizações antes de fazer o scan com o SUPERAntiSpyware.
Encerre o programa, reinicie o PC e teste.

Coloque um novo log do HJT, mas completo!
Zee
 
Muito obrigado Blue Zee, já fiz tudo isso mas os vírus não desgrudam :S


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:30, on 19-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SupportAppPT\ztemon.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Mozilla Firefox\firefox.exe
E:\system.exe
E:\system.exe
E:\system.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Documents and Settings\Diogo\Os meus documentos\Windows.Sidebar.XP.Ptg(extras)\Windows.Sidebar.XP.Ptg(extras)\outros\VisualTooltip2\VisualToolTip.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu2.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--
End of file - 9090 bytes
 
Caro Silvering,

Isto foi o que encontrei sobre o teu problema, espero que resolva. Cuidado que deves ter uma "pen" que está a propagar este problema, lê o final deste testamento para evitar que outros computadores sofram da mesma maleita.

Bom trabalho.

Observação final: caso esta receita não resulte, aconselho o mesmo que o amigo Zee, formatar e instalar tudo de novo e a tal "pen" dever ser a primeira a ser formatada.



Virus Msmsgs bad1 bad2 bad3 System

tags msmsgs.exe bad1.exe bad2.exe bad3.exe System.exe msmsgs bad1 bad2 bad3 virus
how to observe this virus (if has any choice u r infect)
1. click tools at the top of mycomputer but it not has "Folder Option"
2. press ctrl+alt+del it show "Task Manager has been disabled by your administrator"
3. can't use Find Tools (ctrl+F)
4. Start>Run> type regedit it show "Registry editing has been disible by your administrator"

how to solve it
1. download this file
http://www.geocities.com/toonsuperlove/xp_taskmgrenab.zip
http://www.geocities.com/toonsuperlove/folderopts.zip
http://www.geocities.com/toonsuperlove/regtools.zip
http://www.geocities.com/toonsuperlove/find.zip

2.save all of this text to your desktop (in txt or doc or handwrite is up to u because we will restart computer)

3.restart computer (before restart read below first)

*when restart type "f8" button and choose safe mode
(it will show to choose safe mode before windows xp screen ,, if it go to windows xp screen before restart again)
(if it show at the buttom of screen "Press esc to cancle blablabla~" ,, press ESC )
(when come in safe mode choose yes)

4.ok if u come to this step that mean u come in safe mode!

5.extract of file that u download

6.open xp_taskmgrenab.exe
- check in the enable box
- then apply
- now u can test ctrl+alt+del

7.double click find.vbs , folderopt.vbs and regtool.vbs one time (it will show enable || if it show disable click it again)

8. Double Click at "My computer" at "Desktop" choose Tools > FolderOptions - in "FolderOptions" choose tab "View"
[FONT=Tahoma,Helvetica,Sans-Serif]- choose "Show hidden files and folders"
- remove mark from "Hide extention…" and "Hide protected operating system file
- choose OK[/FONT]

9. go to "C:\windows\" find
"autorun.inf" ,, delete it

10. go to "C:\windows\system32" find
"bad1.exe"
"bad2.exe"
"bad3.exe"
"system.exe"
"msmsgs.exe (this icon is a fade folder)" ,, delete it

11. Start>Run> type "regedit" and enter
- go to HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION>RUN
- delete bad1.exe bad2.exe bad3.exe system.exe and msmsgs.exe (virus "msmsgs" it will load from c:/windows/system32 not program file >,<)
- close


12. finsih!! now virus has been remove ^^ u can restart it again and use normally

** if u has any flash drive check it before use it maybe this virus infect **

how to check
please read slowly if it false u maybe do it again at the first step

1. put flash drive in to computer (don't open anything)

2. "right click not left" at F:(suppose this name is your flashdrive)

3. if it has a bold text "Autorun" that mean it has a virus

4. choose "open"

5. delete autorun.inf bad1.exe bad2.exe bad3.exe msmsgs.exe system.exe

6. finish (and do all of your flash drive)

now make folder option back

[FONT=Tahoma,Helvetica,Sans-Serif] [FONT=Tahoma,Helvetica,Sans-Serif]1. Double Click at "My computer" at "Desktop" choose Tools > FolderOptions[/FONT]

[FONT=Tahoma,Helvetica,Sans-Serif]2. in "FolderOptions" choose tab "View"[/FONT]
[FONT=Tahoma,Helvetica,Sans-Serif] 1)choose "Do not show hidden files and folders"
2)choose mark from "Hide extention…" and "Hide protected operating system file
3)OK[/FONT]

3. Congratulation! if u come to this step so that mean u has finish and clean all of virus!
[/FONT]
 
Muito obrigado aos dois Blue Zee e u24what

Aparentemente os virus foram removidos seguindo os passos desse tutorial em inglês postado pelo u24what.
Não percebi foi esta parte: 2. "right click not left" at F:(suppose this name is your flashdrive)

Já consegui aceder ao regedit e ao gestor de tarefas.

Dá-me a entender que este virus criava uma conta de administrador fictícia, pois quando iniciava o PC em modo de segurança surgia lá "Administrador" acima do meu nome de utilizador aquando do inicio de sessão no Windows.

É possível que o problema estivesse mesmo na pen, que ela tinha uma virose, eu não tenho duvidas. Isto porque até à bocado, antes da formatação e respectiva remoção dos seus virus, ao tentar abri-la, ela reencaminhava-me para "Os meus documentos" abrindo também o explorador do windows à esquerda. Só conseguia aceder aos seus ficheiros através desse meio, o explorador. Format nela e remédio santo. Provavelmente ficou infectada após utilização na faculdade, julgo não ser o primeiro a quem isto acontece.

Ontem, e antes da formatação, tentei remover os bad1, bad2 e bad3 do system.32 mas eles teimosamente voltavam a aparecer. Tudo isto com a pen no computador.
Hoje voltei a fazer o mesmo já sem a pen e tudo correu bem.

O Kaspersky não reagia porque estava desactivado, e para o activar preciso de ter acesso ao editor de registo :D.

Mais uma vez muito obrigado aos dois pela ajuda :wavey:
 
Exacto. Na altura estranhei também porque pedia palavra passe. E como se contam pelos dedos o números de vezes que já entrei em Modo de Segurança... :D

Obrigado pelo programa. Testá-lo-ei ;)
 
Inicie sessão ou registe-se para poder participar.
Back
Topo