1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

Editor de registo

Discussão em 'Windows 7 e anteriores' iniciada por Silvering, 18 de Dezembro de 2008. (Respostas: 12; Visualizações: 887)

  1. Alguém sabe como posso fornecer ,a mim mesmo, autorização para aceder ao editor de registo do windows?

    Não consigo aceder-lhe. Sempre que tento, o PC deixa uma mensagem de aviso a dizer que não tenho permissão do admin para lhe aceder, qualquer coisa assim, e reinicia.

    Mas eu sou o admin do computador :S ...

    Isto dantes não acontecia.

    Alguém sabe como posso consentir estas autorizações ??
     
    Última edição: 18 de Dezembro de 2008
  2. JohnTH

    JohnTH I fold therefore I AM

    Boas

    Para te pudermos ajudar, primeiro tens que nos dizer qual é a versão do Windows em que queres aceder ao editor de registo...

    Cumps ;)
     
  3. Blue Zee

    Blue Zee Power Member

    É sinal de malware.

    Descarregue e instale o HijackThis.

    Use o instalador (Installer), que cria as pastas apropriadas e coloca um ícone no ambiente de trabalho.

    Arranque o programa usando esse ícone e clique no botão Do a system scan and save a logfile.

    No final abrir-se-á um texto em Notepad. Copie esse texto e coloque-o aqui.

    Depois disso veremos o que terá de estranho que possa estar a causar problemas.

    Zee
     
  4. C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\Msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\mshta.exe
    C:\Programas\Windows Live\Messenger\usnsvc.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Documents and Settings\Diogo\Os meus documentos\Windows.Sidebar.XP.Ptg(extras)\Windows.Sidebar.XP.Ptg(extras)\outros\VisualTooltip2\VisualToolTip.exe
    O4 - HKLM\..\Run: [msig] C:\WINDOWS\system32\disk10.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
    O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
    O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
    O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
    O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Programas\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu1.html
    O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu2.html
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

    --
    End of file - 8797 bytes
     
  5. U24what

    U24what Power Member

    Tens vírus! Os bad#.exe são backdoors! - Só acho estranho que o Kaspersky não "ladre"!

    Corre o antivírus até ao fim!
     
    Última edição: 18 de Dezembro de 2008
  6. Blue Zee

    Blue Zee Power Member

    Comece por criar um ponto de restauro fresco.

    Descarregue e instale os seguintes programas:

    A versão Slim do CCleaner (sem toolbar):
    http://www.ccleaner.com/download/builds.aspx

    SUPERAntiSpyware FREE

    Depois de instalados os programas acima faça um scan com o HJT e seleccione as seguintes entradas para limpar (clique no quadradinho à esquerda de cada uma):

    Código:
    O4 - HKLM\..\Run: [msig] C:\WINDOWS\system32\disk10.exe
    O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
    O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
    O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
    O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    Faça a limpeza clicando em Fix checked, confirme se necessário e encerre o HJT.

    Reinicie o sistema de novo em Modo de Segurança.

    Assegure-se que pode ver todas as pastas e ficheiros, e apague os ficheiros, se existirem:


    C:\WINDOWS\system32\disk10.exe
    C:\WINDOWS\system32\system.exe
    C:\WINDOWS\system32\bad1.exe
    C:\WINDOWS\system32\bad2.exe
    C:\WINDOWS\system32\bad3.exe

    Arranque com o CCleaner usando o ícone no ambiente de trabalho, seleccione todas as entradas nos separadores Windows e Applications e clique no botão Run cleaner.

    Terminada a limpeza reinicie o sistema em Modo Normal.

    Arranque o SUPERAntiSpyware utilizando o ícone criado no ambiente de trabalho.

    Actualize as definições clicando no botão Check for Updates...

    Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.

    E desmarque todos os outros. Agora clique em Close para sair deste menu.

    Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.


    Se estiver a usar o Spybot S&D e o SpywareBlaster, desactive as imunizações antes de fazer o scan com o SUPERAntiSpyware.

    Encerre o programa, reinicie o PC e teste.

    Coloque um novo log do HJT, mas completo!


    Zee
     
  7. Muito obrigado Blue Zee, já fiz tudo isso mas os vírus não desgrudam :S


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:45:30, on 19-12-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programas\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SupportAppPT\ztemon.exe
    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    E:\system.exe
    E:\system.exe
    E:\system.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Documents and Settings\Diogo\Os meus documentos\Windows.Sidebar.XP.Ptg(extras)\Windows.Sidebar.XP.Ptg(extras)\outros\VisualTooltip2\VisualToolTip.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
    O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
    O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
    O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
    O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Programas\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu1.html
    O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Programas\Google\Google Notebook\gnotes1.0.2.19-1494910484.dll/gn_menu2.html
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programas\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

    --
    End of file - 9090 bytes
     
  8. Blue Zee

    Blue Zee Power Member

    A drive E:\ que se vê agora no log é uma pen USB?

    Há ocasiões em que formatar e reinstalar é o caminho mais curto e mais seguro.

    Mas tente isto e coloque depois um novo log.

    Zee
     
  9. U24what

    U24what Power Member

    Caro Silvering,

    Isto foi o que encontrei sobre o teu problema, espero que resolva. Cuidado que deves ter uma "pen" que está a propagar este problema, lê o final deste testamento para evitar que outros computadores sofram da mesma maleita.

    Bom trabalho.

    Observação final: caso esta receita não resulte, aconselho o mesmo que o amigo Zee, formatar e instalar tudo de novo e a tal "pen" dever ser a primeira a ser formatada.



    Virus Msmsgs bad1 bad2 bad3 System

    tags msmsgs.exe bad1.exe bad2.exe bad3.exe System.exe msmsgs bad1 bad2 bad3 virus
    how to observe this virus (if has any choice u r infect)
    1. click tools at the top of mycomputer but it not has "Folder Option"
    2. press ctrl+alt+del it show "Task Manager has been disabled by your administrator"
    3. can't use Find Tools (ctrl+F)
    4. Start>Run> type regedit it show "Registry editing has been disible by your administrator"

    how to solve it
    1. download this file
    http://www.geocities.com/toonsuperlove/xp_taskmgrenab.zip
    http://www.geocities.com/toonsuperlove/folderopts.zip
    http://www.geocities.com/toonsuperlove/regtools.zip
    http://www.geocities.com/toonsuperlove/find.zip

    2.save all of this text to your desktop (in txt or doc or handwrite is up to u because we will restart computer)

    3.restart computer (before restart read below first)

    *when restart type "f8" button and choose safe mode
    (it will show to choose safe mode before windows xp screen ,, if it go to windows xp screen before restart again)
    (if it show at the buttom of screen "Press esc to cancle blablabla~" ,, press ESC )
    (when come in safe mode choose yes)

    4.ok if u come to this step that mean u come in safe mode!

    5.extract of file that u download

    6.open xp_taskmgrenab.exe
    - check in the enable box
    - then apply
    - now u can test ctrl+alt+del

    7.double click find.vbs , folderopt.vbs and regtool.vbs one time (it will show enable || if it show disable click it again)

    8. Double Click at "My computer" at "Desktop" choose Tools > FolderOptions - in "FolderOptions" choose tab "View"
    [FONT=Tahoma,Helvetica,Sans-Serif]- choose "Show hidden files and folders"
    - remove mark from "Hide extention…" and "Hide protected operating system file
    - choose OK
    [/FONT]

    9. go to "C:\windows\" find
    "autorun.inf" ,, delete it

    10. go to "C:\windows\system32" find
    "bad1.exe"
    "bad2.exe"
    "bad3.exe"
    "system.exe"
    "msmsgs.exe (this icon is a fade folder)" ,, delete it

    11. Start>Run> type "regedit" and enter
    - go to HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION>RUN
    - delete bad1.exe bad2.exe bad3.exe system.exe and msmsgs.exe (virus "msmsgs" it will load from c:/windows/system32 not program file >,<)
    - close


    12. finsih!! now virus has been remove ^^ u can restart it again and use normally

    ** if u has any flash drive check it before use it maybe this virus infect **

    how to check
    please read slowly if it false u maybe do it again at the first step

    1. put flash drive in to computer (don't open anything)

    2. "right click not left" at F:(suppose this name is your flashdrive)

    3. if it has a bold text "Autorun" that mean it has a virus

    4. choose "open"

    5. delete autorun.inf bad1.exe bad2.exe bad3.exe msmsgs.exe system.exe

    6. finish (and do all of your flash drive)

    now make folder option back

    [FONT=Tahoma,Helvetica,Sans-Serif] [FONT=Tahoma,Helvetica,Sans-Serif]1. Double Click at "My computer" at "Desktop" choose Tools > FolderOptions[/FONT]

    [FONT=Tahoma,Helvetica,Sans-Serif]2. in "FolderOptions" choose tab "View"[/FONT]
    [FONT=Tahoma,Helvetica,Sans-Serif] 1)choose "Do not show hidden files and folders"
    2)choose mark from "Hide extention…" and "Hide protected operating system file
    3)OK[/FONT]

    3. Congratulation! if u come to this step so that mean u has finish and clean all of virus!
    [/FONT]
     
  10. Muito obrigado aos dois Blue Zee e u24what

    Aparentemente os virus foram removidos seguindo os passos desse tutorial em inglês postado pelo u24what.
    Não percebi foi esta parte: 2. "right click not left" at F:(suppose this name is your flashdrive)

    Já consegui aceder ao regedit e ao gestor de tarefas.

    Dá-me a entender que este virus criava uma conta de administrador fictícia, pois quando iniciava o PC em modo de segurança surgia lá "Administrador" acima do meu nome de utilizador aquando do inicio de sessão no Windows.

    É possível que o problema estivesse mesmo na pen, que ela tinha uma virose, eu não tenho duvidas. Isto porque até à bocado, antes da formatação e respectiva remoção dos seus virus, ao tentar abri-la, ela reencaminhava-me para "Os meus documentos" abrindo também o explorador do windows à esquerda. Só conseguia aceder aos seus ficheiros através desse meio, o explorador. Format nela e remédio santo. Provavelmente ficou infectada após utilização na faculdade, julgo não ser o primeiro a quem isto acontece.

    Ontem, e antes da formatação, tentei remover os bad1, bad2 e bad3 do system.32 mas eles teimosamente voltavam a aparecer. Tudo isto com a pen no computador.
    Hoje voltei a fazer o mesmo já sem a pen e tudo correu bem.

    O Kaspersky não reagia porque estava desactivado, e para o activar preciso de ter acesso ao editor de registo :D.

    Mais uma vez muito obrigado aos dois pela ajuda :wavey:
     
  11. Blue Zee

    Blue Zee Power Member

  12. Exacto. Na altura estranhei também porque pedia palavra passe. E como se contam pelos dedos o números de vezes que já entrei em Modo de Segurança... :D

    Obrigado pelo programa. Testá-lo-ei ;)
     

Partilhar esta Página