[Resolvido!]MEU DESKTOP NAO APARECE E JA TENTEI DE TUDO...

[C4S 0]

Bem, o meu dektop nao aparece...so consido aceder ao computador pelo Gestor de Tarefas...

Tive a ler um post ( [Resolvido!]Meu desktop não aparece???, ajuda) tentei fazer o msm mas n da...

Preciso msm de ajuda...

 

Akilo colo tmb o registo k me deu no SillentRunners.vbs.

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"TweakUI_RepairHotkeys" = "RUNDLL32.EXE TWEAKUI.CPL,RepairHotkeys" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"isamonitor.exe" = "C:\Programas\QualityCodec\isamonitor.exe" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SnagIt Toolbar Loader"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{24C7E52D-3808-4C9D-96FB-E1ECDC36F043}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\fccbx.dll" [null data]

{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\sqsqdopy.dll" [null data]

{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\wvuturs.dll" [file not found]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"

-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "As Minhas Pastas Partilhadas"

\InProcServer32\(Default) = "C:\Programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"

-> {HKLM...CLSID} = "SnagIt"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}" = "*a" (unwritable string)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\wvuturs.dll" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> fccbx\DLLName = "C:\WINDOWS\system32\fccbx.dll" [null data]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoNetHood" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}

 

"ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)

-> {HKLM...CLSID} = "SnagIt"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

 

Explorer Bars

 

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{4E592651-4590-11D6-BC20-00C095EEAD5D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MBNet"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

 

{C014B140-3835-11D6-BC1D-00C095EEAD5D}\

"ButtonText" = "MBNet-Sidebar"

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programas\Messenger\msmsgs.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programas\CyberLink\Shared files\RichVideo.exe"" [empty string]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 151 seconds, including 19 seconds for message boxes)

 

ALGUEM ME AJUDE POIS NENHUM DO FIXEIROS K O ANTIGO POST PEDE PARA APAGAR APARECEM NO MEU PC...

 

OBRIGADO

[jgarcia 1]

Opa C4S,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[C4S 0]

Boas...

 

Apos ter baixado o HijackThis fiz um restart ao pc para iniciar limpinho e esta aqui o log.

Da uma vista de olhos e ajuda-me por favor....

To a dar em doido com isto.

 

Logfile of HijackThis v1.99.1

Scan saved at 14:28:01, on 22-04-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164588790737

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

 

MAIS ALGUM LOG QUE PRECISES DIX POIX KERO TRATAR DISTO O MAIS DEPRESSA POSSIVEL.

BRIGADO

[jgarcia 1]

Opa C4S,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Reabilite o seu anti-vírus;

 

10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Abraços.

[C4S 0]

FIZ O QUE DISSEST E CA ESTA OS LOGS DE AMBOS.

 

SmitFraudFix v2.171

 

Scan done at 0:12:12,81, seg 23/04/2007

Run from C:\Documents and Settings\Carlos Sousa\Ambiente de trabalho\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

-----------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 0:17:33, on 23-04-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.imasters.com.br/index.php?showtopic=224786

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164588790737

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

 

TO MESMO A FICAR PASSADO COM ISTO FOGO N TENHO SORTE NENHUMA...

[jgarcia 1]

Opa C4S,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

[C4S 0]

JA CORRI O PROGRAMA FIZ TUDO DIREITINHO E AINDA N APARECE NADA.

 

DEIXO AQUI OS LOGS PARA TU AVALIARES.

 

OBRIGADO.

 

VundoFix V6.3.20

 

Checking Java version...

 

Sun Java not detected

Scan started at 20:04:32 24-04-2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\fccbx.dll

C:\WINDOWS\system32\jrxuyfie.dll

C:\WINDOWS\system32\kuemxkgx.dll

C:\WINDOWS\system32\pdsojwpc.dll

C:\WINDOWS\system32\sjtfobxo.dll

C:\WINDOWS\system32\sqsqdopy.dll

C:\WINDOWS\system32\tlrqoaeg.dll

C:\WINDOWS\system32\umqyaqwo.dll

C:\WINDOWS\system32\vvuiavdn.dll

C:\WINDOWS\system32\xbccf.bak1

C:\WINDOWS\system32\xbccf.bak2

C:\WINDOWS\system32\xbccf.ini

C:\WINDOWS\system32\xbccf.ini2

C:\WINDOWS\system32\xbccf.tmp

C:\WINDOWS\system32\xgkxmeuk.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\fccbx.dll

C:\WINDOWS\system32\fccbx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jrxuyfie.dll

C:\WINDOWS\system32\jrxuyfie.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kuemxkgx.dll

C:\WINDOWS\system32\kuemxkgx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pdsojwpc.dll

C:\WINDOWS\system32\pdsojwpc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sjtfobxo.dll

C:\WINDOWS\system32\sjtfobxo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sqsqdopy.dll

C:\WINDOWS\system32\sqsqdopy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tlrqoaeg.dll

C:\WINDOWS\system32\tlrqoaeg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\umqyaqwo.dll

C:\WINDOWS\system32\umqyaqwo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vvuiavdn.dll

C:\WINDOWS\system32\vvuiavdn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xbccf.bak1

C:\WINDOWS\system32\xbccf.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xbccf.bak2

C:\WINDOWS\system32\xbccf.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xbccf.ini

C:\WINDOWS\system32\xbccf.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xbccf.ini2

C:\WINDOWS\system32\xbccf.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xbccf.tmp

C:\WINDOWS\system32\xbccf.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xgkxmeuk.ini

C:\WINDOWS\system32\xgkxmeuk.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

###############################################################

 

Logfile of HijackThis v1.99.1

Scan saved at 20:22:29, on 24-04-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.imasters.com.br/index.php?showtopic=224786

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53C69243-3D1F-490B-BA24-E9B0A70F50A7} - C:\WINDOWS\system32\fccbx.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164588790737

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O17 - HKLM\System\CS5\Services\Tcpip\..\{0288F3FD-2D4C-4FE2-9045-1A8DE10152CD}: NameServer = 212.55.154.174

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: wvuturs - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

 

OBIGADO E DESCULPA PELO TRABALHO K TO A DAR MAS JA N SEI MAIS K FAZER SEM SER FORMATAR ISTO E N KERIA MSM NADA...

[jgarcia 1]

Opa C4S,

 

Repita a operação.

 

Abraços.

[C4S 0]

CORRI NOVAMNETE O VundoFiX MAS N ENCONTROU NENHUM FICHEIRO INFECTADO DAI N PODER APAGAR NADA NEM GERAR NENHUM LOG.

 

AKI FICA O NOVO LOG CRIADO PELO HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 2:21:15, on 25-04-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.imasters.com.br/index.php?showtopic=224786

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53C69243-3D1F-490B-BA24-E9B0A70F50A7} - C:\WINDOWS\system32\fccbx.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164588790737

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: wvuturs - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

 

N SEI S INTERESSA PARA O CASO MAS O MEU LINK "EXPLORER.EXE" NO C: NAO APARECE PROVAVELMENTE FOI APAGADO PELO MALWARE. E TMB DISSEST K AO CORRER O VundoFiX O ECRA DESAPARECIA E TMB N ACONTECEU.

 

OBRIGADO

 

AGUARDO RESPOSTA

[jgarcia 1]

Opa C4S,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\fccbx.dll

C:\WINDOWS\system32\wvuturs.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O2 - BHO: (no name) - {53C69243-3D1F-490B-BA24-E9B0A70F50A7} - C:\WINDOWS\system32\fccbx.dll (file missing)

O20 - Winlogon Notify: wvuturs - C:\WINDOWS\

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

 

PS.: Você chegou a utilizar alguma ferramenta para reparo do Desktop?

[C4S 0]

BOAS...

 

AO EXECTUR O KILL BOX COMO DISSEST OCORREU ME UM PROBLEMA.

 

C:\WINDOWS\system32\fccbx.dll

C:\WINDOWS\system32\wvuturs.dll

 

NA PARTE DO RETORNAR AO KILL BOX N COSEGUI FAZER O PASTE DA LISTA COMO DISSEST (PELO PAST FROM CLIPBOARD) POIS FICAVA SEMPRE EM BRANCO ENTAO FIZ O DELETE DE UM FICHEIRO, KER DIZER CONJUNTO DE FICHEIROS, DE CADA VEZ (COPIEI O LINK COLEI LA E APERTEI EM X - FIZ O MSM PARA O OUTRO FICHEIRO)

 

DEPOIS EXECTUEI O HIJACKTHIS E APAGUEI AS ENTRADAS QUE ME DESTE MAS MSM ASSIM N DA NADA A NAO SER A MUSICA DE LOG ON K AO INICIO TMB N DAVA LOL

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {b2ba7cea-acc1-44d8-ac76-54a8dfee9937} - (no file)

O2 - BHO: (no name) - {53C69243-3D1F-490B-BA24-E9B0A70F50A7} - C:\WINDOWS\system32\fccbx.dll (file missing)

O20 - Winlogon Notify: wvuturs - C:\WINDOWS\

 

A RESPOSTA A TUA PERGUNTA...SO USEI O REGCURE E O CCLEANER MAIS NENHUM K ME LEMBRE...

 

AKI FICA O NOVO LOG GERADO

 

OBRIGADO

 

Logfile of HijackThis v1.99.1

Scan saved at 21:01:23, on 25-04-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.imasters.com.br/index.php?showtopic=224786

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MBNet-Sidebar - {C014B140-3835-11d6-BC1D-00C095EEAD5D} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/sidebar/mbnetsidebar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://geo.sapo.pt/imp_cgi/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164588790737

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

[jgarcia 1]

Opa C4S,

 

Execute as ações abaixo mesmo que elas já tenham sido efetivadas anteriormente.

 

Baixe:

 

1. activedesktop.reg;

 

2. Desktopfix.reg;

 

3. Fix.reg.

 

Execute, um por vez, e reinicie o PC após cada execução. <= Importante

 

Para os .reg acima você deve:

 

- Clicar com o botão direito do mouse e escolher Salvar destino como (de preferência no Desktop).

- Dar duplo clique no arquivo e responder "Sim" à pergunta.

 

ATENÇÃO: Você não precisará, necessariamente, executar todas as ferramentas. Execute a primeira e verifique se deu certo. Caso não tenha dado certo, passe para a segunda e assim por diante.

 

Ah, por via das dúvidas dê um clique-direito sobre o desktop -> Organizar ícones -> e veja se a opção Mostrar ícones da área de trabalho está ativada.

 

Abraços.

[C4S 0]

BOAS

 

BAIXEI OS ARQUIVOS COMO DISSEST E EXECUTEI O NUMERO UM E REINICIEI FIZ O MSM AO SEGUNDO MAS DIZ ME K N É UMA CHAVE DE REGISTO VALIDA. DEPOIS FIZ O MESMO COM O TERCEIRO E ESSE ENTROU NO REGISTO COMO O PRIMEIRO.

 

EU N TENHO ACESSO A NADA NO DESKTOP NEM BARRA DE FERRAMENTAS NEM O BOTAO DO LADO DIREITO QUANDO CLICO ME APRESENTA ALGUMA COISA, A UNICA SOLUÇAO QUE TENHO DE MEXER NO PC E CLICAR CTRL+ALT+DEL E APARECER O GESTOR DE TAREFAS SO CONSIGO MEXER NO PC A PARTIR DAI.

 

TAX A SER UMA AJUDA INCANSAVEL OBRIGADO.

[jgarcia 1]

Opa C4S,

 

Baixe:

 

Restorethemes.reg

 

-e-

 

Restore Luna Theme

 

* Para o Restorethemes.reg aja assim:

 

Clique com o botão direito do mouse --> escolha Salvar destino como (melhor salvar no desktop).

 

O arquivo.reg será baixado. Dê duplo clique sobre o arquivo. Responda "sim" quando for perguntado sobre as adições ao registro.

 

Reinicie o PC.

 

-ou-

 

* Para o Restore Luna Theme aja assim:

 

Descompacte o arquivo dentro da pasta C:\Windows\Resources.

 

Reinicie o PC.

 

Caso as ferramentas acima não resolvam o problema partiremos para outras ações. ;)

 

Um abraço.

[C4S 0]

BOAS

 

PAREXE QUE AINDA N FOI DESTA.

 

EMBORA O MEU TEMA AGORA SEJA O ORIGINAL DO WINDOWS CONTINUA SEM APARECER NADA MESMO.

 

OU O MEU PC É UMA MAQUINA DE GUERRA OU ESTE VIRUS É MESMO BOM FOGO.

 

DA-ME TODAS AS SOLUÇÕES QUE TIVERES SEM SER FORMATAR O DISCO POIS IXO N POSSO FAZER. :(

 

ABRAÇO.

[jgarcia 1]

Opa C4S,

 

Poste um novo log do SilentRunners.

 

Abraços.

[C4S 0]

BOAS,

 

DESCULPA A DEMORA MAS O TRABALHO IMPEDIU ME DE RESPONDER MAIS CEDO.

 

AQUI ESTA O POST DO SILENT RUNNERS COMO PEDIST.

 

ISTO JA DURA A TANTO TEMPO QUE N SEI COMO RESOLVER.

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

{89B4C1CD-B018-4511-B0A1-5476DBF70820}\(Default) = (no title provided)

\StubPath = "C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SnagIt Toolbar Loader"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"

-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "As Minhas Pastas Partilhadas"

\InProcServer32\(Default) = "C:\Programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"

-> {HKLM...CLSID} = "SnagIt"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

-> {HKLM...CLSID} = "SnagItShellExt Class"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoNetHood" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}

 

"ClearRecentDocsOnExit" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}

 

"NoSaveSettings" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Hide Desktop tab}

 

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoColorChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoSizeChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"SetVisualStyle" = (REG_SZ) C:\Windows\Resources\Themes\Luna.theme

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"RegCure Program Check" -> launches: "C:\Programas\RegCure\RegCure.exe ShowReminders" [null data]

"RegCure" -> launches: "C:\Programas\RegCure\RegCure.exe -t" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)

-> {HKLM...CLSID} = "SnagIt"

\InProcServer32\(Default) = "C:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

 

Explorer Bars

 

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{4E592651-4590-11D6-BC20-00C095EEAD5D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "MBNet"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

 

{C014B140-3835-11D6-BC1D-00C095EEAD5D}\

"ButtonText" = "MBNet-Sidebar"

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programas\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programas\CyberLink\Shared files\RichVideo.exe"" [empty string]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 160 seconds, including 5 seconds for message boxes)

 

MAIS ALGUM RELATORIO E SO PEDIRES...

[jgarcia 1]

Opa C4S,

 

Baixe o Fixwareout.

 

Feche todos os programas.

 

Execute o FixWareout (dê duplo clique sobre o ícone) --> "Next" --> "Install" --> "Finish" --> aperte qualquer tecla para continuar --> caso a ferramenta peça reboot, clique em Ok.

 

Verifique o arquivo C:\fixwareout\findt\report.txt.

 

Preciso que coloque o conteúdo do report.txt em sua próxima resposta.

 

Abraços.

[C4S 0]

Execute o FixWareout (dê duplo clique sobre o ícone) --> "Next" --> "Install" --> "Finish" --> aperte qualquer tecla para continuar --> caso a ferramenta peça reboot, clique em Ok.

 

Verifique o arquivo C:\fixwareout\report.txt.

 

FIZ TUDO COMO ME DISSEST MAS NO DIRECTORIO QUE ME DISSEST N EXISTIA NENHUM RELATORIO, O UNICO REPORT.TXT QUE ENCONTREI ESTAVA NA PASTA C:\FIXWAREOUT\FINDT\REPORT.TXT.

 

QUANDO ABRO O MEU COMPUTADOR OU OS MEUS DOCUMENTOS PELA BARRA DE ENDEREÇO DO MEU INTERNET EXPLORER, N CONSIGO ABRIR NENHUMA PASTA (AO CLICAR FICA SEMI-TRANSPARENTE E NAO ABRE) E QUANDO TENTO ABRIR O DISCO RIGIDO (C:) ABRE A JANELA DE FORMATAÇÃO DO DISCO - FORMATAR DISCO C:.

 

NAO SEI O QUE SE PASSA MESMO.

 

AQUI ESTA O RELATORIO DO PROGRAMA QUE MANDAST EMBORA ACHO QUE N TENHA NADA MAS FOI UNICO QUE ENCONTREI.

 

Fixwareout Last edited 4/5/2007

Post this report in the forums please

...

»»»»»Prerun check

 

»»»»» System restarted

 

MAIS SUGESTOES SO DIZERES POIS ISTO JA VAI QUASE A UM MES E N VEJO PROGRESSO NENHUM N SEI MAIS QUE FAZER SO ME APETECE DAR LHE UM CHUTO ;) LOL

[jgarcia 1]

Opa C4S,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.