Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit and Task manager do not work


  • Please log in to reply
1 reply to this topic

#1 Danilo1991

Danilo1991

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 13 January 2010 - 05:32 PM

ALGUEM ME AJUDA, MEU REGEDIT NÃO ABRE E NEM O GERENCIADOR DE TAREFAS, AGRADEÇO DESDE JÁ

ComboFix 10-01-13.07 - Administrador 13/01/2010 20:18:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.766.406 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\driver
c:\arquivos de programas\driver\Modem Driver\Uninst.isu
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk
c:\windows\Alcmtr.exe
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\system32\XP-B517DF2B.EXE

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-13 to 2010-01-13 ))))))))))))))))))))))))))))
.

2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\arquivos de programas\Crcle Developement
2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-01-13 22:08 . 2010-01-13 22:15 -------- d-----w- c:\documents and settings\Administrador\Tracing
2010-01-13 22:06 . 2010-01-13 22:06 -------- d-----w- c:\arquivos de programas\Microsoft
2010-01-13 22:05 . 2010-01-13 22:05 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-01-13 22:05 . 2010-01-13 22:06 -------- d-----w- c:\arquivos de programas\Windows Live
2010-01-13 20:31 . 2010-01-13 20:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-01-13 20:09 . 2010-01-13 20:09 -------- d-----w- c:\windows\LastGood
2010-01-13 18:16 . 2010-01-13 18:16 0 ----a-w- c:\windows\nsreg.dat
2010-01-13 18:15 . 2010-01-13 18:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-13 18:14 . 2010-01-13 21:39 -------- d--h--w- c:\windows\$hf_mig$
2010-01-13 17:57 . 2010-01-13 21:45 22528 ----a-w- c:\windows\system32\XT-999FF.EXE
2010-01-13 17:57 . 2010-01-13 17:57 22528 --sh--w- c:\windows\system32\W-BT83.EXE
2010-01-13 17:28 . 2010-01-13 18:17 -------- d-----w- c:\documents and settings\Administrador\Contacts
2010-01-13 17:16 . 2010-01-13 18:10 -------- d-----w- c:\arquivos de programas\DevilzMu
2010-01-13 17:13 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-13 17:13 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-13 17:06 . 2010-01-13 17:06 -------- d-s---w- c:\documents and settings\Administrador\UserData
2010-01-13 17:01 . 2010-01-13 17:01 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-13 16:44 . 2010-01-13 16:44 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation
2010-01-13 16:44 . 2006-12-18 18:34 446464 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-01-13 16:43 . 2006-10-05 18:35 356352 ------w- c:\windows\system32\nvuide.exe
2010-01-13 16:43 . 2006-10-24 15:13 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-01-13 16:43 . 2006-11-07 16:58 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-01-13 16:43 . 2010-01-13 16:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield
2010-01-13 16:31 . 1998-10-29 18:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-13 16:26 . 2010-01-13 16:26 -------- d-----w- c:\windows\system32\Lang
2010-01-13 16:24 . 2010-01-13 16:36 -------- d-----w- c:\windows\system32\RTCOM
2010-01-13 16:23 . 2010-01-13 16:37 -------- d-----w- c:\windows\nview
2010-01-13 16:23 . 2006-12-18 18:33 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-13 16:23 . 2006-12-18 18:33 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-13 16:22 . 2010-01-13 16:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-01-13 16:14 . 2005-03-16 06:23 13696 ----a-r- c:\windows\system32\drivers\BIOS.sys
2010-01-13 16:13 . 2001-09-06 01:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-13 16:13 . 2001-09-06 01:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-13 16:13 . 2001-08-18 00:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-01-13 16:13 . 2001-08-18 00:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-13 16:13 . 2004-08-04 01:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 22:14 . 2010-01-13 22:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Knob Mix Test
2010-01-13 22:14 . 2010-01-13 22:14 -------- d-----w- c:\arquivos de programas\Knob Mix Test
2010-01-13 22:14 . 2010-01-13 22:14 577536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Knob Mix Test\Stupidlog.exe
2010-01-13 16:50 . 2001-10-28 19:07 48628 ----a-w- c:\windows\system32\perfc016.dat
2010-01-13 16:50 . 2001-10-28 19:07 344380 ----a-w- c:\windows\system32\perfh016.dat
2010-01-13 16:24 . 2010-01-13 16:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-01-13 16:24 . 2010-01-13 16:24 -------- d-----w- c:\arquivos de programas\Realtek
2010-01-13 16:24 . 2010-01-13 16:24 315392 ----a-w- c:\windows\HideWin.exe
2010-01-13 15:51 . 2010-01-13 15:51 2232 ----a-w- c:\windows\java\Packages\Data\NVVRXR17.DAT
2010-01-13 15:51 . 2010-01-13 15:51 155995 ----a-w- c:\windows\java\Packages\GALJRZD7.ZIP
2010-01-13 15:51 . 2010-01-13 15:51 2678 ----a-w- c:\windows\java\Packages\Data\62BZ1JP3.DAT
2010-01-13 15:51 . 2010-01-13 15:51 2678 ----a-w- c:\windows\java\Packages\Data\ZTV5ZLZL.DAT
2010-01-13 15:51 . 2010-01-13 15:51 2678 ----a-w- c:\windows\java\Packages\Data\R9BPNNZX.DAT
2010-01-13 15:51 . 2010-01-13 15:51 2678 ----a-w- c:\windows\java\Packages\Data\BLJVFXZV.DAT
2010-01-13 15:51 . 2010-01-13 15:51 2678 ----a-w- c:\windows\java\Packages\Data\1N5RJ9JL.DAT
2010-01-13 15:51 . 2010-01-13 15:51 -------- d-----w- c:\arquivos de programas\Lavasoft
2010-01-13 15:47 . 2010-01-13 15:47 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-01-13 15:46 . 2010-01-13 15:46 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-13 15:45 . 2010-01-13 15:45 -------- d-----w- c:\arquivos de programas\Serviços on-line
2010-01-13 15:45 . 2010-01-13 15:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-01-13 15:44 . 2010-01-13 15:44 21844 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Time Online"="c:\docume~1\ADMINI~1\DADOSD~1\KNOBMI~1\Stupidlog.exe" [2010-01-13 577536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1699840]
"SkyTel"="SkyTel.EXE" [2007-10-11 1896448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Documents and Settings\\Administrador\\Desktop\\Downloads\\wrar391br.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\XT-999FF.EXE"=
"c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\vblre.exe"=
"c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\uimw.exe"=
"c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\pybr.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [13/1/2010 14:14 13696]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\tpngm.sys --> c:\windows\system32\drivers\tpngm.sys [?]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://google.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hblr881h.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-XP-B517DF2B - c:\windows\system32\XP-B517DF2B.EXE
AddRemove-Modem Driver - c:\arquivos de programas\Driver\Modem Driver\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 20:21
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2010-01-13 20:22:50
ComboFix-quarantined-files.txt 2010-01-13 22:22

Pré-execução: 5 pasta(s) 34.249.953.280 bytes disponíveis
Pós execução: 6 pasta(s) 34.231.156.736 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2C2F411CD496CA449C612B45BB3A37C6


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 PM

Posted 13 January 2010 - 09:25 PM

Hello. I think that this is Portuguese. Saying Regedit and Task manager do not work.
I moved your Topic to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal section of the Security foum. This where it need to be.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users