Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
caioandrian

Log hijackthis (pc reinicia em jogo online) ajude

Recommended Posts

oi, sou novo aqui... mas vou tentar mostrar e fazer o que vocês vierem pedir.

desculpe por tem enviado mensagem privada (pensei que fosse melhor), e por favor tentem me ajudar.

estou tento problema com jogo...

Comecei a jogar Last Chaos(http://www.lastchaos.com.my/default.asp) um jogo online, a cerce de 3 semanas

e nunca tive algum problema maior como esse, geralmente seria por causa da internet já que o jogo

pede minimo 56k e recomendado dsl.

outro fato é a que outro jogo pela qual nunca demonstrou qualquer problema vem a estar fechando sua tela de jogo de repente. (MUonline)

Recomendações:

http://www.lastchaos.com.my/downloads.asp

meu computador é um AMD Athlon™ XP 2000+

Windows XP professional Versão 2002

Service Pack 2

1.67HGz

512 MB de RAM (nova) >> estranho pois achei que pederia para instala-la, ou o windows encontra-la como hardware novo.

placa de video GForce4 FX 5200

Todos os coolers funcionam perfeitamente.

log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 19:42:25, on 14/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\sstray.exe

C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\user\Desktop\jogos\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [bdxnhjov] C:\WINDOWS\system32\xyxercpj.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [!ewido] "C:\Arquivos de programas\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .tif: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin5.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A5FE3164-34D4-4A65-B8FB-D5A3CC23FA8C}: NameServer = 85.255.116.172,85.255.112.62

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6994E83-170D-4D08-A3DF-1708B02D3877}: NameServer = 85.255.116.172 85.255.112.62

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE898B1B-EA5A-4BDD-9C11-7E8556FB7807}: NameServer = 85.255.116.172,85.255.112.62

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: st3d - C:\WINDOWS\system32\st3d.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Arquivos de programas\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

OBRIGADO PELA ATENÇÃO. :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.Vá ao painel de controle/conexões de rede/propriedades/geral/protocolo de TCP/IP/propriedades/geral. Talvez conste lá os seguintes números estrangeiros, de outra localidade, alocados pelo malware:

Serviço DNS preferencial 85.255... < - apagar / colar o DNS do seu provedor (liga pra eles e pergunta)

Serviço DNS secundários 85.255... < - apagar

Ou então

Se você deseja obter endereços de servidor DNS de um servidor DHCP, clique em Obter o endereço dos servidores DNS automaticamente

clica aqui

2.Faça o download do smitRem

http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1

e salve o file em sua área de trabalho

3.Faça o download win32delfkil

Salve na área de trabalho.

Dois cliques em win32delfkil.exe e instale. A nova pasta: win32delfkil.

Fechar todas as janelas windows, abra o win32delfkil folder e de 02 cliques em fix.bat.

O computador vai reiniciar automaticamente.

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque

somente as entradas abaixo e dê o Fix Checked

O4 - HKLM\..\Run: [bdxnhjov] C:\WINDOWS\system32\xyxercpj.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{A5FE3164-34D4-4A65-B8FB-D5A3CC23FA8C}: NameServer = 85.255.116.172,85.255.112.62

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6994E83-170D-4D08-A3DF-1708B02D3877}: NameServer = 85.255.116.172 85.255.112.62

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE898B1B-EA5A-4BDD-9C11-7E8556FB7807}: NameServer = 85.255.116.172,85.255.112.62

Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

Via Windows Explorer apague arquivo

C:\WINDOWS\system32\xyxercpj.exe

Abra o smitRem folder, dê um duplo click no RunThis.bat file para starter na ferramenta. Vai abrir o prompt, e você vai aguardar com paciência até que a ferramenta cumpra a limpeza e rastreamento no disco. Localize e post o smitfiles.txt que geralmente fica em -> C:/ ou partição de onde você executou a ferramenta.

Reiniciar

Faça o download do FixwareOut:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Agora fecha todos os programas para fluir a ferramenta

-> Rode-o. Instale o programa e no fim deixe marcado Run fixit.

Clique em Finish-> se a ferramenta pedir reboot -> aceite

-> veja lá o -> o arquivo C:\fixwareout\report.txt. -> no C:\fixwareout

Reiniciar

Faça agora um log hijackthis e cole na resposta com

smitfiles.txt

report.txt

post-25482-1388492092556_thumb.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • OLÁ,

    desculpe a demora para postar um resposta... é que eu não achava o tópico.

    obrigado pela ajuda... fiz quase tudo o que voce pediu.

    Não deu para axecutar algumas partes do pedido.

    Motivo: o computador não acessa o system32... fica em 99% de uso do CPU dai nçao vai...

    nem mesmo os anti-virus que na maioria trava quando entra no system32...

    um dos problemas parece estar no system.ini ... ou outras partes com (.ini)

    Ainda agora esse problema continua.

    O smitRem, Win32delfkil, e o fixwareout... eu executei em modo de segurança.

    Penso que era para executar assim.

    ai vai os logs.

    Logfile of HijackThis v1.99.1

    Scan saved at 19:56:26, on 26/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\system32\sstray.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\Documents and Settings\user\Desktop\jogos\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

    O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

    O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

    O12 - Plugin for .tif: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin5.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    log do smitfiles..........................

    smitRem © log file

    version 3.1

    by noahdfear

    Microsoft Windows XP [versÆo 5.1.2600]

    "IE"="6.0000"

    Running from

    C:\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"="Reload Browse"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key

    PSGuard.com key not present!

    checking for WinHound.com key

    WinHound.com key not present!

    checking for drsmartload2 key

    drsmartload2 key not present!

    spyaxe uninstaller NOT present

    Winhound uninstaller NOT present

    SpywareStrike uninstaller NOT present

    AlfaCleaner uninstaller NOT present

    SpyFalcon uninstaller NOT present

    SpywareQuake uninstaller NOT present

    SpywareSheriff uninstaller NOT present

    Trust Cleaner uninstaller NOT present

    SpyHeal uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files

    ~~~ Program Files ~~~

    ~~~ Shortcuts ~~~

    ~~~ Favorites ~~~

    ~~~ system32 folder ~~~

    amcompat.tlb

    nscompat.tlb

    ~~~ Icons in System32 ~~~

    ~~~ Windows directory ~~~

    ~~~ Drive root ~~~

    ~~~ Miscellaneous Files/folders ~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 896 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files

    ~~~ Program Files ~~~

    ~~~ Shortcuts ~~~

    ~~~ Favorites ~~~

    ~~~ system32 folder ~~~

    ~~~ Icons in System32 ~~~

    ~~~ Windows directory ~~~

    ~~~ Drive root ~~~

    ~~~ Miscellaneous Files/folders ~~~

    ~~~ Wininet.dll ~~~

    CLEAN! :)

    log do windelf..............................

    ************************

    * WIN32DELFKIL LOGFILE *

    ************************

    by Marckie

    BEFORE RUNNING WIN32DELFKIL

    ***************************

    File(s) found in Windows directory

    ----------------------------------

    q1668265.dll

    q16803312.dll

    q17391078.dll

    q405250.dll

    g10016640.dll

    g136015.dll

    g2184750.dll

    g3936359.dll

    File(s) found in system32 folder

    --------------------------------

    Export SharedTaskScheduler key

    ------------------------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"="Reload Browse"

    "{86AA461F-2A5B-4889-B543-E1BBA6746D61}"="st3"

    sharedtaskkey: E802FFFF-8E58-4d2c-A435-8BEEFB10AB77

    ---------------------------------------------------

    no keys found

    sharedtaskkey: 86AA461F-2A5B-4889-B543-E1BBA6746D61

    ---------------------------------------------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AA461F-2A5B-4889-B543-E1BBA6746D61}]

    @="C:\\WINDOWS\\system32\\st3d.dll"

    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86AA461F-2A5B-4889-B543-E1BBA6746D61}\InprocServer32]

    @="C:\\WINDOWS\\system32\\st3d.dll"

    "ThreadingModel"="Apartment"

    Notify key

    ----------

    subkey st3d is present!

    AFTER RUNNING WIN32DELFKIL

    **************************

    File(s) found in Windows directory

    ----------------------------------

    q1668265.dll

    q16803312.dll

    q17391078.dll

    q405250.dll

    g10016640.dll

    g136015.dll

    g2184750.dll

    g3936359.dll

    File(s) found in system32 folder

    --------------------------------

    Export SharedTaskScheduler key

    ------------------------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"="Reload Browse"

    sharedtaskkey: E802FFFF-8E58-4d2c-A435-8BEEFB10AB77

    ---------------------------------------------------

    no keys found

    Notify key

    ----------

    Mais uma vez obrigado e desculpas pela demora.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá Santista

    O smitRem, Win32delfkil, e o fixwareout... eu executei em modo de segurança.

    faltou o ultimo log fixwareout

    veja a última instrução...

    B sorte

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • olha esqueci de avisar...

    não postei o Report pois não contem nada dentro.

    (ele esta em branco).

    Durante os scan, percebi que maioria ou em todos dava como endereço não encontrado.

    O arquivo que voce pede para apagar no system32, não pude tira-lo pois não consigo acessar

    a pasta system32.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Repita novamente o procedimento

    Faça o download FixwareOut:

    http://downloads.subratam.org/Fixwareout.exe

    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Agora fecha todos os programas para fluir a ferramenta

    -> Rode-o. Instale o programa e no fim deixe marcado Run fixit.

    Clique em Finish-> se a ferramenta pedir reboot -> aceite

    -> veja lá o -> o arquivo C:\fixwareout\report.txt. -> no C:\fixwareout

    cole-o na resposta

    Faça um log do Silent Runners:

    http://www.silentrunners.org

    Rode-o. Ele vai gerar um log, anexe-o na resposta.

    Nota Importante: Você precisa do WMI para rodar o Silent Runners. Se o seu computador não tiver o WMI instalado, o Silent Runners vai te direcionar até o site da Microsoft, onde você deverá fazer o download do WMI, reiniciar o computador e depois fazer o log.

    Obs: Libere a execução do script se o seu antivírus reclamar. O Silent Runners não é um script malicioso.

    clica aqui

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logs:

    Fixwareout ver 1.003

    Last edited 8/11/2006

    Post this report in the forums please

    Reg Entries that were deleted

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6EB7F95A5EB-455A-6614-3CBC-162AC733{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F6CD09BCBF06-4E28-0734-2D6D-7225245B{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44BB5059708A-ECBB-55A4-DC3F-A9FB808C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EDB8079F38A-0EBB-7CE4-831C-0F80DCEE{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3426B093AD82-48EB-E354-CC67-82A7852D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3CFF82A1283-1888-4CF4-A471-41927608{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8DD35B1291E4-52A8-44D4-FC62-EB291D5A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83DF2353333B-380B-15F4-5122-B14BA7CF{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}05C22F14556A-6029-10E4-EB7A-E77A5828{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A871FADBB4A6-566B-7824-0847-9FDFA3B8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3395C7A8144A-11AB-1FC4-CD7C-0E02944A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B22A3BFA7405-B429-C254-7B6F-23C85BA6{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA48DA586D30-BCF8-09A4-2E55-195C1FB9{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E378FA08E3E-AE6B-41B4-97CE-A3720646{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6D805D9247F1-13CA-CD94-A542-E922031F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\osnmd

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FBA61C9E1AD9-DED9-08F4-44F9-0CB29200{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}86F46C8C02CA-6D78-EDD4-EDB4-0CE08594{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B55F5DCD7A6E-725A-CDD4-8E1A-6E181E5C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4012F0C41A29-A129-E5C4-4DF4-20AFF783{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}587989C0E87C-8BBB-E0F4-CD51-C01F5073{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4EAC48280E3B-8AA9-0A44-53C7-983666ED{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1063852161FD-653B-AD84-F001-9B981E72{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF2E28B1AC4C-17EB-3AC4-80C4-CA25303F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A4041915C58-DF5A-B4A4-A840-F85AD8E2{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17E0C9444752-A598-5414-D00E-4D4DF0B1{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FC4E32FAE21-809A-C034-23FF-82BF0680{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6E51FD5C595E-ACBB-3A94-7BB5-547958AA{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0E955F95ED2-FB08-C344-46AF-48427516{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41FEFECB5CFA-125A-7E44-C042-0F52D2CC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8742BCD6D34-21AA-6744-3EEF-4F80AF9E{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B2EFCB88AC0B-B50A-8224-88CD-0A382F95{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}609AF8515985-2FC8-8F54-3194-466D99BD{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CA2DCA81C79-BE5B-4284-ED59-36098CB6{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C71AAF92ECC-8959-C634-986E-4F18FB2C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1551FBA37084-B10A-D7E4-A796-42268CBC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84A4FE4B0231-4349-4534-04E4-E3B12EBF{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F74F682B11C6-0E99-93A4-E62C-46933412{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48A216F7620D-7C2B-6794-97BF-BD6F6738{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F975DB9EF1EF-E058-DCE4-8458-0392403A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48C17D1E455B-AFD8-6FB4-F454-672FAA18{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E4E3959CCA1-49C8-9244-CE3E-7504FB4C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B5CD3223696B-463B-A134-BDE9-9F34F60D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58067FD57042-120B-0FC4-CC1E-ACDD0202{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3492BD38BC77-0B68-AC44-5711-ACB42383{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4AF3C512CB3-CC49-F204-6A24-F849661D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}314ACF18479B-4FA9-45D4-0811-BC822195{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28FABE5128AF-8319-1B54-A6AD-50A83B84{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D8AEA93B458-3F8B-1BE4-F4A7-10981400{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F0A38DD33D97-5A29-A0D4-6D08-AF14C09C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54B66DA8C240-74EA-3554-8901-A0AA09DA{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}970DC5F7D341-FE9A-0EB4-C1E1-82232030{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F037B0D875CB-674B-3984-3598-28372A65{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B88BFA13C98-B819-0AF4-56DF-2AD07C9E{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AF96E95628C7-92A9-B594-1FA3-492C546C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}651C61131FC6-B1FB-B454-E731-E4A94D11{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}399669D8066E-2309-5CF4-7B14-8917341A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A64B3D591347-2B49-5314-641B-5363977C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36D9444264A2-9468-C064-0D26-B9B935DD{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3BC6D7FFF988-AC99-E2D4-75BD-DE03D432{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F77B34FCD964-97E8-F714-F41B-29559E21{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D3464EF676C-9728-59B4-E816-307E1BB0{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0BCE4687C075-1A79-7CE4-A642-2F9F4E3C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}69EC657EFBFF-50BB-CED4-D82B-2FAEDA57{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2084E8BC205-027A-51D4-13BE-ECA6D8D1{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DDC226C92B60-46F9-3A54-C055-0055A52F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F88172579B3-4B79-4F14-A330-F316C8DE{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}697D4DF22C23-78BA-9D44-6130-63BFD58A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E83E5D3E0DD2-65EB-4734-EB16-E27B4EF8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7B4409C074F6-326B-68F4-AA5C-4CDD3B0E{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9516130FDFF9-3D6A-CD84-1F0D-7C4C7D64{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E370D40DFBE8-A339-C1F4-8396-80A7915C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2401C16348A-5E8A-F994-D30E-74A2A7B8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}369361E0DCB3-44C9-A204-A354-BCEF1982{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BED7FD418F24-04BB-4014-17D3-EF5BF2B1{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B1D6A0D2092-0909-5534-1569-DE20F0CE{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A10B8AC4DB8-8B9B-5854-33E9-83AF1A00{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}18226180366A-DE3B-F714-F368-0D24F9E4{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC4D1DD669E7-A7B9-9324-1993-4CDD4CE2{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F783872C171-5FBB-C794-5CE7-4CB63DE7{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9BF096C9D70A-A7A9-C754-13DA-B4C693D8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}69587040B971-94AB-3294-F20A-63FC47AB{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B00185621C46-88F9-9FF4-A3ED-4861D591{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}200B9F278113-6D88-4334-82CE-6BA7D212{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A77C742E255-2D5B-3B24-D468-7FA618C1{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FCA1A431B0D0-AFD8-FFD4-815C-0638D5F0{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2730086048D-8BBB-9024-0662-A7AF888B{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F37C5F736D5C-7B79-EDC4-A87A-4C539C24{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D8B9702F840-6EFA-7DB4-D127-3CF4F5FE{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A5622430B98-0799-8684-F298-CD6C0164{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76DE3B722909-6A88-9454-BEBD-08006E71{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01D918ECB05C-10B8-2344-DE96-42EF4E0D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5949B184D435-BDD8-4A14-EEB9-A8B893DC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}18F276029FAD-8ED9-36B4-AF5D-5090F083{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}88883DA1F839-D9C8-BBB4-9395-D143C1C9{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE4E32178D1D-8BB8-6F14-D9E8-0D2B5236{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3D3803D7343C-DD7B-43A4-5E03-A9962956{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B5B50E4D2AC8-9D7B-0894-E566-A9EFB99F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13CC539ADC33-0F3B-5484-77DE-6A5EEC74{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}015E762C8BC0-F208-3214-1247-D788B8F4{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F33A7BFAC587-40C9-2B64-EC7F-C4A45EBF{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D02B4EC40450-14FB-1494-5AEF-5AABE86B{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D5E1013189CD-9048-8194-99B2-D389FD70{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C96CF73C262-1D99-7964-0404-D24E407B{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E711171A6F59-34C8-6674-4A52-276E3863{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72BEDA4F5FC9-8DFA-9B14-C742-BD80A897{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5ED5190D3FB7-10A9-7004-F899-A753853D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC746DE47394-8D2A-E654-E40F-D6C22F4C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7A492BCE8FE-2A89-A424-FE30-DD2A6DB6{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C9A7416FBD2-D0AA-1B44-3D39-491223ED{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}77944C2763C8-75CB-0EA4-39E4-9DDEAE59{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23EAD0342AD1-1538-B344-61FD-7F67AF1C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}049304C83C6A-4718-1BD4-4422-74D2FE7E{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2603824D0BD9-E14A-4B64-FEA4-9A0FBCB8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F8EC6A1497A-AA4B-EC94-4617-E39330C4{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}12C09FB42A1A-838A-A4A4-388D-DF674061{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}563813F6E87F-6F1B-A7C4-5D8A-5169CACC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BDE3CCC7B00E-238A-5414-2C9A-D08B69F5{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0DD85FB1A3E0-F838-DDA4-1ACF-7C262FC9{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}37DBC650F264-3209-F134-3896-5A5B979C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2438F44CD9BC-46BA-D724-116B-77EEED4A{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3CA8F1104E54-21F9-0614-CE50-754C7FF6{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D26775F4B5CF-F0A9-E294-8C03-B0C34E76{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3973444A0341-51A8-A344-DFFD-3E1D83DE{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF6B6626E9EF-E508-7254-620B-E36A17A8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}857EFFECEC87-5278-B924-7DEF-01D78636{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4171D21CCEC3-989B-7974-A642-BBCA90A9{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}32EA5B1A310D-DF2A-C144-CFF0-BDB6F489{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B1A12915DC9E-8C69-0CB4-333A-578A3230{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19F646EE5C24-67BB-CAD4-5A72-2A3E9641{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}665D998433FE-29FA-F374-6621-4614FF57{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BBF12B79FFC7-E92A-1B94-17CB-8E3162F6{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}685F4E915AB3-F6DA-AF84-1D32-1A087AA5{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A2E735E0D32F-CB48-E5E4-C337-A3C79E1D{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}683D5C23EB38-2A6A-8D14-E1FF-F41DF4E8{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D185C1C39334-52CB-7554-1A97-5EC52D44{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}944DFCC19D65-A6FB-E0A4-3A2B-D95E38DF{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}04C13D799054-5E89-7AD4-0706-B78D6BD4{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E02AFDDE608-052B-BDD4-5F6D-7D4DFF36{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E34962D47E41-833B-5AA4-FB39-828B8C4C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9AC969D56B21-F04A-3094-4FC0-A1D17190{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36BFE48694B0-96CB-F6A4-446C-57F6B400{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B5BB28D89AE-1AC8-5D14-B85E-D8786C55{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A00F53C7371C-569A-4314-2B53-59ECC28C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0023EC00A165-D4DA-CE74-2BC7-A3F45F71{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}588271CA7E02-E358-7F74-13CF-228DD1BC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}801412A9379C-88BA-7724-E662-99B99A3F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C7BF7256C7B4-B3E9-C874-95D3-72E6B8CF{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE96E9593C84-FC8A-4074-5B43-762FCBDC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84DA282C4EF7-3FE8-75B4-62C9-72BD7098{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}16E4A12E0F73-E3BA-9974-2FD0-B9F52C60{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22B28652136F-55F9-E674-AB69-6E32CF79{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}80C8BA21EDE5-3E8B-D2D4-A268-58C0BFFD{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D689E527AC41-13E8-A464-4E0C-30657F2C{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55AF4C88BDED-8AD9-1614-D9AB-4A4963F1{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}08D8A0E03D40-BB9B-2014-6AF1-676A3A13{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0AA7C2F6F8C5-62D8-E3E4-6495-C5BA5B2F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D0A0B8903E56-50F8-83B4-7F0D-93FB131F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F9702F1A2CDE-CCCA-E984-EAF0-2CD55458{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}735474F3C168-3598-1894-62BE-9A840EBD{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4206CAA230E8-AD59-3614-BF3D-AA978350{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FA4E13F2FAF-F1A9-A864-FC56-955225DC{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4A2687A756FD-B769-32F4-F23A-72228CD7{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A63CE654F240-C5B9-04E4-0BBB-7EB831D0{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FCEFF60B11A-D479-6D64-1DBD-2DDC2CF5{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5A71D4FA0AE-CA38-ED14-BFE5-ACD61C77{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EF1D7E6A900-48E8-9F14-7F5C-53B0C0D5{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CC3AC3EF589F-4B79-EB74-0990-A7CE4643{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}160800AD3CCA-58BB-A434-2D4E-1AA0B85F{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1233902B12D8-C7BB-3794-728D-5B1AD881{

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif

    ...

    Random Runs removed from HKLM

    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    * csr.exe C:\WINDOWS\System32\CSZDA.EXE

    »»»»»

    Search five digit cs, dm and jb files.

    This WILL/CAN also list Legit Files, Submit them at Virustotal

    C:\WINDOWS\SYSTEM32\CSZDA.EXE 51.202 2006-08-24

    Other suspects.

    Directory of C:\WINDOWS\system32

    {188DA1B5-D827-4973-BB7C-8D21B2093321}.exe

    {77C16DCA-5EFB-41DE-83AC-EA0AF4D17A5E}.exe

    {CD522559-65CF-468A-9A1F-FAF2F31E4AF7}.exe

    {F131BF39-D0F7-4B38-8F05-65E3098B0A0D}.exe

    {C2F75603-C0E4-464A-8E31-14CA725E986D}.exe

    {8907DB27-9C26-4B57-8EF3-7FE4C282AD48}.exe

    {CB1DD822-FC31-47F7-853E-20E7AC172885}.exe

    {004B6F75-C644-4A6F-BC69-0B49684EFB63}.exe

    {4DB6D87B-6070-4DA7-98E5-450997D31C40}.exe

    {D1E97C3A-733C-4E5E-84BC-F23D0E537E2A}.exe

    {1469E3A2-27A5-4DAC-BB76-42C5EE646F91}.exe

    {63687D10-FED7-429B-8725-78CECEFFE758}.exe

    {6FF7C457-05EC-4160-9F12-45E4011F8AC3}.exe

    {5F96B80D-A9C2-4145-A832-E00B7CCC3EDB}.exe

    {8BCBF0A9-4AEF-46B4-A41E-9DB0D4283062}.exe

    {DE322194-93D3-44B1-AA0D-2DBF6147A9C9}.exe

    {798A08DB-247C-41B9-AFD8-9CF5F4ADEB27}.exe

    {B68EBAA5-FEA5-4941-BF41-05404CE4B20D}.exe

    {F99BFE9A-665E-4980-B7D9-8CA2D4E05B5B}.exe

    {380F0905-D5FA-4B63-9DE8-DAF920672F81}.exe

    {4610C6DC-892F-4868-9970-89B0342265A2}.exe

    {0F5D8360-C518-4DFF-8DFA-0D0B134A1ACF}.exe

    {BA74CF36-A02F-4923-BA49-179B04078596}.exe

    {4E9F42D0-863F-417F-B3ED-A66308162281}.exe

    {2891FECB-453A-402A-9C44-3BCD0E163963}.exe

    {E0B3DDC4-C5AA-4F86-B623-6F470C9044B7}.exe

    {F25A5500-550C-45A3-9F64-06B29C622CDD}.exe

    {0BB1E703-618E-4B95-8279-C676FE4643D5}.exe

    {C7793635-B146-4135-94B2-743195D3B46A}.exe

    {E9C70DA2-FD65-4FA0-918B-89C31AFB88B3}.exe

    {C90C41FA-80D6-4D0A-92A5-79D33DD83A0F}.exe

    {D166948F-42A6-402F-94CC-3BC215C3FA4A}.exe

    {C4BF4057-E3EC-4429-8C94-1ACC9593E4E5}.exe

    {21433964-C26E-4A39-99E0-6C11B286F47F}.exe

    {6BC89063-95DE-4824-B5EB-97C18ACD2AC9}.exe

    {CC2D25F0-240C-44E7-A521-AFC5BCEFEF14}.exe

    {F30352AC-4C08-4CA3-BE71-C4CA1B82E2FC}.exe

    {387FFA02-4FD4-4C5E-921A-92A14C0F2104}.exe

    {F130229E-245A-49DC-AC31-1F7429D508D6}.exe

    {A44920E0-C7DC-4CF1-BA11-A4418A7C5933}.exe

    {80672914-174A-4FC4-8881-3821A28FFC3B}.exe

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    LOG silent runners...

    Silent Runners.vbs", revision 46, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:

    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "msnmsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

    "popbanner" = "C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner" ["Powered by GVT"]

    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

    "HP Software Update" = "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

    "DeviceDiscovery" = "C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

    "Atualizador - Puxa Rápido" = "C:\Arquivos de programas\Puxa Rápido\Atualiza.exe" [null data]

    "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]

    "nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]

    "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "AcroIEHlprObj Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Google Toolbar Helper"

    \InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

    -> {HKLM...CLSID} = "GbIehObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {HKLM...CLSID} = "Portable Media Devices Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\NVCPL.DLL" ["NVIDIA Corporation"]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

    -> {HKLM...CLSID} = "AVG7 Find Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    "System" = (value not set)

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:

    -----------------------------

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Startup items in "user" & "All Users" startup folders:

    ------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

    "Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

    Winsock2 Service Provider DLLs:

    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

    -> {HKLM...CLSID} = "&Google"

    \InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

    -> {HKLM...CLSID} = "&Google"

    \InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

    Miscellaneous IE Hijack Points

    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):

    [strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

    [strings]: SAFESITE_VALUE="search.msn.com.br"

    Missing lines (compared with English-language version):

    [strings]: 2 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

    AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

    AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

    Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

    Print Monitors:

    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + To search all directories of local fixed drives for DESKTOP.INI

    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

    use the -supp parameter or answer "No" at the first message box.

    ---------- (total run time: 40 seconds, including 13 seconds for message boxes)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    1. Faça o download do KillBox do Option^Explicit

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Unzip. Rode-o. Marque a opção Delete on Reboot. Agora selecione a lista em negrito abaixo e clique em Editar > Copiar (ou pressione CTRL + C).

    C:\WINDOWS\SYSTEM32\CSZDA.EXE

    C:\WINDOWS\system32\{188DA1B5-D827-4973-BB7C-8D21B2093321}.exe

    C:\WINDOWS\system32\{77C16DCA-5EFB-41DE-83AC-EA0AF4D17A5E}.exe

    C:\WINDOWS\system32\{CD522559-65CF-468A-9A1F-FAF2F31E4AF7}.exe

    C:\WINDOWS\system32\{F131BF39-D0F7-4B38-8F05-65E3098B0A0D}.exe

    C:\WINDOWS\system32\{C2F75603-C0E4-464A-8E31-14CA725E986D}.exe

    C:\WINDOWS\system32\{8907DB27-9C26-4B57-8EF3-7FE4C282AD48}.exe

    C:\WINDOWS\system32\{CB1DD822-FC31-47F7-853E-20E7AC172885}.exe

    C:\WINDOWS\system32\{004B6F75-C644-4A6F-BC69-0B49684EFB63}.exe

    C:\WINDOWS\system32\{4DB6D87B-6070-4DA7-98E5-450997D31C40}.exe

    C:\WINDOWS\system32\{D1E97C3A-733C-4E5E-84BC-F23D0E537E2A}.exe

    C:\WINDOWS\system32\{1469E3A2-27A5-4DAC-BB76-42C5EE646F91}.exe

    C:\WINDOWS\system32\{63687D10-FED7-429B-8725-78CECEFFE758}.exe

    C:\WINDOWS\system32\{6FF7C457-05EC-4160-9F12-45E4011F8AC3}.exe

    C:\WINDOWS\system32\{5F96B80D-A9C2-4145-A832-E00B7CCC3EDB}.exe

    C:\WINDOWS\system32\{8BCBF0A9-4AEF-46B4-A41E-9DB0D4283062}.exe

    C:\WINDOWS\system32\{DE322194-93D3-44B1-AA0D-2DBF6147A9C9}.exe

    C:\WINDOWS\system32\{798A08DB-247C-41B9-AFD8-9CF5F4ADEB27}.exe

    C:\WINDOWS\system32\{B68EBAA5-FEA5-4941-BF41-05404CE4B20D}.exe

    C:\WINDOWS\system32\{F99BFE9A-665E-4980-B7D9-8CA2D4E05B5B}.exe

    C:\WINDOWS\system32\{380F0905-D5FA-4B63-9DE8-DAF920672F81}.exe

    C:\WINDOWS\system32\{4610C6DC-892F-4868-9970-89B0342265A2}.exe

    C:\WINDOWS\system32\{0F5D8360-C518-4DFF-8DFA-0D0B134A1ACF}.exe

    C:\WINDOWS\system32\{BA74CF36-A02F-4923-BA49-179B04078596}.exe

    C:\WINDOWS\system32\{4E9F42D0-863F-417F-B3ED-A66308162281}.exe

    C:\WINDOWS\system32\{2891FECB-453A-402A-9C44-3BCD0E163963}.exe

    C:\WINDOWS\system32\{E0B3DDC4-C5AA-4F86-B623-6F470C9044B7}.exe

    C:\WINDOWS\system32\{F25A5500-550C-45A3-9F64-06B29C622CDD}.exe

    C:\WINDOWS\system32\{0BB1E703-618E-4B95-8279-C676FE4643D5}.exe

    C:\WINDOWS\system32\{C7793635-B146-4135-94B2-743195D3B46A}.exe

    C:\WINDOWS\system32\{E9C70DA2-FD65-4FA0-918B-89C31AFB88B3}.exe

    C:\WINDOWS\system32\{C90C41FA-80D6-4D0A-92A5-79D33DD83A0F}.exe

    C:\WINDOWS\system32\{D166948F-42A6-402F-94CC-3BC215C3FA4A}.exe

    C:\WINDOWS\system32\{C4BF4057-E3EC-4429-8C94-1ACC9593E4E5}.exe

    C:\WINDOWS\system32\{21433964-C26E-4A39-99E0-6C11B286F47F}.exe

    C:\WINDOWS\system32\{6BC89063-95DE-4824-B5EB-97C18ACD2AC9}.exe

    C:\WINDOWS\system32\{CC2D25F0-240C-44E7-A521-AFC5BCEFEF14}.exe

    C:\WINDOWS\system32\{F30352AC-4C08-4CA3-BE71-C4CA1B82E2FC}.exe

    C:\WINDOWS\system32\{387FFA02-4FD4-4C5E-921A-92A14C0F2104}.exe

    C:\WINDOWS\system32\{F130229E-245A-49DC-AC31-1F7429D508D6}.exe

    C:\WINDOWS\system32\{A44920E0-C7DC-4CF1-BA11-A4418A7C5933}.exe

    C:\WINDOWS\system32\{80672914-174A-4FC4-8881-3821A28FFC3B}.exe

    Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

    Clique no botão X. Responda Não à pergunta.

    Feche o KillBox.

    2.Vá ao painel de controle/conexões de rede/propriedades/geral/protocolo de TCP/IP/propriedades/geral. Talvez conste lá os seguintes números estrangeiros, de outra localidade, alocados pelo malware:

    Serviço DNS preferencial 85.255... < - apagar / colar o DNS do seu provedor (liga pra eles e pergunta)

    Serviço DNS secundários 85.255... < - apagar

    Ou então

    Se você deseja obter endereços de servidor DNS de um servidor DHCP, clique em Obter o endereço dos servidores DNS automaticamente. Veja como explica no link:

    http://www.microsoft.com/brasil/windowsxp/...nfig_tcpip.mspx

    Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

    Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    Execute o HijackThis, clique em Do a System Scan Only, marque

    somente as entradas abaixo e dê o Fix Checked

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233

    Reiniciar

    Execute o -> Scan on line e clica em “Accept” . Pode esperar que vai demorar....

    Quando terminar, faça o scan hijackthis e cole o log com o resultado do scan apurado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OI,

    passei o scan online (kasperky), mas ele não mandou enviou nada, ou não deletou nada.

    Eu acho.

    bom ai vai o log do hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 15:17:49, on 28/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\system32\sstray.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\Documents and Settings\user\Desktop\jogos\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

    O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

    O12 - Plugin for .mpeg: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

    O12 - Plugin for .tif: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin5.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6994E83-170D-4D08-A3DF-1708B02D3877}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    o log do kaspersky:

    C:\!KillBox\cszda.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\user\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\user\Configurações locais\Temp\hpotdd007.log Object is locked skipped

    C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0001021.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0001030.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002030.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002036.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002047.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002052.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002058.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002121.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002122.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002123.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002124.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002125.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002126.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002127.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002128.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002129.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002130.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002131.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002132.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002133.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002134.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002135.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002136.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002137.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002138.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002139.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002140.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002141.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002142.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002143.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002144.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002145.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002146.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002147.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002148.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002149.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002150.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002151.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002152.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002153.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002154.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002155.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002156.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002157.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002158.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002159.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002160.exe Object is locked skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP1\A0002161.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped

    C:\System Volume Information\_restore{7606D933-A9F5-456E-A6A6-FD1A66D923EB}\RP2\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\g10016640.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\g136015.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\g2184750.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\g3936359.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped

    C:\WINDOWS\q1668265.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\q16803312.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\q17391078.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\q405250.dll Infected: Trojan-Downloader.Win32.Delf.zu skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

    t++

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Rode o Killbox novamente. Marque a opção Delete on Reboot. Agora selecione a lista em negrito abaixo e clique em Editar > Copiar (ou pressione CTRL + C).

    C:\WINDOWS\g10016640.dll

    C:\WINDOWS\g136015.dll

    C:\WINDOWS\g2184750.dll

    C:\WINDOWS\g3936359.dll

    C:\WINDOWS\q1668265.dll

    C:\WINDOWS\q16803312.dll

    C:\WINDOWS\q17391078.dll

    C:\WINDOWS\q405250.dll

    Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

    Clique no botão X. Responda Não à pergunta.

    Feche o KillBox.

    Adendo

    Vou deixar aqui para você fazer. Se você não souber retirar a chave do registro, não se preocupe porque ela vai ficar ai perdida e não representa perigo.

    Iniciar -> executar -> escreve regedit -> enter -> tecla F3 -> cola

    {E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}

    aguarda ... se aparecer um resultado, então

    delete com mouse do lado direito sobre esta chave.

    Reinicie o computador

    Delete o conteúdo da pasta !KillBox que está em C:\ e limpe lixeira

    O KillBox criará outros caso seja usada (serve também para backup, caso delete algum errado).

    O log hijackthis está limpo!

    Desabilite e reabilite a Restauração do Sistema:

    http://service1.symantec.com/SUPPORT/INTER...a5?OpenDocument

    Se você não tem mais problemas, clique no botão Alertar e diga que o problema está resolvido.

    Abraço

    :rolleyes:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Oks

    Muito obrigado Sr.Ida! :palmas:

    Passei o {E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}

    na procura pelo registro e não encontrou nada.

    Portanto acredito que o pc esteja OK.

    graças a você!!!!!

    Você é um gênio!!! xD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×