Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Me.Myself&I

[Arquivado] Erro: services.exe 1073741819

Recommended Posts

Logo quando o Windows é iniciado aparece uma mensagem de erro citando services.exe e o numero 1073741819 . Depois disso começa uma contagem de 1 minuto para o desligamento do sistema. O que eu faço?

 

 

Segue abaixo o log do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:06, on 17/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Documents and Settings\Cláudia\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\43G1Y9YF\WinAntiVirusPro2006FreeInstall[1].exe" -nag

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600X1200\Detector.exe

O4 - HKLM\..\Run: [instantAccess] C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\EHJO94NM\RemoveWGA.exe -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-343818398-688789844-1708537768-1003\..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe (User '?')

O4 - HKUS\S-1-5-21-343818398-688789844-1708537768-1003\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 7842 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ª Etapa

 

Sugiro que salve ou imprima estas instruções abaixo.

 

- Faça o download do SDFix e salve no desktop;

 

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;

● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro). Em caso de dúvidas quanto à isso, vide > Como reiniciar em Modo de Segurança

● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;

● Tecle Y para que a ferramenta inicie o processo de remoção;

● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente;

● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;

● Uma janela com o relatório do SDFix irá aparecer;

● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

 

 

2ª Etapa

 

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Para a sua próxima resposta, preciso que cole os logs do: SDFix, ComboFix e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rodei o SdFix e tudo correu normalmente. Com o Combofix é que nao deu muito certo. Durante a execução do programa (tanto rodando o windows normalmente ou no modo de seguranca) trava tudo e aparece a tela azul do windows. INVALID_KERNEL_HANDLE é o erro que aparece nela.

 

Seguem os logs do SDFix e o novo log do HijackThis:

 

 

 

SDFix: Version 1.240

Run by Cl udia on qui 18/12/2008 at 09:23

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\DOCUME~1\CLUDIA~1\CONFIG~1\Temp\tmp1A.tmp - Deleted

C:\DOCUME~1\CLUDIA~1\CONFIG~1\Temp\tmp6B.tmp - Deleted

 

 

 

=================================================

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:01, on 2008-12-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Cláudia\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\43G1Y9YF\WinAntiVirusPro2006FreeInstall[1].exe" -nag

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600X1200\Detector.exe

O4 - HKLM\..\Run: [instantAccess] C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\EHJO94NM\RemoveWGA.exe -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 7885 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete a pasta C:\SDFix.

 

- Baixe o OTListIt e salve-o no desktop;

 

● Duplo clique em OTListIt.exe;

● Marque as opções Scan All Users e Use Whitelist;

● Em "File Age" selecione "90 days";

● Clique em Run Scan e aguarde o término do processo;

● Será gerado um log no desktop chamado OTListIt.txt.

 

Cole este log em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 2008-12-18 22:54:30 - Run 2

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Cláudia\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

367.55 Mb Total Physical Memory | 173.59 Mb Available Physical Memory | 47.23% Memory free

710.46 Mb Paging File | 568.08 Mb Available in Paging File | 79.96% Paging File free

Paging file location(s): C:\pagefile.sys 372 744;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 38.28 Gb Total Space | 15.19 Gb Free Space | 39.69% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SUPERCOELHO

Current User Name: Cláudia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

 

========== Processes ==========

 

[2008-05-15 21:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

[2008-09-26 21:28:54 | 00,047,080 | ---- | M] () -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

[1998-12-14 12:49:20 | 00,037,376 | ---- | M] () -- C:\Arquivos de programas\TextBridge Pro 8.0\Bin\InstantAccess.exe

[2005-07-14 16:09:50 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[2008-05-15 21:19:31 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

[2008-06-12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[2008-06-10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

[2006-11-03 00:32:06 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe

[2006-11-03 00:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe

[2004-08-04 01:45:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2008-12-18 22:15:27 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cláudia\Desktop\OTListIt.exe

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

 

========== (O23) Win32 Services ==========

 

 

========== Driver Services ==========

 

 

========== Internet Explorer ==========

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

HKU\S-1-5-21-343818398-688789844-1708537768-1003\S-1-5-21-343818398-688789844-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [Detector] C:\WINDOWS\twain_32\600X1200\Detector.exe ()

O4 - HKLM..\Run: [instantAccess] C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\43G1Y9YF\WinAntiVirusPro2006FreeInstall[1].exe" -nag File not found

O4 - HKLM..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

O4 - HKLM..\Run: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE ()

O4 - HKLM..\Run: [RemoveWGA] C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\EHJO94NM\RemoveWGA.exe -startup File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe File not found

O4 - HKCU..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-343818398-688789844-1708537768-1003..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe File not found

O4 - HKU\S-1-5-21-343818398-688789844-1708537768-1003..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 File not found

O4 - HKU\S-1-5-21-343818398-688789844-1708537768-1003..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKLM..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-343818398-688789844-1708537768-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-343818398-688789844-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKU\S-1-5-21-343818398-688789844-1708537768-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: 130 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Sites: 94 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Sites: 94 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-19\..Trusted Sites: 94 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-20\..Trusted Sites: 94 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-343818398-688789844-1708537768-1003\..Trusted Sites: 130 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} https://imagem.caixa.gov.br/cab/GbPluginCef.cab (GbPluginObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab (GbPluginObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab (GbPluginObj Class)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C}C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O22 - SharedTaskScheduler: (scpLIB) - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

 

========== Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

GbPluginAbn: "DllName" = C:\Arquivos de programas\GbPlugin\gbiehabn.dll -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

GbPluginBb: "DllName" = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco ABN AMRO)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

 

========== Safeboot Options ==========

 

"AlternateShell" = cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2006-01-30 15:23:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 90 Days ==========

 

[9 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008-12-18 22:15:23 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cláudia\Desktop\OTListIt.exe

[2008-12-18 12:47:43 | 38,547,0464 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-18 12:42:58 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008-12-18 12:42:56 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2645.exe

[2008-12-18 12:29:49 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF65.exe

[2008-12-18 12:29:48 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF72.exe

[2008-12-18 12:22:13 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31350.exe

[2008-12-18 12:22:12 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31347.exe

[2008-12-18 12:09:13 | 00,000,210 | ---- | C] () -- C:\Boot.bak

[2008-12-18 12:09:07 | 00,261,856 | ---- | C] () -- C:\cmldr

[2008-12-18 12:08:59 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-12-18 12:03:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2008-12-18 12:03:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-12-18 12:03:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-12-18 12:03:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-12-18 12:03:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-12-18 12:03:31 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-12-18 12:03:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-12-18 12:03:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-12-18 12:03:31 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-12-18 12:03:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2008-12-18 12:03:20 | 00,000,000 | ---D | C] -- C:\Qoobox

[2008-12-18 12:03:16 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27618.exe

[2008-12-18 12:03:15 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27611.exe

[2008-12-18 12:02:52 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf

[2008-12-18 09:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cláudia\Dados de aplicativos\WinRAR

[2008-12-18 09:12:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2008-12-18 08:33:34 | 02,884,875 | R--- | C] () -- C:\Documents and Settings\Cláudia\Desktop\ComboFix.exe

[2008-12-18 08:33:18 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\SDFix.exe

[2008-12-18 08:32:26 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\procedure.doc

[2008-12-17 16:25:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Raxco

[2008-12-17 16:17:42 | 44,713,992 | ---- | C] (Raxco Software, Inc. ) -- C:\Documents and Settings\Cláudia\Desktop\PD2008_WS.exe

[2008-12-17 16:05:41 | 10,113,096 | ---- | C] (O&O Software GmbH ) -- C:\Documents and Settings\Cláudia\Desktop\OODefrag11ProfessionalEnu.exe

[2008-12-17 12:43:50 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\HiJackThis.zip

[2008-12-17 12:26:20 | 02,972,904 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Cláudia\Desktop\ccsetup214.exe

[2008-12-12 23:48:40 | 00,286,142 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\MdeMulher - Culinária - Bol...mdi

[2008-12-10 15:30:09 | 00,053,772 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\NECTAR20081209012430_950.pdf

[2008-12-09 14:16:15 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\controle telefone.xls

[2008-12-03 08:01:24 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\declaraçao magdalia.doc

[2008-12-02 15:41:17 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\pendura quadra.xls

[2008-11-28 01:38:30 | 00,055,937 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\CEJW_Edital_Inscricoes_2008.pdf

[2008-11-26 16:02:02 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\speed up.doc

[2008-11-24 12:38:19 | 00,004,018 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\pdfslip(3).pdf

[2008-11-24 12:35:48 | 00,004,010 | ---- | C] () -- C:\Documents and Settings\Cláudia\Desktop\pdfslip(2).pdf

[2008-11-21 23:45:55 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\Tradições liga.doc

[2008-11-19 16:05:42 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\PERGUNTAS SUGERIDAS.doc

[2008-11-19 15:32:22 | 00,210,432 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\PREPARAÇÃO E VISTORIA.doc

[2008-11-06 18:59:17 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\relação pagtos quadra.xls

[2008-11-04 12:01:07 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\Teste_do_BACEN_.xls

[2008-10-24 19:46:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2008-10-10 00:52:49 | 00,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk

[2008-10-10 00:52:47 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sun

[2008-10-01 15:14:55 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\Business Visa Letter Dagfinn.doc

[2008-10-01 14:37:10 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Cláudia\Meus documentos\Business Visa Letter.doc

[2008-09-30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4.dll

 

 

========== Files - Modified Within 90 Days ==========

 

[9 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008-12-18 22:30:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-18 22:27:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-18 22:25:32 | 38,547,0464 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-18 22:15:27 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cláudia\Desktop\OTListIt.exe

[2008-12-18 18:09:32 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2008-12-18 12:42:41 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf

[2008-12-18 12:42:41 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2645.exe

[2008-12-18 12:29:33 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF72.exe

[2008-12-18 12:29:33 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF65.exe

[2008-12-18 12:21:58 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31350.exe

[2008-12-18 12:21:58 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31347.exe

[2008-12-18 12:09:13 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008-12-18 12:02:52 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27618.exe

[2008-12-18 12:02:52 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27611.exe

[2008-12-18 09:25:14 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2008-12-18 08:33:38 | 02,884,875 | R--- | M] () -- C:\Documents and Settings\Cláudia\Desktop\ComboFix.exe

[2008-12-18 08:33:30 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\SDFix.exe

[2008-12-18 08:32:27 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\procedure.doc

[2008-12-17 16:24:29 | 44,713,992 | ---- | M] (Raxco Software, Inc. ) -- C:\Documents and Settings\Cláudia\Desktop\PD2008_WS.exe

[2008-12-17 16:07:47 | 10,113,096 | ---- | M] (O&O Software GmbH ) -- C:\Documents and Settings\Cláudia\Desktop\OODefrag11ProfessionalEnu.exe

[2008-12-17 12:47:33 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\HiJackThis.zip

[2008-12-17 12:26:52 | 02,972,904 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Cláudia\Desktop\ccsetup214.exe

[2008-12-16 08:09:44 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-15 21:07:49 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-12-14 00:07:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-12 23:48:40 | 00,286,142 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\MdeMulher - Culinária - Bol...mdi

[2008-12-10 15:30:14 | 00,053,772 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\NECTAR20081209012430_950.pdf

[2008-12-09 21:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 14:16:15 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\controle telefone.xls

[2008-12-08 17:08:06 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\relação pagtos quadra.xls

[2008-12-03 08:02:43 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\declaraçao magdalia.doc

[2008-12-02 15:51:44 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\pendura quadra.xls

[2008-11-28 01:38:31 | 00,055,937 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\CEJW_Edital_Inscricoes_2008.pdf

[2008-11-26 16:02:03 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\speed up.doc

[2008-11-26 15:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2008-11-26 15:18:25 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2008-11-26 15:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2008-11-26 15:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2008-11-26 15:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2008-11-26 15:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2008-11-26 15:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2008-11-26 15:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2008-11-26 15:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2008-11-24 12:38:20 | 00,004,018 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\pdfslip(3).pdf

[2008-11-24 12:36:03 | 00,004,010 | ---- | M] () -- C:\Documents and Settings\Cláudia\Desktop\pdfslip(2).pdf

[2008-11-22 09:44:41 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Tradições liga.doc

[2008-11-19 16:05:43 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\PERGUNTAS SUGERIDAS.doc

[2008-11-19 15:44:24 | 00,210,432 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\PREPARAÇÃO E VISTORIA.doc

[2008-11-04 12:01:08 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Teste_do_BACEN_.xls

[2008-10-24 09:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008-10-24 09:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008-10-23 11:00:11 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll

[2008-10-23 11:00:11 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll

[2008-10-22 07:47:07 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe

[2008-10-21 13:23:00 | 00,002,068 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008-10-17 01:53:08 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-10-17 01:53:08 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-10-16 18:23:07 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2008-10-16 18:23:07 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2008-10-16 18:23:07 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2008-10-16 18:23:07 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2008-10-16 18:23:07 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2008-10-16 18:23:07 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2008-10-16 18:23:07 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll

[2008-10-16 18:23:07 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2008-10-16 18:23:07 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll

[2008-10-16 18:23:07 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll

[2008-10-16 18:23:07 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll

[2008-10-16 18:23:07 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll

[2008-10-16 18:23:07 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2008-10-16 18:23:07 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2008-10-16 18:23:07 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll

[2008-10-16 18:23:07 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2008-10-16 18:23:07 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll

[2008-10-16 18:23:07 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll

[2008-10-16 18:23:06 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-10-16 18:23:06 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-16 18:23:06 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2008-10-16 18:23:06 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2008-10-16 18:23:06 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2008-10-16 18:23:06 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2008-10-16 18:23:06 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2008-10-16 18:23:06 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2008-10-16 18:23:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2008-10-16 18:23:06 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2008-10-16 18:23:06 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll

[2008-10-16 18:23:06 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll

[2008-10-16 18:23:06 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2008-10-16 18:23:06 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2008-10-16 18:23:05 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2008-10-16 18:23:05 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2008-10-16 18:23:05 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll

[2008-10-16 18:23:05 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll

[2008-10-16 18:23:05 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll

[2008-10-16 18:23:05 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll

[2008-10-16 18:23:05 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll

[2008-10-16 18:23:05 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll

[2008-10-16 18:23:05 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll

[2008-10-16 18:23:05 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll

[2008-10-16 18:23:05 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll

[2008-10-16 18:23:05 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll

[2008-10-16 18:23:05 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll

[2008-10-16 18:23:05 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll

[2008-10-16 18:23:05 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll

[2008-10-16 18:23:05 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll

[2008-10-16 18:23:05 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll

[2008-10-16 18:23:05 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll

[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll

[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll

[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll

[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll

[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll

[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll

[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl

[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl

[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll

[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe

[2008-10-16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2008-10-16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui

[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2008-10-16 14:08:12 | 00,027,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui

[2008-10-16 14:08:12 | 00,027,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2008-10-16 14:07:32 | 00,018,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui

[2008-10-16 11:15:01 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2008-10-16 11:15:01 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[2008-10-16 11:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe

[2008-10-16 11:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

[2008-10-16 07:09:14 | 00,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-15 14:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 14:59:29 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-15 05:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe

[2008-10-15 05:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll

[2008-10-15 05:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll

[2008-10-12 14:21:38 | 00,416,040 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2008-10-12 14:21:38 | 00,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-10-12 14:21:38 | 00,062,358 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2008-10-12 14:21:37 | 00,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-10-12 14:21:36 | 00,925,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-10-10 00:52:49 | 00,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk

[2008-10-03 08:16:50 | 00,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll

[2008-10-03 08:16:50 | 00,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll

[2008-10-01 19:32:56 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Business Visa Letter Dagfinn.doc

[2008-10-01 14:37:15 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Business Visa Letter.doc

[2008-09-30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4.dll

[2008-09-21 17:35:44 | 00,158,720 | -HS- | M] () -- C:\Documents and Settings\Cláudia\Meus documentos\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Cláudia\Meus documentos\Thumbs.db:encryptable

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ª Etapa

 

Execute o HijackThis e clique em Do a system scan only. Marque a entrada abaixo no log e clique no botão Fix Checked.

 

O4 - HKCU\..\Run: [88eb3fb8.exe] C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe

 

Feche o HijackThis.

 

 

2ª Etapa

 

- Faça o download do OTMoveIt3 e salve no desktop;

 

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;

● Selecione e copie todo este conteúdo aqui abaixo:

 

:Processes

explorer.exe

 

:Files

C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\43G1Y9YF\WinAntiVirusPro2006FreeInstall[1].exe

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NI.UWA6P_0001_N822M1605"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"88eb3fb8.exe"=-

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

● Cole o que você copiou no programa (no espaço em branco da janela);

● Clique no botão MoveIt;

● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;

● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;

● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

 

 

3ª Etapa

 

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

 

Para sua próxima resposta, necessito dos logs do: OTMoveIt3, Malwarebytes Anti-Malware e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\43G1Y9YF\WinAntiVirusPro2006FreeInstall[1].exe not found.

File/Folder C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\88eb3fb8.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NI.UWA6P_0001_N822M1605 deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\88eb3fb8.exe not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\CLUDIA~1\CONFIG~1\Temp\etilqs_aJdL94nMmfr87npnDSpW scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_59c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_231233

 

Files moved on Reboot...

File C:\DOCUME~1\CLUDIA~1\CONFIG~1\Temp\etilqs_aJdL94nMmfr87npnDSpW not found!

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_59c.dat moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Cláudia\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\prrer12c.default\XUL.mfl moved successfully.

 

 

 

===========================================================

 

 

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1533

Windows 5.1.2600 Service Pack 2

 

2008-12-23 09:34:02

mbam-log-2008-12-23 (09-34-02).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 113227

Tempo decorrido: 3 hour(s), 3 minute(s), 46 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 2

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 5

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/gbiehabn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\Abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\Abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\GbPluginAbn.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\GbPlugin\gbiehCef.dll (Trojan.BHO) -> Delete on reboot.

 

 

=============================================================================

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:47, on 2008-12-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Cláudia\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600X1200\Detector.exe

O4 - HKLM\..\Run: [instantAccess] C:\ARQUIV~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Cláudia\Configurações locais\Temporary Internet Files\Content.IE5\EHJO94NM\RemoveWGA.exe -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\ARQUIV~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 7464 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete a pasta C:\_OTMoveIt.

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt em seu computador e poste-o em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.