[Resolvido] &nbspLog para analise

[Edvan 30]

Quando abro o IE 8.0 aparece esse erro na imagem a baixo, será algum bug no IE ou virus mesmo?

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:11:31, on 29/06/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\SpyPrinter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Sigap\SpyPrinterD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br/ponto_online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Monitor] "C:\Sigap\SpyPrinterD.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...Lg&n=2010091513

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SpyPrinterD - Unknown owner - c:\windows\system32\SpyPrinter.exe

 

--

End of file - 6532 bytes

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-06-29 - 12:19

-------------------------------------------------------

Lista de Definição: 2011-05-23-1 | CORE: 2010-12-28-6

=======================================================

 

Arquivo infectado detectado: C:\DOCUME~1\f001838\CONFIG~1\Temp\6.tmp

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

[wings 22]

Olá Edvan

 

Pelo que estive pesquisando, isso pode ser problema no registro ou o IE corrompido.

 

*Baixe e instale o CCleaner Slim

*Clique [Executar Limpeza]

*Clique [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

Se ainda persistir, reinstale o IE.

 

Um abraço.

[Edvan 30]

Já fiz isso wings , limpeza pelo ccleane, tentei desinstalar o IE 8.0 mais nao está aparecendo no adicionar ou remover programas..

 

Usei o Revo Uninstaller, desinstalei mais ainda continua, aconselha a formatar?

http://www.baixaki.com.br/download/revo-uninstaller.htm

[wings 22]

Leia este link e execute o Fix.

[Edvan 30]

OBS: o problema do IE foi resolvido, mais como peguei um Banker pelo BankerFix 3.1 fiquei com medo, de qualquer forma postei um novo log, se nao constar nada de virus pode setar como resolvido.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:49:36, on 1/7/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\SpyPrinter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Sigap\SpyPrinterD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Monitor] "C:\Sigap\SpyPrinterD.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SpyPrinterD - Unknown owner - c:\windows\system32\SpyPrinter.exe

 

--

End of file - 6243 bytes

[wings 22]

Atualize o Malwarebytes, faça um scan completo e cole o relatório.

[Edvan 30]

Opa!! então wings já fiz isso, o problema é que para no meio do scan dizendo que o Malwarebytes encontrou um problema e precisa ser fechado.

 

[wings 22]

1.

*Desinstale o Malwarebytes usando o seu desinstalador:

http://www.malwarebytes.org/mbam-clean.exe

 

2.

*Baixe-o novamente, instale, atualize e faça um scan completo.

http://www.filehippo.com/download_malwarebytes_anti_malware/

[Edvan 30]

OBS: deixei o scan só na unidade C, deu certo, agora quando seto a unidade D trava e fechar o Malwarebytes..

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:54:31, on 4/7/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

c:\windows\system32\SpyPrinter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Sigap\SpyPrinterD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Monitor] "C:\Sigap\SpyPrinterD.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SpyPrinterD - Unknown owner - c:\windows\system32\SpyPrinter.exe

 

--

End of file - 5822 bytes

 

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Versão da Base de Dados: 7017

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

4/7/2011 08:47:56

mbam-log-2011-07-04 (08-47-56).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 278026

Tempo decorrido: 15 minuto(s), 27 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 3

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\arquivos de programas\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\arquivos de programas\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

[wings 22]

Sem grandes problemas.

 

*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

[Edvan 30]

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Administrador at 10:09:53 on 2011-07-04

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.508 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Canon\DIAS\CnxDIAS.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\SpyPrinter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Sigap\SpyPrinterD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquiv~1\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquivos de programas\gbplugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [Monitor] "c:\sigap\SpyPrinterD.exe"

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} - hxxps://imagem.caixa.gov.br/cab/GbPluginCef.cab

TCP: DhcpNameServer = 10.4.65.16

TCP: Interfaces\{42C7053F-2990-4118-8BFD-8F4D74B31C1B} : DhcpNameServer = 10.4.65.16

Notify: GbPluginBb - c:\arquiv~1\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: GbPluginUni - c:\arquivos de programas\gbplugin\gbiehUni.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquivos de programas\gbplugin\gbiehuni.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquiv~1\gbplugin\gbieh.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\p1kaof8k.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\p1kaof8k.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-12 46624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-17 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-14 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-14 19544]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2011-3-15 42184]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2007-9-17 169760]

R2 SpyPrinterD;SpyPrinterD;c:\windows\system32\SpyPrinter.exe [2008-5-21 1406464]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-4 39984]

.

=============== Created Last 30 ================

.

2011-07-04 11:13:34 -------- d-----w- c:\documents and settings\administrador\dados de aplicativos\Malwarebytes

2011-07-04 11:10:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-04 11:10:36 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Malwarebytes

2011-07-04 11:10:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:10:24 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-07-01 19:40:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-29 15:10:49 388608 ----a-w- C:\HiJackThis.exe

2011-06-29 12:19:13 -------- d-----w- c:\arquivos de programas\VS Revo Group

2011-06-29 12:02:48 -------- d-----w- c:\windows\All Users

2011-06-29 11:51:01 86016 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-06-29 11:51:01 86016 ------w- c:\windows\system32\msxml6r.dll

2011-06-29 11:51:01 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-06-29 11:51:01 1306624 ------w- c:\windows\system32\msxml6.dll

2011-06-29 11:47:59 -------- d-----w- c:\windows\ServicePackFiles

2011-06-29 11:47:39 294912 ------w- c:\arquivos de programas\windows media player\dlimport.exe

2011-06-29 11:47:33 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-06-29 11:45:10 19569 ----a-w- c:\windows\003098_.tmp

.

==================== Find3M ====================

.

2011-06-13 12:06:20 46624 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2011-05-17 19:51:52 54016 ----a-w- c:\windows\system32\drivers\iqumklky.sys

2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2004-10-01 18:00:16 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

============= FINISH: 10:11:08,46 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 17/9/2007 11:03:55

System Uptime: 4/7/2011 09:02:00 (1 hours ago)

.

Motherboard: ECS | | P4M800PRO-M478

Processor: Intel® Celeron® CPU 2.13GHz | CPU 1 | 2129/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 25,877 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 13,728 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP878: 25/5/2011 16:20:41 - Ponto de verificação do sistema

RP879: 26/5/2011 14:11:31 - Instalação de driver não assinada

RP880: 27/5/2011 14:18:58 - Ponto de verificação do sistema

RP881: 30/5/2011 08:07:02 - Ponto de verificação do sistema

RP882: 31/5/2011 12:29:16 - Ponto de verificação do sistema

RP883: 1/6/2011 12:40:20 - Ponto de verificação do sistema

RP884: 2/6/2011 12:52:15 - Ponto de verificação do sistema

RP885: 3/6/2011 13:18:49 - Instalação de driver não assinada

RP886: 6/6/2011 08:04:44 - Ponto de verificação do sistema

RP887: 7/6/2011 09:15:41 - Ponto de verificação do sistema

RP888: 8/6/2011 10:30:23 - Ponto de verificação do sistema

RP889: 9/6/2011 10:53:14 - Ponto de verificação do sistema

RP890: 10/6/2011 12:15:20 - Ponto de verificação do sistema

RP891: 13/6/2011 07:50:22 - Ponto de verificação do sistema

RP892: 14/6/2011 07:52:06 - Ponto de verificação do sistema

RP893: 15/6/2011 08:50:13 - Ponto de verificação do sistema

RP894: 16/6/2011 08:58:43 - Ponto de verificação do sistema

RP895: 17/6/2011 12:26:50 - Ponto de verificação do sistema

RP896: 20/6/2011 08:07:17 - Ponto de verificação do sistema

RP897: 21/6/2011 09:24:14 - Ponto de verificação do sistema

RP898: 22/6/2011 12:21:25 - Ponto de verificação do sistema

RP899: 27/6/2011 07:59:55 - Ponto de verificação do sistema

RP900: 28/6/2011 12:29:08 - Ponto de verificação do sistema

RP901: 29/6/2011 08:45:17 - Windows XP Service Pack 3 instalado.

RP902: 29/6/2011 09:09:00 - Installed %1 %2.

RP903: 29/6/2011 09:19:42 - Revo Uninstaller's restore point - Windows Internet Explorer 8

RP904: 29/6/2011 12:00:05 - Removido Microsoft Visual C++ 2005 Redistributable

RP905: 30/6/2011 12:38:12 - Ponto de verificação do sistema

RP906: 1/7/2011 13:21:32 - Ponto de verificação do sistema

RP907: 1/7/2011 16:46:04 - Instalado Microsoft Fix it 50195

RP908: 1/7/2011 17:53:52 - Removed Microsoft Silverlight

RP909: 1/7/2011 17:56:33 - Removido BrOffice.org 3.2

RP910: 1/7/2011 17:59:39 - Removido Windows Live Sync

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.1.0 - Português

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB941569)

avast! Free Antivirus

Canon iR1020/1024/1025

CCleaner

Ferramenta de Carregamento do Windows Live

HP LaserJet M1005

HP OrderReminder

hppMSRedist

hppusgM1005

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

Java Auto Updater

Java 6 Update 2

Java 6 Update 24

Java 6 Update 5

Malwarebytes' Anti-Malware versão 1.51.0.1200

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 5.0 (x86 pt-BR)

Mozilla Thunderbird (3.1.11)

PDFCreator

Platform

Realtek AC'97 Audio

Receitanet Java 2010.02d

Scan To

ShareIns

VIA Gerenciador de dispositivo de plataforma

VIA Rhine-Family Fast Ethernet Adapter

VIA/S3G Display Driver

WebFldrs XP

Windows Imaging Component

Windows PowerShell 1.0

Windows XP Service Pack 3

.

==== End Of File ===========================

[wings 22]

OK...o log está limpo...:)

 

 

1.

*Delete o DDS e seus relatórios.

 

2.

*Delete (enviar para a lixeira) o arquivo c:\windows\003098_.tmp

 

 

Um abraço.

[Edvan 30]

Ok. wings, obrigado mais uma vez.. :joia:

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.