[Resolvido] &nbspProblema ao acessar pagina do BB

[Edvan 30]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:14:06, on 13/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&client_id=95C0E83001CD3A7300B3F1EB&src_id=30175&camp_id=2937&tb_version=1.2.1000.1(B)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7087 bytes

 

 

 

ComboFix 12-12-12.01 - f001783 13/12/2012 8:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1791.1200 [GMT -3:00]

Executando de: c:\documents and settings\f001783\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 259 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CergoiaSalt

c:\documents and settings\All Users\Dados de aplicativos\DYA_RTDPTOOHFWEGTVUSU

c:\documents and settings\All Users\Dados de aplicativos\DYA_RTDPTOOHFWEGTVUSU\1.0.0\Data\app.dat

c:\documents and settings\All Users\Dados de aplicativos\DYA_RTDPTOOHFWEGTVUSU\1.0.0\Data\updates.dat

c:\documents and settings\f001783\Dados de aplicativos\DYA_RTDPTOOHFWEGTVUSU

c:\documents and settings\f001783\Dados de aplicativos\DYA_RTDPTOOHFWEGTVUSU\1.0.0\Data\dya.dat

c:\documents and settings\f001783\Dados de aplicativos\FUN0080

c:\documents and settings\f001783\Dados de aplicativos\win.vbs

C:\programfiles

c:\programfiles\128x64x32.ini

c:\programfiles\22.mod

c:\programfiles\acdr2.ini

c:\programfiles\emails.txt

c:\programfiles\vggrenew41.jar

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-13 to 2012-12-13 ))))))))))))))))))))))))))))

.

.

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 11:02 . 2012-11-14 11:02 2333 ----a-w- c:\windows\arquivoex.zip

2012-10-09 11:29 . 2009-05-06 20:26 46440 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-10-24 17:50 . 2012-11-20 13:21 261600 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

2008-04-13 22:21 33280 --sh--r- c:\windows\system32\rundll32.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-22 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 19:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 18:05 650088 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Update Scheduler

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaUpdatecda9

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaUpdatecdr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaUpdatecdx13

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaUpdatecdy13

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sbthost

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 21:03 152872 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-10-04 08:14 8491008 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-10-04 08:14 81920 -c--a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-10-04 08:14 1626112 -c--a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-10-28 09:18 17331200 -c--a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 16:06 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-12-22 10:55 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [06/05/2009 17:26 46440]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/08/2011 16:49 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/08/2011 16:22 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/08/2011 16:22 20568]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [06/05/2009 14:21 280168]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 07:27 29432]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 07:27 29432]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-01 15:43]

.

2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-02-01 15:43]

.

2012-12-13 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{3B826E81-A7A5-4589-9F2E-0786787F153C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{9A57E568-738B-4B8B-BCA7-E8DF69BB6CB6}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.funpec.br/

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=95C0E83001CD3A7300B3F1EB&src_id=30175&camp_id=2937&tb_version=1.2.1000.1(B)

TCP: DhcpNameServer = 10.4.65.16

FF - ProfilePath - c:\documents and settings\f001783\Dados de aplicativos\Mozilla\Firefox\Profiles\x4omsf2y.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-msnmsgr - c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-13 09:07

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21100\Control Panel\Desktop\WindowMetrics]

@DACL=(02 0000)

"BorderWidth"="0"

"CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,

00,00,00,01,00,00,00,00,54,00,72,00,65,00,62,00,75,00,63,00,68,00,65,00,74,\

"CaptionHeight"="-375"

"CaptionWidth"="-270"

"IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"IconSpacing"="-1410"

"IconTitleWrap"="1"

"IconVerticalspacing"="-1125"

"MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"MenuHeight"="-285"

"MenuWidth"="-270"

"MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"ScrollHeight"="-255"

"ScrollWidth"="-255"

"Shell Icon BPP"="16"

"SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,

00,00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\

"SmCaptionHeight"="-255"

"SmCaptionWidth"="-255"

"StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"AppliedDPI"=dword:00000060

"Shell Icon Size"="32"

"MinAnimate"="1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media]

@DACL=(02 0000)

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"107"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"106"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media]

@DACL=(02 0000)

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"105"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media]

@DACL=(02 0000)

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39D9350CFCD18153BBE9C69E85245243\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media]

@DACL=(02 0000)

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media]

@DACL=(02 0000)

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media]

@DACL=(02 0000)

"104"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\55399781A9D2FFB32AEFF88353F1ADAB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5EDEE27DAF3D979329DEF894846ED2F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6BE374011DC2CCB3D99A1D1081FE29FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\7CD6922331248314F9770AC26567A1F7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media]

@DACL=(02 0000)

"107"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media]

@DACL=(02 0000)

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91F4988A8C952D83A857630CCC5EA6B5\SourceList\Media]

@DACL=(02 0000)

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"110"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media]

@DACL=(02 0000)

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BB3686E2280450B3BBC202FE614DDB28\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"112"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media]

@DACL=(02 0000)

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media]

@DACL=(02 0000)

"110"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media]

@DACL=(02 0000)

"106"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media]

@DACL=(02 0000)

"105"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F16A8A03300153E4B9B93FF0ABB44559\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Office Professional Edição 2003"

"217"="Office2003Patch;Office 2003 Patch 15317"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Application Error Reporting"

"1"="OFFICE12;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0CB8AE65157339B4CBD96615CC635EAA\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7449A0400000010\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]

@DACL=(02 0000)

"1"=";"

"2"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217\SourceList\Media]

@DACL=(02 0000)

"1"=";"

"2"=";"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]

@DACL=(02 0000)

"CacheLimit"=dword:00000100

"CachePath"="c:\\Documents and Settings\\mcpd\\Configurações locais\\Temporary Internet Files\\Content.IE5\\Cache1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]

@DACL=(02 0000)

"CacheLimit"=dword:00000100

"CachePath"="c:\\Documents and Settings\\mcpd\\Configurações locais\\Temporary Internet Files\\Content.IE5\\Cache2"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]

@DACL=(02 0000)

"CacheLimit"=dword:00000100

"CachePath"="c:\\Documents and Settings\\mcpd\\Configurações locais\\Temporary Internet Files\\Content.IE5\\Cache3"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]

@DACL=(02 0000)

"CacheLimit"=dword:00000100

"CachePath"="c:\\Documents and Settings\\mcpd\\Configurações locais\\Temporary Internet Files\\Content.IE5\\Cache4"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(976)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

.

Tempo para conclusão: 2012-12-13 09:10:56

ComboFix-quarantined-files.txt 2012-12-13 12:10

.

Pré-execução: 13 pasta(s) 205.654.208.512 bytes disponíveis

Pós execução: 14 pasta(s) 205.852.024.832 bytes disponíveis

.

- - End Of File - - 53C5DA9B4D4388363670076C65162D85

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.12.13.06

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f001783 :: FUN0080 [limitado]

 

13/12/2012 09:25:44

mbam-log-2012-12-13 (09-25-44).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 506902

Tempo decorrido: 4 minuto(s), 57 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 1

C:\WINDOWS\arquivoex.zip (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

----------------xxx---------------------

 

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 15:09:59

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f001783 - FUN0080

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f001783\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\f001770\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\mcpd\Dados de aplicativos\Babylon

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho

Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1

Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin

Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=19741&babsrc=NT_def --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s1].txt - [6680 octets] - [22/10/2012 15:09:59]

 

########## EOF - C:\AdwCleaner[s1].txt - [6740 octets] ##########

 

 

-------------------------------xx-----------------------------

 

# AdwCleaner v2.100 - Logfile created 12/13/2012 at 09:31:11

# Updated 09/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f001783 - FUN0080

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f001783\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[s1].txt - [6809 octets] - [22/10/2012 15:09:59]

AdwCleaner[s2].txt - [639 octets] - [13/12/2012 09:31:11]

 

########## EOF - C:\AdwCleaner[s2].txt - [698 octets] ##########

[DigRam 144]

Olá! Edvan

 

#######

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.c...ion=1.2.1000.1(B)/>/>

#######

 

|- Abra o HijackThis e dê Fix nesta entrada!

 

|- Verifique se o problema foi resolvido.

 

reg query "HKCU\Software\Microsoft\Internet Explorer\SearchURL" > C:\look.txt
notepad C:\look.txt

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-o com o nome: AuConFIE.bat

|- Em tipo de arquivos,escolha "Todos os tipos".

|- Encaminhe-o ao desktop!

|- Execute o batchfile que foi criado e poste o log resultante.

 

A+

[Edvan 30]

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:41:34, on 13/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6980 bytes

[DigRam 144]

Olá! Edvan

 

|- A entrada foi removida.

|- Ainda tens dificuldade ao acessar o BB?

 

A+

[Edvan 30]

Nao agora está tudo ok!! :grin:

 

mais algum procedimento??

[DigRam 144]

Nao agora está tudo ok!! :grin:/>/>

 

mais algum procedimento??

|- Nem digo mais "Olá". rsr...

|- Aplique o DelFix e poste o relatório.

 

Abs!

[Edvan 30]

Nem digo mais "Olá". rsr...

 

Pois é, nem precisa rapaz! hehe. :grin:/>

 

Já está tudo ok, se nao tiver mais nenhum procedimento pode fechar o tópico. :thumbsup:

 

# DelFix v6.2 - Logfile created 12/13/2012 at 11:05:10

# Updated 11/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f001783 - FUN0080

# Running from : C:\Documents and Settings\f001783\Desktop\delfix.exe

# Option [Delete]

 

 

~~~~~~ Folder(s) ~~~~~~

 

Deleted : C:\Qoobox

 

~~~~~~ File(s) ~~~~~~

 

Deleted : C:\HiJackThis.exe

Deleted : C:\hijackthis.log

Deleted : C:\WINDOWS\grep.exe

Deleted : C:\WINDOWS\PEV.exe

Deleted : C:\WINDOWS\NIRCMD.exe

Deleted : C:\WINDOWS\MBR.exe

Deleted : C:\WINDOWS\SED.exe

Deleted : C:\WINDOWS\SWREG.exe

Deleted : C:\WINDOWS\SWSC.exe

Deleted : C:\WINDOWS\SWXCACLS.exe

Deleted : C:\WINDOWS\Zip.exe

 

~~~~~~ Registry ~~~~~~

 

Key Deleted : HKLM\SOFTWARE\AdwCleaner

Key Deleted : HKLM\SOFTWARE\Swearware

Key Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~~~~~~ Other ~~~~~~

 

-> Prefetch Emptied

 

*************************

 

DelFix[s1].txt - [1013 octets] - [13/12/2012 11:05:10]

 

########## EOF - C:\DelFix[s1].txt - [1137 octets] ##########

[DigRam 144]

Tudo Ok?

 

|- O DelFix cumpriu sua função.

|- Log limpo!

 

Abs!

[Edvan 30]

Já está tudo ok, se nao tiver mais nenhum procedimento pode fechar o tópico

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.