[Resolvido] Navegadores infectados

[Manain 0]

Segue Log para analise, possível infecção:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:55:21, on 27/09/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17280)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Users\Casa das Impressoras\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Casa das Impressoras\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Casa das Impressoras\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.caixa.gov.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

--

End of file - 7738 bytes

[DigRam 144]

Bom Dia! Manain

 

> Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

 

> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

> Execute o ícone do pergaminho. ( ZHPDiag )

 

 

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

 

> Ou acesse: < >

 

> Maiores informações: < |Link| >

 

A+

[Manain 0]

log ZHPdiag postado via joint.com

[DigRam 144]

log ZHPdiag postado via joint.com

Boa Tarde! Manain

 

> O link ao relatório não foi colado aqui.

 

A+

[Manain 0]

Bom dia Digam

 

Foi vacilo meu, desculpe.

 

Segue link

 

http://cjoint.com/14sp/DIEl2POlTKt.htm

[DigRam 144]

Boa Tarde! Manain

 

> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão no Code,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.

 

Script ZHPFix
EmptyTemp
EmptyFlash
FirewallRaz
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbase.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O43 - CFD: 14/08/2014 - 19:43:15 - [] ----D C:\ProgramData\boost_interprocess
O51 - MPSK:{6ff9c475-68b9-11e3-b475-001b24160c36}\AutoRun\command. (...) -- E:\MotorolaDeviceManagerSetup.exe (.not file.)
[HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2]
[HKLM\Software\baidu]    
[HKCU\Software\Baidu Security]    
[HKCU\Software\Baidu]
C:\Windows\system32\drivers\Bfilter.sys
C:\Windows\system32\drivers\Bfmon.sys
C:\Windows\System32\drivers\bnbase.sys
C:\Windows\system32\drivers\bndef.sys
C:\Windows\system32\drivers\Bprotect.sys
ServiceStop:Bfilter
ServiceStop:Bfmon
ServiceStop:Bnbase
ServiceStop:Bndef
ServiceStop:Bprotect

 

> Abra a ferramenta ZHPFix. < >

> Clique IMPORTAÇÃO >> OK.

> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.

> Clique "GO".

> Poste o relatório!

 

A+

[Manain 0]

Boa Noite DigRam

Segue relatório ZHPFix

Rapport de ZHPFix 2014.9.16.7 par Nicolas Coolman, Update du 16/09/2014

Fichier d'export Registre :

Run by Casa das Impressoras at 30/09/2014 20:18:34

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 09s)

========== Estado dos serviços ==========

Bfilter Parado

Bfmon Parado

Bnbase Parado

Bndef Parado

Bprotect Parado

========== Chaves do Registo ==========

ELIMINÉ Driver Key: Bfilter

ELIMINÉ Driver Key: Bfmon

ELIMINÉ Driver Key: Bnbase

ELIMINÉ Driver Key: Bndef

ELIMINÉ Driver Key: Bprotect

ELIMINÉ CLSID MPSK: {6ff9c475-68b9-11e3-b475-001b24160c36}

ELIMINÉ: HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2

ELIMINÉ: HKLM\Software\baidu

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ: HKCU\Software\Baidu

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (None) : {CC630466-873E-4502-B952-D37FAE8F6D3D}

========== Pastas ==========

ELIMINÉ Temporários windows (20)

ELIMINÉ Flash Cookies (0)

ELIMINÉ: C:\ProgramData\boost_interprocess

========== Ficheiros ==========

ELIMINÉ Temporários windows (106) (12.430.734 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Recapitulativo ==========

10 : Chaves do Registo

3 : Valores do Registo

3 : Pastas

2 : Ficheiros

5 : Estado dos serviços

End of clean in 00mn 36s

========== Caminho do ficheiro do relatório ==========

C:\Users\Casa das Impressoras\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/09/2014 20:18:44 [1502]

[DigRam 144]

Boa Noite! Manain

> Baixe: < Adware Removal Tool > ( ... by techsupportall.com )
> Salve-a no desktop!



> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<



> Dê início a verificação,clicando em Scan.



> Ao concluir seu prescan,clique OK.
> Ps: Cada guia irá mostrar o que será removido!



> Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_09_dia_h_min_seg.txt <<

> Poste o relatório!

Abs!

[Manain 0]

DigRam

Bom Dia

Segue abaixo o relatório do Adware Removal Tool v3.9

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9

Time: 2014_10_01_05_14_32

OS: Windows 7 - 32 Bit

Account Name: Casa das Impressoras

U0L0S11

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

[DigRam 144]

• Bom Dia! Manain
• Seus logs estão limpos!
• Caso queira,otimize a memória e registro,com o JetClean.
• Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )

• < Maiores informações! > << Leia aqui!
• Salve-o em local conveniente. ( jetclean-setup.exe )

   

  

• Instale o software,tendo cuidado de desmarcar a instalação de programas afiliados.
• Estando na Guia "1-Click",preferencialmente,vá em "Scan Now".
• Escolha: Scan & Repair

   

  

• Caso queira ver o relatório. ( Configurações >> Relatório )
• Clique "Ver log".
• Tudo ok?

[Manain 0]

Boa noite.

DigRam

 

Muito obrigado, os navegadores não estão mais travando ou deixando de responder.

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.