Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

sylar_head

[Arquivado] &nbspresultados de sites de busca redirecionam

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

sylar_head    0

sylar_head
Postado

Quando pesquiso em sites de busca como google, bing, etc. e clico nos resultados, estes redirecionam para páginas de advertisings.

 

segue o Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:11:21, on 25/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TrustPort\Antivirus\bin\avcom.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\TrustPort\DiskProtection\bin\tdwatch.exe

C:\Program Files\Common Files\TrustPort\bin\tptray.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Users\Hiago\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\taskeng.exe

C:\Users\Hiago\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Hiago\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files\TrustPort\Antivirus\bin\avcom.exe"

O4 - HKLM\..\Run: [TrustPortDiskProtectionWatchDog] "C:\Program Files\TrustPort\DiskProtection\bin\TDWatch.exe"

O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files\Common Files\TrustPort\Bin\tptray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Google Update] "C:\Users\Hiago\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Dropbox.lnk = Hiago\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Hiago\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avas.exe

O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avss.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: TrustPort Personal GTW (gozer) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\gozer.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: TrustPort Core Service (tpmgma_service) - TrustPort, a.s. - C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe

O23 - Service: TrustPort DataShredder Wipe Service (wipesrv) - TrustPort, a.s. - C:\Program Files\TrustPort\DataShredder\bin\wipesrv.exe

 

--

End of file - 8007 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá sylar_head

 

 

1.

*Baixe o MyUAC e salve-o no desktop

*Execute-o, tecle 4 > [ENTER]

*Feche o programa

 

2.

*Baixe o HelpSecurity e salve-o no desktop

*Execute-o

*Selecione:

Combofix

DDS

GMER

GooredFix

Malwarebytes'Anti-Malware

TDSSKiller

*Clique [Dossier de DL], selecione [Desktop] e clique [OK]

*Clique [sauvegarder] > [OK] > [Telécharger]

*Ao término clique [OK] e feche o HelpSecurity

 

3.

*Execute o DDS e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

 

4.

*Extraia o GMER para o desktop

*Desative temporariamente o antivírus

*Feche todos os programas ativos, MSN, anti-spywares...

*Saia da Internet

*Execute-o

*Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO]

*Na coluna à direita, desmarque a opção []IAT/EAT

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop

*Cole o relatório

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito