Jump to content
Sign in to follow this  
carol2906

[Arquivado] Links estranhos ao postar no facebook

Recommended Posts

Bom dia,

De uns dias pra cá tenho percebido que quando tento postar ou copiar links de download no facebook sempre aparecem com o endereço : https://lookaside.fbsbx.com/

Tem algumas pessoas dizendo que pode ser algum vírus , mas não sei.

Poderiam me ajudar?

 

Segue log do hijack:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:11, on 29/02/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\C2MP\TrayMenu.exe
C:\Users\Not\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe blrun
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\Windows\system32\C2MP\CodecUACManager.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON TX133 TX135 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE /FU "C:\Windows\TEMP\E_S11B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Codec Pack Update Checker] "C:\Windows\system32\C2MP\UpdateChecker.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Not\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Not\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4D013C93135F825B6C898CEE188794F1] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - Startup: Dropbox.lnk = Not\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\System32\C2MP\TrayMenu.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7996 bytes

Share this post


Link to post
Share on other sites
/_ Boa Noite! carol2906 _\


> Baixe: < FRST_Logo.jpg > ( ... by Farbar )


> No banner àcima,é para sistemas 32bits!




> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Sim" >> "Examinar".


4y9giFrI.jpg


> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)


> Como os logs serão extensos,envie-os à Cjoint_Logo.jpg >


EUE4tdb.jpg


> Clique no botão Parcourir...

> Busque o relatório e clique no botão Abrir.

> Clique no botão "Créer le lien Cjoint".

> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.


acrVh6GY.jpg


> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.


Copierlelien_zpsd51f499f.jpg


> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

> Fique atento,pois serão 2 links a serem postados!


A+


Share this post


Link to post
Share on other sites

/_ Boa Tarde! carol2906 _\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... ) -/- C:\Users\Not\Desktop <<

 

start
CloseProcesses:
CHR StartupUrls: Default -> "hxxps://br.search.yahoo.com/?type=888596&fr=yo-yhp-ch","hxxp://www.mystartsearch.com/?type=hp&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164"
CHR DefaultSearchURL: Default -> hxxp://dts.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Ask Search
CHR Extension: (Ask Search) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-04-20]
CHR Extension: (iLivid) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-04-20]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
2015-01-09 17:44 - 2015-01-09 17:44 - 0016559 _____ () C:\Users\Not\AppData\Roaming\unins000.dat
2015-01-09 17:44 - 2015-01-09 17:44 - 0811218 _____ () C:\Users\Not\AppData\Roaming\unins000.exe
2015-01-15 21:55 - 2015-01-15 21:55 - 0016232 _____ () C:\Users\Not\AppData\Roaming\unins001.dat
2015-01-15 21:55 - 2015-01-15 21:55 - 0730322 _____ () C:\Users\Not\AppData\Roaming\unins001.exe
2015-05-14 09:04 - 2015-05-14 09:04 - 0016629 _____ () C:\Users\Not\AppData\Roaming\unins002.dat
2015-05-14 09:04 - 2015-05-14 09:04 - 0815826 _____ () C:\Users\Not\AppData\Roaming\unins002.exe
2015-03-24 13:21 - 2015-03-24 13:21 - 0000292 _____ () C:\Users\Not\AppData\Local\Temp-log.txt
2016-03-01 07:15 - 2016-03-01 07:15 - 00011264 _____ () C:\Users\Not\AppData\Local\Temp\nsmEBE6.tmp\System.dll
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.27.5\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.28.13\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.26.9\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.29.1\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Not\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Not\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Nenhum Arquivo
FirewallRules: [TCP Query User{53FD0D53-63D0-4620-9B00-A708CBCF7856}C:\users\not\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\not\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [uDP Query User{A68F4F71-03C9-426C-8A65-540F4948DD7E}C:\users\not\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\not\appdata\local\popcorn time\node-webkit\popcorn time.exe
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\Windows\System32:C124963F_Bb.gbp
AlternateDataStreams: C:\Windows\System32:C124963F_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
C:\Users\Not\AppData\Local\Temp\atcMedia5941431074910.exe
C:\Users\Not\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpovsj7d.dll
C:\Users\Not\AppData\Local\Temp\GUR15C1.exe
C:\Users\Not\AppData\Local\Temp\GUR9D38.exe
C:\Users\Not\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Not\AppData\Local\Temp\jre-8u65-windows-au.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CreateRestorePoint:
EmptyTemp:
Reboot:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Share this post


Link to post
Share on other sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.