Ir para conteúdo
Entre para seguir isso  
emgeduardo

Sequestro de navegador: desk365.exe, 22find.com, TrayDownloader.exe

Mensagem Recomendada

Meu firefox travou e notei que estavam sendo instalados alguns programas: desk365.exe, 22find.com, TrayDownloader.exe

também achei instalado v9.

 

Não consigo imaginar a origem do problema pois estava navegando apenas em sites confiáveis.

 

Por gentileza me ajudem a me livrar destes sequestradores de browsers.

 

Eu também gostaria de saber a origem destas invasões para evitar que isto ocorra de novo.

 

Segue abaixo o log to Hijackthis:

 

 

 

 

 

Logfile of HijackThis v1.99.1
Scan saved at 14:00:30, on 2013.01.28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Software Plate\svcgdp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Desk 365\deskSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bacula\bacula-fd.exe
C:\Arquivos de programas\DigitalPersona\Bin\DpHost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\BakBone Software\NetVault\bin\nvpmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\DigitalPersona\Bin\DPFUSMgr.exe
C:\Arquivos de programas\BakBone Software\NetVault\bin\nvstatsmngr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Arquivos comuns\Raxco\Shared\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\DigitalPersona\Bin\DPAgnt.exe
C:\Arquivos de programas\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
C:\Arquivos de programas\ClamWin\bin\ClamTray.exe
C:\Arquivos de programas\ClamSentinel\ClamSentinel.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Arquivos de programas\Samsung\Kies\Kies.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Arquivos de programas\Desk 365\desk365.exe
C:\Arquivos de programas\LaunchMate\LnchMate.exe
C:\Arquivos de programas\Nikon\NkView6\NkvMon.exe
C:\Arquivos de programas\Symmetricom\SymmTime\GeTTime.exe
C:\Arquivos de programas\MagicDisc\MagicDisc.exe
C:\Arquivos de programas\Sysinternals\procexp.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Notepad++\notepad++.exe
C:\WINDOWS\explorer.exe
L:\software\linux\Internet Security\clamav.net\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380643
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380643
O1 - Hosts: ::1 localhost #[iPv6]
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DPAgnt] C:\Arquivos de programas\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Arquivos de programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EvtMgr6] C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NUSB3MON] "C:\Arquivos de programas\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [CheckRun22find_uninstaller] "C:\Documents and Settings\emgeduardo\Dados de aplicativos\CheckRun22find.exe" -c=http://www.22find.com/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380635
O4 - HKLM\..\Run: [ClamTray.exe] "C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ClamSentinel.exe] C:\Arquivos de programas\ClamSentinel\ClamSentinel.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKCU\..\Run: [] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Arquivos de programas\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Arquivos de programas\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Desk 365] C:\Arquivos de programas\Desk 365\desk365.exe /autorun
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O4 - Startup: Process  Explorer.lnk = C:\Arquivos de programas\Sysinternals\procexp.exe
O4 - Global Startup: LaunchMate.lnk = C:\Arquivos de programas\LaunchMate\LnchMate.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Arquivos de programas\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: SymmTime.lnk = C:\Arquivos de programas\Symmetricom\SymmTime\GeTTime.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec antivírus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs:                 
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: DPWLN   - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: LBTWlgn - c:\arquivos de programas\arquivos comuns\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bacula File Backup Service (Bacula-fd) - Unknown owner - C:\Arquivos de programas\Bacula\bacula-fd.exe" /service  -c "C:\Arquivos de programas\Bacula\bacula-fd.conf (file missing)
O23 - Service: Desk 365 service (desksvc) - 337 Technology Limited. - C:\Arquivos de programas\Desk 365\deskSvc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Arquivos de programas\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Arquivos de programas\DigitalPersona\Bin\DpHost.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NetVault Process Manager - Unknown owner - C:/Arquivos de programas/BakBone Software/NetVault/bin/nvpmgr.exe" service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Raxco\Shared\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Business 2013\RpcAgentSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: software services (svcgdp) - Beijing Xing Technology Co., Ltd. - C:\Arquivos de programas\Software Plate\svcgdp.exe
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá até o Painel de Controle/ Programas e Recursos e desinstale o TrayDownloader e o  desk365
 
Siga este Procedimento :
Como remover o 22find de sua Página Inicial e de Pesquisa, de seus  eNavegadores


Depois informe a situação.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

 

Acredito que esteja parcialmente resolvido.

 

Fiz todas as desinstalações manualmente e após isto usei o macecraft jv16 para limpar o registro do windows.

também percebi que havia um v9 instalado e desinstalei.

 

O que mais me intriga é que eu não cliquei em nada no momento em que ocorreu a instalação destes malwares.

 

Eu estava trabalhando no computador ao lado e observei o firefox fechar sozinho e começar a aparecer ícones nas barras de ferramentas.

 

Eu gostaria muito de ter uma ideia da forma como isto pode ter entrado em meu computador para tentar impedir novos ataques.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×