dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa Noite! Primeiramente quero agradecer ao DigRam por ter me ajudado a resolver um outro problema anteriormente. E agora vou dizer o novo problema que está acontecendo. Ontem ao utilizar um pendrive de um amigo meu PC acabou pegando um vírus, meu Avast acusou autorun.inf e foi detectando um monte, não adiantava excluir que aparecia mais e mais. Aparecia que era no seguinte processo: C:\Windows\System32\wscript.exe Acabei formatando o pendrive mas meu computador ficou infectado, já rodei o Avast normalmente e no boot, e esse vírus aparentemente não é detectado pelo Avast. Também rodei o SUPERAntiSpyware Professional e o mesmo detectou um trojan, que já foi excluído. Sei que o computador ainda está infectado porque após isso começou a aparecer inúmeros ícones do Windows Update na barra de tarefas, e mesmo após excluir esse trojan continua aparecendo. Preciso de ajuda para remover esse vírus, não sei mais que medida tomar. Segue abaixo o log do HijackThis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 22:08:47, on 12/09/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16686)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\DllHost.exeC:\Windows\explorer.exeC:\Windows\system32\SearchFilterHost.exeC:\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.alipay.comO15 - Trusted Zone: http://*.alisoft.comO15 - Trusted Zone: http://*.taobao.comO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5983 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2013 Boa Noite! dieguin11 |- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )|- Salve-o no desktop!|- Siga com sua instalação.|- Desmarque: "Desativar Autorun/AutoPlay automaticamente" -> OK|- Aperte a tecla "Shift" e conecte seu pendrive ao computador!|- Execute o arquivo UsbFix.exe,com um duplo clique.|- Escolha a opção "Suppression".|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )|- Poste,também,HijackThis atualizado. A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa noite, DigRam! Meu Avast detectou o UsbFix como malware, para baixar tive que desabilitar o Avast por um tempo. Ativei o Avast logo após e para executar também terei que desabilitar o Avast, devo continuar? Quando você diz para desmarcar "Desativar Autorun/AutoPlay automaticamente" creio que seja durante a instalação, mas eu não pude faze-lo porque o programa acho que já vem instalado, executei e já apareceu essa última imagem que você mandou. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2013 Boa Noite! dieguin11 |- Desabilite o Avast,mas não insira o pendrive. |- Execute o UsbFix,normalmente,..apenas isso. A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa Noite! DigRam Executei o UsbFix e obtive o seguinte log: ############################## | UsbFix V 7.134 | [supressão]Usuário: Diego (Administrador) # PARTICULAR-PCAtualizado em 06/09/2013 por El DesaparecidoComeçou em 23:21:34 | 12/09/2013Site: http://www.sosvirus.net/Upload Malware: http://www.sosvirus.net/upload_malware.phpContato: eldesaparecido@sosvirus.netPC: INTEL (DG31PR) (X86-based PC)CPU: Intel® Core2 Duo CPU E7400 @ 2.80GHz (2793)RAM -> [Total : 2036 | Free : 835]BIOS: BIOS Date: 10/22/08 19:07:50 Ver: 08.00.10BOOT: Normal bootOS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) # Service Pack 1WB: Windows Internet Explorer 10.0.9200.16686SC: Security Center Service [Enabled]WU: Windows Update Service [Enabled]AV: avast! Internet Security [(!) Disabled | Updated]FW: Windows FireWall Service [Enabled]C:\ (%systemdrive%) -> Disco fixo # 149 Gb (32 Mb livre - 21%) [] # NTFSD:\ -> CD-ROM################## | El Desaparecido Section |HKLM\SOFTWARE | Run : [bCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesHKLM\SOFTWARE | Run : [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiHKLM\SOFTWARE | RunOnce : [] -HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [iDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onbootHKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [ares] - "C:\Program Files\Ares\Ares.exe" -hHKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automountHKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [9d439] - C:\Users\Diego\AppData\Roaming\8b5\9d439.js################## | Processos parados |Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1360)Parado! C:\Program Files\AVAST Software\Avast\afwServ.exe (1412)Parado! C:\Windows\System32\spoolsv.exe (1556)Parado! C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (1668)Parado! C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (1864)Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1968)Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1516)Parado! C:\Windows\system32\SearchIndexer.exe (2520)Parado! C:\Windows\system32\taskhost.exe (2984)Parado! C:\Windows\Explorer.EXE (3240)Parado! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3564)Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3616)Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (628)Parado! C:\Windows\system32\DllHost.exe (2868)Parado! C:\Program Files\Mozilla Firefox\firefox.exe (704)Parado! C:\Program Files\Mozilla Firefox\plugin-container.exe (2436)Parado! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (3384)Parado! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (2072)Parado! C:\Windows\system32\wuauclt.exe (5504)Parado! C:\Program Files\Internet Download Manager\IDMan.exe (4608)Parado! C:\Windows\system32\taskeng.exe (5892)Parado! C:\Windows\system32\SearchProtocolHost.exe (5296)Parado! C:\Windows\system32\SearchFilterHost.exe (3652)################## | Ficheiros # pastas infeciosos |Supprimido ! C:\Users\Diego\AppData\Roaming\8b5\9d439.jsSupprimido ! C:\Users\Diego\AppData\Roaming\8b5(!) Ficheiros temporários suprimido.################## | Registro |Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|9d439Supprimido ! HKCU|njq8################## | Mountpoints2 |################## | Listing |[14/08/2013 - 18:04:38 | SHD ] C:\$RECYCLE.BIN[11/09/2013 - 19:52:13 | D ] C:\8a9f[19/08/2011 - 23:43:55 | D ] C:\Arquivos de Programas[10/06/2009 - 18:42:20 | N | 24] C:\autoexec.bat[19/11/2011 - 10:10:18 | D ] C:\Boot[20/11/2010 - 03:40:08 | RASH | 383786] C:\bootmgr[19/08/2011 - 23:34:10 | N | 8192] C:\BOOTSECT.BAK[12/09/2013 - 22:06:15 | D ] C:\Config.Msi[10/06/2009 - 18:42:20 | N | 10] C:\config.sys[05/01/2012 - 23:10:25 | | 406563] C:\DIBMV[14/07/2009 - 01:53:55 | SHD ] C:\Documents and Settings[12/09/2013 - 17:18:34 | D ] C:\Downloads[20/08/2011 - 15:17:40 | N | 383592] C:\gdrop[12/09/2013 - 20:52:54 | ASH | 1601052672] C:\hiberfil.sys[10/07/2013 - 21:20:20 | N | 0] C:\IO.SYS[10/07/2013 - 21:20:20 | N | 0] C:\MSDOS.SYS[05/09/2011 - 23:05:16 | RHD ] C:\MSOCache[12/09/2013 - 20:52:56 | ASH | 2134736896] C:\pagefile.sys[13/07/2009 - 23:37:05 | D ] C:\PerfLogs[05/09/2013 - 18:03:04 | D ] C:\Program Files[15/08/2013 - 23:30:26 | D ] C:\ProgramData[19/08/2011 - 23:43:56 | D ] C:\Recovery[20/08/2013 - 04:54:56 | D ] C:\scripts[12/09/2013 - 22:05:51 | SHD ] C:\System Volume Information[12/09/2013 - 22:06:14 | D ] C:\Trend Micro[12/09/2013 - 23:23:49 | D ] C:\UsbFix[12/09/2013 - 23:24:05 | A | 5047] C:\UsbFix [Clean 1] PARTICULAR-PC.txt[19/08/2011 - 23:44:04 | D ] C:\Users[12/09/2013 - 20:53:48 | D ] C:\Windows################## | Vaccin |C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)################## | E.O.F | http://www.sosvirus.net | Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2013 Boa Noite! dieguin11|- Baixe: < SEAF > ( ... de C_XX )|- Clique na seta verde,para o download.|- Salve-a no desktop!|- Para Windows Vista ou 7,dê clique direito em SEAF.exe e execute-o como administrador.|- Siga a sequência numérica,em seus procedimentos:|- < 1 > Neste campo,cole a(s) ocorrência(s)...no caso: 9d439.js;c90.js;8b5;njq8|- < 2 > Em "Calculer le checksum",escolha "MD5".|- < 3 > Em "[ Options du registre ]",marque: "Chercher également dans le registre"|- < 4 > Clique em "Lancer la recherche" << Aguarde!|- Ps: Na mensagem,clique em "Non" ou "Não".|- Ao concluir,poste o relatório: C:\SeafLog.txtA+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa noite! DigRam Estou com problemas para postar o log escrito devido ao tamanho, existe alguma forma de fazer upload do arquivo .txt aqui no fórum? Procurei e não encontrei como anexar arquivos na mensagem! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2013 Boa noite! DigRam Estou com problemas para postar o log escrito devido ao tamanho, existe alguma forma de fazer upload do arquivo .txt aqui no fórum? Procurei e não encontrei como anexar arquivos na mensagem! Bom Dia! dieguin11 |- Acesse: < MyFile.tk > |- Ou acesse: < > |- Maiores informações: < |Link| > At+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa Tarde! DigRam Fiz como você pediu e obtive o seguinte log no SEAF: http://myfile.tk/3/SeafLog.txt Não enviei antes uma imagem do que acontece com o Windows Update, segue abaixo: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2013 Boa Tarde! dieguin11|- Baixe: < zoek > ( ... by Smeenk )|- Ou aqui! < zoek.exe >|- Salve-o no desktop!|- Desabilite seu antivírus!|- Para Windows 7,execute zoek.exe como administrador.[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE];r"9d439"=-;rC:\Users\Diego\AppData\Roaming\8b5\9d439.js;fC:\Users\Diego\AppData\Roaming\8b5;fsC:\8a9f;fshijackthis;autoclean;emptyalltemp;|- Copie e cole estas informações,em vermelho,no campo da ferramenta.|- Clique "Run Script". Zoek.exe is running now.Do not start any browser windows, they will be closed automatically.Please wait! This window will close when finished.A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.|- Aceite e/ou confirme o reboot! zoek.hta failed by unknown error.Restart computer, and try again. |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.|- Poste o relatório,que estará em C:\zoek-results.txt <<A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 13, 2013 Boa noite! DigRam Segue abaixo o relatório do Zoek: Zoek.exe Version 4.0.0.4 Updated 11-September-2013Tool run by Diego on 13/09/2013 at 18:44:30,12.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Diego\Desktop\zoek.exe [script inserted]==== System Restore Info ======================13/09/2013 18:58:46 Zoek.exe System Restore Point Created Succesfully.==== Deleting CLSID Registry Keys ========================== Deleting CLSID Registry Values ========================== Deleting Services ========================== Registry Fix Code ======================Windows Registry Editor Version 5.00[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE]"9d439"=-==== Deleting Files \ Folders ======================"C:\Users\Diego\AppData\Roaming\8b5\9d439.js" deleted"C:\Users\Diego\AppData\Roaming\8b5" deleted"C:\Users\Diego\AppData\Roaming\8b5" deleted"C:\8a9f" deleted"C:\ProgramData\boost_interprocess" deleted==== Firefox Extensions ======================ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default- IDM CC - C:\Users\Diego\AppData\Roaming\IDM\idmmzcc5- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF==== Firefox Plugins ======================Profilepath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash101700E93EB905992B518256CB441829 - C:\Users\Diego\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google UpdateABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In875477C2F2E8CCDC10B53E3D3EC2DD28 - C:\Program Files\TradeManager\npAliSSOLogin.dll - AliSSOLogin plugin25E79D55AED57603CDC7028B4ED0191C - C:\Program Files\TradeManager\npwangwang.dll - AliWangWang Plug-In For Firefox and Netscape218A7218BDB4953D6102B502BA60F4B6 - C:\Program Files\TradeManager\nptrademanager.dll - TradeManager Plug-In For Firefox and Netscape0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery5689804A4016EAF199C7FA2E3C88778F - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsjmolcgpienlcieaajfkkdamlngancncm - C:\Program Files\Internet Download Manager\IDMGCExt.crx[19/07/2013 20:46]avast Online Security - Diego - Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiIDM Integration - Diego - Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://fr.msn.com/"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://fr.msn.com/"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{searchCLSID} Unknown Url="Not_Found"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"{AAA2E876-3E99-4549-AB85-C82000A0D1DE} Google Url="http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta="{E7FCE54A-B9B1-4DB9-9C1D-A5F4976C8103} MercadoLivre Url="http://www.mercadolivre.com.br/jm/search?as_word={searchTerms}"{ECAE9BD1-F194-408A-92E0-A9AE9C2A656C} Wikipedia Url="http://pt.wikipedia.org/wiki/Especial:Search?search={searchTerms}&go=Artigo"==== HijackThis Entries ======================R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet ExplorerR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - Default URLSearchHook is missingO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automountO4 - HKCU\..\Run: [9d439] C:\Users\Diego\AppData\Roaming\8b5\9d439.jsO4 - Startup: cb02.jsO4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEO8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe==== Empty IE Cache ======================C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully==== Empty FireFox Cache ======================C:\Users\Diego\AppData\Local\Mozilla\Firefox\Profiles\1zx84nxg.default\Cache emptied successfully==== Empty Chrome Cache ======================C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 14, 2013 Boa Noite! dieguin11|- Abra o HijackThis.|- Clique "Do a system scan only".O4 - HKCU\..\Run: [9d439] C:\Users\Diego\AppData\Roaming\8b5\9d439.jsO4 - Startup: cb02.js|- Marque,àcima,estas entradas que estão em vermelho.|- Após marcá-las,clique "Fix Checked" >> Sim!-/-|- Baixe: < > ( ... by Swearware )|- Salve-o no desktop! ( Área de trabalho! )|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )|- Feche algum programa/arquivo que esteja aberto.|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )|- Ps: Esteja conectado(a) à Internet. <- Importante!|- É preciso estar logado no sistema com privilégios de administrador.|- Execute ComboFix.exe,com um duplo clique.|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!|- Ps: Ficará,portanto,à seu critério optar por sua instalação.|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.|- Abrir-se-á a janela Auto Scan.|- Aguarde a finalização de todas as Etapas.|- Durante o scan,evite utilizar o mouse ou teclado!|- Concluindo,poste: C:\ComboFix.txt "Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão." |- Ao ocorrer este erro,basta reiniciar o computador!|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."At+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 14, 2013 Boa noite! DigRam Executei ComboFix e obtive esse relatório: ComboFix 13-09-14.01 - Diego 14/09/2013 19:40:12.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2036.1089 [GMT -3:00]Executando de: c:\users\Diego\Desktop\ComboFix.exeAV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Diego\AppData\Local\Google\Chrome\User Data\Default\Preferences..(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-14 to 2013-09-14 ))))))))))))))))))))))))))))..2013-09-14 22:46 . 2013-09-14 22:46 -------- d-----w- c:\users\Diego\AppData\Local\temp2013-09-13 22:01 . 2013-09-13 22:02 -------- d-----w- C:\zoek2013-09-13 02:35 . 2013-09-13 02:35 -------- d-----w- c:\program files\SEAF2013-09-13 02:00 . 2013-09-13 02:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BC45969-3D33-4233-94CF-CA36AB9F3BB5}\offreg.dll2013-09-13 01:59 . 2013-09-13 02:24 -------- d-----w- C:\UsbFix2013-09-13 01:06 . 2013-09-13 01:06 388096 ----a-r- c:\users\Diego\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-09-13 01:06 . 2013-09-13 01:06 -------- d-----w- C:\Trend Micro2013-09-12 20:57 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BC45969-3D33-4233-94CF-CA36AB9F3BB5}\mpengine.dll2013-09-12 20:25 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys2013-09-12 20:25 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys2013-09-11 17:39 . 2013-09-12 06:15 -------- d-----w- c:\users\Diego\midnight club 3 dub edition remix ps2 ntscB8842013-09-05 18:57 . 2013-09-05 18:57 -------- d-----w- c:\program files\Alcohol Soft2013-09-05 18:54 . 2013-09-05 18:54 697328 ----a-w- c:\windows\system32\drivers\sptd.sys2013-08-26 19:50 . 2013-09-12 20:36 -------- d-----w- c:\windows\system32\MRT2013-08-26 19:44 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-26 19:43 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll2013-08-26 19:43 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll2013-08-26 19:43 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-26 19:43 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-08-26 19:43 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-26 19:43 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-08-26 19:43 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll2013-08-26 19:43 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-26 19:43 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-26 19:43 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-26 19:43 . 2013-06-15 03:40 918528 ----a-w- c:\windows\system32\rdpcorets.dll2013-08-26 19:43 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2013-08-25 16:40 . 2013-08-30 06:58 -------- d-----w- c:\users\Diego\aTubeCatcher2013-08-21 07:35 . 2013-09-09 19:28 -------- d-----w- c:\users\Diego\Age of Empires II Completo Traduzido2013-08-20 07:54 . 2013-08-20 07:54 -------- d-----w- C:\scripts2013-08-16 02:28 . 2013-08-19 07:15 -------- d-----w- c:\program files\TradeManager...((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-07 07:22 . 2011-08-20 03:11 238872 ------w- c:\windows\system32\MpSigStub.exe2013-08-03 08:27 . 2013-08-03 08:27 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-08-03 08:27 . 2013-08-03 08:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-08-03 08:27 . 2013-08-03 08:26 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-07-18 20:10 . 2013-06-17 06:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-18 20:10 . 2012-07-29 03:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-11 00:46 . 2013-07-11 00:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-11 00:46 . 2013-03-05 17:39 867240 ----a-w- c:\windows\system32\npdeployJava1.dll2013-07-11 00:46 . 2011-11-14 20:23 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-07-04 15:42 . 2013-07-04 15:42 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-07-04 15:42 . 2013-07-04 15:42 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-07-04 15:42 . 2013-07-04 15:42 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-07-04 15:42 . 2013-07-04 15:42 61952 ----a-w- c:\windows\system32\tdc.ocx2013-07-04 15:42 . 2013-07-04 15:42 523264 ----a-w- c:\windows\system32\vbscript.dll2013-07-04 15:42 . 2013-07-04 15:42 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-07-04 15:42 . 2013-07-04 15:42 38400 ----a-w- c:\windows\system32\imgutil.dll2013-07-04 15:42 . 2013-07-04 15:42 361984 ----a-w- c:\windows\system32\html.iec2013-07-04 15:42 . 2013-07-04 15:42 23040 ----a-w- c:\windows\system32\licmgr10.dll2013-07-04 15:42 . 2013-07-04 15:42 185344 ----a-w- c:\windows\system32\elshyph.dll2013-07-04 15:42 . 2013-07-04 15:42 158720 ----a-w- c:\windows\system32\msls31.dll2013-07-04 15:42 . 2013-07-04 15:42 150528 ----a-w- c:\windows\system32\iexpress.exe2013-07-04 15:42 . 2013-07-04 15:42 1441280 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-04 15:42 . 2013-07-04 15:42 138752 ----a-w- c:\windows\system32\wextract.exe2013-07-04 15:42 . 2013-07-04 15:42 137216 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-04 15:42 . 2013-07-04 15:42 12800 ----a-w- c:\windows\system32\mshta.exe2013-07-04 15:42 . 2013-07-04 15:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll2013-07-04 15:41 . 2013-07-04 15:41 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 906240 ----a-w- c:\windows\system32\FntCache.dll2013-07-04 15:41 . 2013-07-04 15:41 604160 ----a-w- c:\windows\system32\d3d10level9.dll2013-07-04 15:41 . 2013-07-04 15:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 417792 ----a-w- c:\windows\system32\WMPhoto.dll2013-07-04 15:41 . 2013-07-04 15:41 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-07-04 15:41 . 2013-07-04 15:41 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 3419136 ----a-w- c:\windows\system32\d2d1.dll2013-07-04 15:41 . 2013-07-04 15:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 293376 ----a-w- c:\windows\system32\dxgi.dll2013-07-04 15:41 . 2013-07-04 15:41 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-04 15:41 . 2013-07-04 15:41 249856 ----a-w- c:\windows\system32\d3d10_1core.dll2013-07-04 15:41 . 2013-07-04 15:41 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll2013-07-04 15:41 . 2013-07-04 15:41 220160 ----a-w- c:\windows\system32\d3d10core.dll2013-07-04 15:41 . 2013-07-04 15:41 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2013-07-04 15:41 . 2013-07-04 15:41 1988096 ----a-w- c:\windows\system32\d3d10warp.dll2013-07-04 15:41 . 2013-07-04 15:41 187392 ----a-w- c:\windows\system32\UIAnimation.dll2013-07-04 15:41 . 2013-07-04 15:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll2013-07-04 15:41 . 2013-07-04 15:41 1158144 ----a-w- c:\windows\system32\XpsPrint.dll2013-07-04 15:41 . 2013-07-04 15:41 1080832 ----a-w- c:\windows\system32\d3d10.dll2013-07-04 15:41 . 2013-07-04 15:41 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-27 09:57 . 2013-07-19 12:06 104928 ----a-w- c:\windows\system32\drivers\idmwfp.sys2013-01-19 07:44 . 2013-01-19 07:44 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll..(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por padrão não são apresentadas.REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-19 3612240]"ares"="c:\program files\Ares\Ares.exe" [2013-07-19 935936]"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968].c:\users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]2013-05-23 01:44 293272 ----a-w- c:\program files\TradeManager\AliIM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2012-05-28 00:44 116648 ----atw- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]2010-11-20 06:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe.R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [x]S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2013-03-13 12112]S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-05-09 204784]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-09-05 697328]S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-05-09 104752]S1 aswKbd;aswKbd; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-05-09 137960]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-21 232512]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc.Conteúdo da pasta 'Tarefas Agendadas'.2013-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3016910884-1348811529-430916093-1001Core.job- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 00:44].2013-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3016910884-1348811529-430916093-1001UA.job- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 00:44]..------- Scan Suplementar -------.IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/FF - ExtSQL: 2013-08-03 05:26; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF..--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001_Classes\CLSID\{4f6d701e-97bc-4628-970a-bc04f58cdfa9}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000009c"Therad"=dword:0000001c"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):07,af,b5,64,2c,8c,9a,fd,2f,dd,8b,93,7d,a2,35,b0,04,bb,8a,37,2e, d5,b3,85,7a,3d,22,0c,5b,05,76,3b,0c,c9,d0,e3,91,26,c6,42,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Tempo para conclusão: 2013-09-14 19:47:56ComboFix-quarantined-files.txt 2013-09-14 22:47.Pré-execução: 35.669.884.928 bytes disponíveisPós execução: 35.481.739.264 bytes disponíveis.- - End Of File - - BEBFFD9860A62EBA9CAD7AF39606D368A36C5E4F47E84449FF07ED3517B43A31 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 15, 2013 Boa Noite! dieguin11 O relatório do ComboFix não mostrou problemas em sua máquina. Poste HijackThis atualizado e informe algum problema que esteja ocorrendo. A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 15, 2013 Boa noite! DigRam O problema que estava acontecendo era só aquele descrito anteriormente devido ao vírus pego ao usar o pendrive. O pendrive em questão eu formatei no mesmo dia que infectou a máquina, desde então ainda não o usei para testar se ainda está infectado. O problema com o "Windows Update" creio que era por causa desse vírus, após realizar todos os passos descritos por você, o problema não aconteceu novamente. Segue abaixo log do HijackThis atualizado: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 00:39:04, on 15/09/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16686)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\Ares\Ares.exeC:\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automountO4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEO8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 5326 bytes Obrigado Abç Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 15, 2013 Bom Dia! dieguin11 : dieguin11, em 15/09/2013, said: O problema que estava acontecendo era só aquele descrito anteriormente devido ao vírus pego ao usar o pendrive. O pendrive em questão eu formatei no mesmo dia que infectou a máquina, desde então ainda não o usei para testar se ainda está infectado. |- Formate,novamente,o pendrive. -/- |- Baixe: |DelFix| ( ... de Xplode ) |- Estando na página,clique na seta verde para o download. |- Salve-a em um local conveniente! ( desktop! ) |- Feche aplicativos que estejam abertos. |- Execute-a! |- Com as 3 checkbox marcadas! |- Clique "Run". |- Poste o relatório! A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 15, 2013 Boa noite! DigRam Formatei o pendrive novamente sem problemas! Segue abaixo relatório o DelFix: # DelFix v10.4 - Logfile created 15/09/2013 at 01:20:47# Updated 19/07/2013 by Xplode# Username : Diego - PARTICULAR-PC# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)~ Removing disinfection tools ...Deleted : C:\QooboxDeleted : C:\USBFixDeleted : C:\CombofixDeleted : C:\Program Files\SEAFDeleted : C:\Program Files\HijackthisDeleted : C:\ComboFix.txtDeleted : C:\SeafLog.txtDeleted : C:\UsbFix [Clean 1] PARTICULAR-PC.txtDeleted : C:\zoek-results.logDeleted : C:\Users\Diego\Desktop\ComboFix.exeDeleted : C:\Users\Diego\Desktop\seaf.exeDeleted : C:\Users\Diego\Desktop\usbfix.exeDeleted : C:\Users\Diego\Desktop\zoek.exeDeleted : C:\Users\Diego\Downloads\HijackThis.msiDeleted : C:\Windows\grep.exeDeleted : C:\Windows\PEV.exeDeleted : C:\Windows\NIRCMD.exeDeleted : C:\Windows\MBR.exeDeleted : C:\Windows\SED.exeDeleted : C:\Windows\SWREG.exeDeleted : C:\Windows\SWSC.exeDeleted : C:\Windows\SWXCACLS.exeDeleted : C:\Windows\Zip.exeDeleted : HKCU\console_combofixbackupDeleted : HKCU\Software\USBFixDeleted : HKLM\SOFTWARE\SwearwareDeleted : HKLM\SOFTWARE\TrendMicro\HijackthisDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEAFDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFixDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exeDeleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStartDeleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.SysDeleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStartDeleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys~ Cleaning system restore ...Deleted : RP #361 [installed HiJackThis | 09/13/2013 01:05:34]Deleted : RP #362 [zoek.exe restore point | 09/13/2013 21:58:29]New restore point created !~ Resetting system settings ... OK########## - EOF - ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 15, 2013 Bom Dia! dieguin11 |- Caso encontre pastas ou atalhos que foram estabelecidos por ferramentas,pode deletar! |- Seus logs estão limpos! |- Bom trabalho! :) Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Setembro 15, 2013 Bom dia! DigRam Após isso tudo, notei que a pasta "Arquivos de Programas" está bloqueada para mim (com um cadeadinho no ícone), quando tento acessar diz que não tenho permissão para isso. Possuo somente um usuário no PC e não fui eu que bloqueou a pasta, talvez seja alguma consequência deste vírus, você saberia me dizer como faço parar desbloquear. A+ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 15, 2013 Bom Dia! dieguin11 |- Baixe: < GrantPerms.zip > ( ... x86 ) (Windows XP ou 7 32 bits)|- Ou: < > ( ... by Farbar )|- Baixe: < GrantPerms64.zip > ( ... x64 ) (Windows 7,64bits)|- Descompacte-o para o disco local! ( C;D;etc... )|- Execute: GrantPerms.exe ou GrantPerms64.exe|- Copie e cole no campo este caminho,em substituição ao indicado: C:\Program Files|- Clique "Unlock" e,ao concluir,clique OK.|- À seguir,clique "List Permissions".|- Poste o relatório: C:\GrantPerms\Perms.txt <<A+ Compartilhar este post Link para o post Compartilhar em outros sites
