Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

dieguin11

[Resolvido] &nbspVírus após uso de Pendrive

Recommended Posts

Boa Noite! Primeiramente quero agradecer ao DigRam por ter me ajudado a resolver um outro problema anteriormente. E agora vou dizer o novo problema que está acontecendo.

 

Ontem ao utilizar um pendrive de um amigo meu PC acabou pegando um vírus, meu Avast acusou autorun.inf e foi detectando um monte, não adiantava excluir que aparecia mais e mais.

Aparecia que era no seguinte processo: C:\Windows\System32\wscript.exe

 

Acabei formatando o pendrive mas meu computador ficou infectado, já rodei o Avast normalmente e no boot, e esse vírus aparentemente não é detectado pelo Avast. Também rodei o SUPERAntiSpyware Professional e o mesmo detectou um trojan, que já foi excluído.

 

Sei que o computador ainda está infectado porque após isso começou a aparecer inúmeros ícones do Windows Update na barra de tarefas, e mesmo após excluir esse trojan continua aparecendo.

 

Preciso de ajuda para remover esse vírus, não sei mais que medida tomar.

 

Segue abaixo o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:08:47, on 12/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5983 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! dieguin11

 

 

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

UsbFix_Telecharge.jpg

|- Salve-o no desktop!
|- Siga com sua instalação.
|- Desmarque: "Desativar Autorun/AutoPlay automaticamente" -> OK
|- Aperte a tecla "Shift" e conecte seu pendrive ao computador!
|- Execute o arquivo UsbFix.exe,com um duplo clique.

UsbFix_Supprssion.jpg

|- Escolha a opção "Suppression".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )
|- Poste,também,HijackThis atualizado.

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, DigRam!

 

Meu Avast detectou o UsbFix como malware, para baixar tive que desabilitar o Avast por um tempo. Ativei o Avast logo após e para executar também terei que desabilitar o Avast, devo continuar?

 

Quando você diz para desmarcar "Desativar Autorun/AutoPlay automaticamente" creio que seja durante a instalação, mas eu não pude faze-lo porque o programa acho que já vem instalado, executei e já apareceu essa última imagem que você mandou.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! dieguin11

 

|- Desabilite o Avast,mas não insira o pendrive.

|- Execute o UsbFix,normalmente,..apenas isso.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! DigRam

 

Executei o UsbFix e obtive o seguinte log:

 

############################## | UsbFix V 7.134 | [supressão]

Usuário: Diego (Administrador) # PARTICULAR-PC
Atualizado em 06/09/2013 por El Desaparecido
Começou em 23:21:34 | 12/09/2013

Site: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contato: eldesaparecido@sosvirus.net

PC: INTEL (DG31PR) (X86-based PC)
CPU: Intel® Core2 Duo CPU E7400 @ 2.80GHz (2793)
RAM -> [Total : 2036 | Free : 835]
BIOS: BIOS Date: 10/22/08 19:07:50 Ver: 08.00.10
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Internet Security [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (32 Mb livre - 21%) [] # NTFS
D:\ -> CD-ROM

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [bCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [iDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [ares] - "C:\Program Files\Ares\Ares.exe" -h
HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE | Run : [9d439] - C:\Users\Diego\AppData\Roaming\8b5\9d439.js

################## | Processos parados |

Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1360)
Parado! C:\Program Files\AVAST Software\Avast\afwServ.exe (1412)
Parado! C:\Windows\System32\spoolsv.exe (1556)
Parado! C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (1668)
Parado! C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (1864)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1968)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1516)
Parado! C:\Windows\system32\SearchIndexer.exe (2520)
Parado! C:\Windows\system32\taskhost.exe (2984)
Parado! C:\Windows\Explorer.EXE (3240)
Parado! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3564)
Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3616)
Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (628)
Parado! C:\Windows\system32\DllHost.exe (2868)
Parado! C:\Program Files\Mozilla Firefox\firefox.exe (704)
Parado! C:\Program Files\Mozilla Firefox\plugin-container.exe (2436)
Parado! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (3384)
Parado! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (2072)
Parado! C:\Windows\system32\wuauclt.exe (5504)
Parado! C:\Program Files\Internet Download Manager\IDMan.exe (4608)
Parado! C:\Windows\system32\taskeng.exe (5892)
Parado! C:\Windows\system32\SearchProtocolHost.exe (5296)
Parado! C:\Windows\system32\SearchFilterHost.exe (3652)

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Users\Diego\AppData\Roaming\8b5\9d439.js
Supprimido ! C:\Users\Diego\AppData\Roaming\8b5

(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|9d439
Supprimido ! HKCU|njq8

################## | Mountpoints2 |


################## | Listing |

[14/08/2013 - 18:04:38 | SHD ] C:\$RECYCLE.BIN
[11/09/2013 - 19:52:13 | D ] C:\8a9f
[19/08/2011 - 23:43:55 | D ] C:\Arquivos de Programas
[10/06/2009 - 18:42:20 | N | 24] C:\autoexec.bat
[19/11/2011 - 10:10:18 | D ] C:\Boot
[20/11/2010 - 03:40:08 | RASH | 383786] C:\bootmgr
[19/08/2011 - 23:34:10 | N | 8192] C:\BOOTSECT.BAK
[12/09/2013 - 22:06:15 | D ] C:\Config.Msi
[10/06/2009 - 18:42:20 | N | 10] C:\config.sys
[05/01/2012 - 23:10:25 | | 406563] C:\DIBMV
[14/07/2009 - 01:53:55 | SHD ] C:\Documents and Settings
[12/09/2013 - 17:18:34 | D ] C:\Downloads
[20/08/2011 - 15:17:40 | N | 383592] C:\gdrop
[12/09/2013 - 20:52:54 | ASH | 1601052672] C:\hiberfil.sys
[10/07/2013 - 21:20:20 | N | 0] C:\IO.SYS
[10/07/2013 - 21:20:20 | N | 0] C:\MSDOS.SYS
[05/09/2011 - 23:05:16 | RHD ] C:\MSOCache
[12/09/2013 - 20:52:56 | ASH | 2134736896] C:\pagefile.sys
[13/07/2009 - 23:37:05 | D ] C:\PerfLogs
[05/09/2013 - 18:03:04 | D ] C:\Program Files
[15/08/2013 - 23:30:26 | D ] C:\ProgramData
[19/08/2011 - 23:43:56 | D ] C:\Recovery
[20/08/2013 - 04:54:56 | D ] C:\scripts
[12/09/2013 - 22:05:51 | SHD ] C:\System Volume Information
[12/09/2013 - 22:06:14 | D ] C:\Trend Micro
[12/09/2013 - 23:23:49 | D ] C:\UsbFix
[12/09/2013 - 23:24:05 | A | 5047] C:\UsbFix [Clean 1] PARTICULAR-PC.txt
[19/08/2011 - 23:44:04 | D ] C:\Users
[12/09/2013 - 20:53:48 | D ] C:\Windows

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! dieguin11

|- Baixe: < SEAF > ( ... de C_XX )
|- Clique na seta verde,para o download.
|- Salve-a no desktop!
|- Para Windows Vista ou 7,dê clique direito em SEAF.exe e execute-o como administrador.

acyIcF9Y.jpg

|- Siga a sequência numérica,em seus procedimentos:

|- < 1 > Neste campo,cole a(s) ocorrência(s)...no caso: 9d439.js;c90.js;8b5;njq8
|- < 2 > Em "Calculer le checksum",escolha "MD5".
|- < 3 > Em "[ Options du registre ]",marque: "Chercher également dans le registre"
|- < 4 > Clique em "Lancer la recherche" << Aguarde!

|- Ps: Na mensagem,clique em "Non" ou "Não".
|- Ao concluir,poste o relatório: C:\SeafLog.txt

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

Estou com problemas para postar o log escrito devido ao tamanho, existe alguma forma de fazer upload do arquivo .txt aqui no fórum? Procurei e não encontrei como anexar arquivos na mensagem!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

Estou com problemas para postar o log escrito devido ao tamanho, existe alguma forma de fazer upload do arquivo .txt aqui no fórum? Procurei e não encontrei como anexar arquivos na mensagem!

Bom Dia! dieguin11

 

|- Acesse: < MyFile.tk >

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

At+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! dieguin11

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE];r
"9d439"=-;r
C:\Users\Diego\AppData\Roaming\8b5\9d439.js;f
C:\Users\Diego\AppData\Roaming\8b5;fs
C:\8a9f;fs
hijackthis;
autoclean;
emptyalltemp;


|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

Segue abaixo o relatório do Zoek:

 


Zoek.exe Version 4.0.0.4 Updated 11-September-2013
Tool run by Diego on 13/09/2013 at 18:44:30,12.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Diego\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

13/09/2013 18:58:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\SOFTWARE]
"9d439"=-

==== Deleting Files \ Folders ======================

"C:\Users\Diego\AppData\Roaming\8b5\9d439.js" deleted
"C:\Users\Diego\AppData\Roaming\8b5" deleted
"C:\Users\Diego\AppData\Roaming\8b5" deleted
"C:\8a9f" deleted
"C:\ProgramData\boost_interprocess" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default
- IDM CC - C:\Users\Diego\AppData\Roaming\IDM\idmmzcc5
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==== Firefox Plugins ======================

Profilepath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
101700E93EB905992B518256CB441829 - C:\Users\Diego\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
875477C2F2E8CCDC10B53E3D3EC2DD28 - C:\Program Files\TradeManager\npAliSSOLogin.dll - AliSSOLogin plugin
25E79D55AED57603CDC7028B4ED0191C - C:\Program Files\TradeManager\npwangwang.dll - AliWangWang Plug-In For Firefox and Netscape
218A7218BDB4953D6102B502BA60F4B6 - C:\Program Files\TradeManager\nptrademanager.dll - TradeManager Plug-In For Firefox and Netscape
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
5689804A4016EAF199C7FA2E3C88778F - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmolcgpienlcieaajfkkdamlngancncm - C:\Program Files\Internet Download Manager\IDMGCExt.crx[19/07/2013 20:46]

avast Online Security - Diego - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
IDM Integration - Diego - Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AAA2E876-3E99-4549-AB85-C82000A0D1DE} Google Url="http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta="
{E7FCE54A-B9B1-4DB9-9C1D-A5F4976C8103} MercadoLivre Url="http://www.mercadolivre.com.br/jm/search?as_word={searchTerms}"
{ECAE9BD1-F194-408A-92E0-A9AE9C2A656C} Wikipedia Url="http://pt.wikipedia.org/wiki/Especial:Search?search={searchTerms}&go=Artigo"

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [9d439] C:\Users\Diego\AppData\Roaming\8b5\9d439.js
O4 - Startup: cb02.js
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

==== Empty IE Cache ======================

C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Diego\AppData\Local\Mozilla\Firefox\Profiles\1zx84nxg.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! dieguin11

|- Abra o HijackThis.
|- Clique "Do a system scan only".

O4 - HKCU\..\Run: [9d439] C:\Users\Diego\AppData\Roaming\8b5\9d439.js

O4 - Startup: cb02.js


|- Marque,àcima,estas entradas que estão em vermelho.
|- Após marcá-las,clique "Fix Checked" >> Sim!

-/-

|- Baixe: < desktopicon.png > ( ... by Swearware )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

Safe-Mode.jpg

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.

etapas.jpg

|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!
|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

At+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

Executei ComboFix e obtive esse relatório:

 

 

ComboFix 13-09-14.01 - Diego 14/09/2013 19:40:12.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2036.1089 [GMT -3:00]
Executando de: c:\users\Diego\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diego\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-14 to 2013-09-14 ))))))))))))))))))))))))))))
.
.
2013-09-14 22:46 . 2013-09-14 22:46 -------- d-----w- c:\users\Diego\AppData\Local\temp
2013-09-13 22:01 . 2013-09-13 22:02 -------- d-----w- C:\zoek
2013-09-13 02:35 . 2013-09-13 02:35 -------- d-----w- c:\program files\SEAF
2013-09-13 02:00 . 2013-09-13 02:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BC45969-3D33-4233-94CF-CA36AB9F3BB5}\offreg.dll
2013-09-13 01:59 . 2013-09-13 02:24 -------- d-----w- C:\UsbFix
2013-09-13 01:06 . 2013-09-13 01:06 388096 ----a-r- c:\users\Diego\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-13 01:06 . 2013-09-13 01:06 -------- d-----w- C:\Trend Micro
2013-09-12 20:57 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BC45969-3D33-4233-94CF-CA36AB9F3BB5}\mpengine.dll
2013-09-12 20:25 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 20:25 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 17:39 . 2013-09-12 06:15 -------- d-----w- c:\users\Diego\midnight club 3 dub edition remix ps2 ntscB884
2013-09-05 18:57 . 2013-09-05 18:57 -------- d-----w- c:\program files\Alcohol Soft
2013-09-05 18:54 . 2013-09-05 18:54 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-08-26 19:50 . 2013-09-12 20:36 -------- d-----w- c:\windows\system32\MRT
2013-08-26 19:44 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-26 19:43 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-26 19:43 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-26 19:43 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-26 19:43 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-26 19:43 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-26 19:43 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-26 19:43 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-26 19:43 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-26 19:43 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-26 19:43 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-26 19:43 . 2013-06-15 03:40 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2013-08-26 19:43 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-25 16:40 . 2013-08-30 06:58 -------- d-----w- c:\users\Diego\aTubeCatcher
2013-08-21 07:35 . 2013-09-09 19:28 -------- d-----w- c:\users\Diego\Age of Empires II Completo Traduzido
2013-08-20 07:54 . 2013-08-20 07:54 -------- d-----w- C:\scripts
2013-08-16 02:28 . 2013-08-19 07:15 -------- d-----w- c:\program files\TradeManager
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 07:22 . 2011-08-20 03:11 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-03 08:27 . 2013-08-03 08:27 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-03 08:27 . 2013-08-03 08:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-03 08:27 . 2013-08-03 08:26 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-18 20:10 . 2013-06-17 06:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 20:10 . 2012-07-29 03:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 00:46 . 2013-07-11 00:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 00:46 . 2013-03-05 17:39 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-11 00:46 . 2011-11-14 20:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 15:42 . 2013-07-04 15:42 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-04 15:42 . 2013-07-04 15:42 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-04 15:42 . 2013-07-04 15:42 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-04 15:42 . 2013-07-04 15:42 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-04 15:42 . 2013-07-04 15:42 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-04 15:42 . 2013-07-04 15:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-04 15:42 . 2013-07-04 15:42 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-04 15:42 . 2013-07-04 15:42 361984 ----a-w- c:\windows\system32\html.iec
2013-07-04 15:42 . 2013-07-04 15:42 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-04 15:42 . 2013-07-04 15:42 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-04 15:42 . 2013-07-04 15:42 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-04 15:42 . 2013-07-04 15:42 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-04 15:42 . 2013-07-04 15:42 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-04 15:42 . 2013-07-04 15:42 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-04 15:42 . 2013-07-04 15:42 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-04 15:42 . 2013-07-04 15:42 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-04 15:42 . 2013-07-04 15:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-04 15:41 . 2013-07-04 15:41 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-04 15:41 . 2013-07-04 15:41 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-04 15:41 . 2013-07-04 15:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-04 15:41 . 2013-07-04 15:41 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-04 15:41 . 2013-07-04 15:41 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-04 15:41 . 2013-07-04 15:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-04 15:41 . 2013-07-04 15:41 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-04 15:41 . 2013-07-04 15:41 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-04 15:41 . 2013-07-04 15:41 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-04 15:41 . 2013-07-04 15:41 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-04 15:41 . 2013-07-04 15:41 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-04 15:41 . 2013-07-04 15:41 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-04 15:41 . 2013-07-04 15:41 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-04 15:41 . 2013-07-04 15:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-04 15:41 . 2013-07-04 15:41 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-04 15:41 . 2013-07-04 15:41 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-04 15:41 . 2013-07-04 15:41 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-27 09:57 . 2013-07-19 12:06 104928 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-01-19 07:44 . 2013-01-19 07:44 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-19 3612240]
"ares"="c:\program files\Ares\Ares.exe" [2013-07-19 935936]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]
2013-05-23 01:44 293272 ----a-w- c:\program files\TradeManager\AliIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-28 00:44 116648 ----atw- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 06:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2013-03-13 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-05-09 204784]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-09-05 697328]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-05-09 104752]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-05-09 137960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-21 232512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3016910884-1348811529-430916093-1001Core.job
- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 00:44]
.
2013-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3016910884-1348811529-430916093-1001UA.job
- c:\users\Diego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 00:44]
.
.
------- Scan Suplementar -------
.
IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - ExtSQL: 2013-08-03 05:26; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001_Classes\CLSID\{4f6d701e-97bc-4628-970a-bc04f58cdfa9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009c
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):07,af,b5,64,2c,8c,9a,fd,2f,dd,8b,93,7d,a2,35,b0,04,bb,8a,37,2e,
d5,b3,85,7a,3d,22,0c,5b,05,76,3b,0c,c9,d0,e3,91,26,c6,42,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-09-14 19:47:56
ComboFix-quarantined-files.txt 2013-09-14 22:47
.
Pré-execução: 35.669.884.928 bytes disponíveis
Pós execução: 35.481.739.264 bytes disponíveis
.
- - End Of File - - BEBFFD9860A62EBA9CAD7AF39606D368
A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! dieguin11

 

O relatório do ComboFix não mostrou problemas em sua máquina.

Poste HijackThis atualizado e informe algum problema que esteja ocorrendo.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

O problema que estava acontecendo era só aquele descrito anteriormente devido ao vírus pego ao usar o pendrive. O pendrive em questão eu formatei no mesmo dia que infectou a máquina, desde então ainda não o usei para testar se ainda está infectado.

 

O problema com o "Windows Update" creio que era por causa desse vírus, após realizar todos os passos descritos por você, o problema não aconteceu novamente.

 

Segue abaixo log do HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:39:04, on 15/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Ares\Ares.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5326 bytes

 

Obrigado

Abç

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! dieguin11

snapback.png : dieguin11, em 15/09/2013, said:

O problema que estava acontecendo era só aquele descrito anteriormente devido ao vírus pego ao usar o pendrive. O pendrive em questão eu formatei no mesmo dia que infectou a máquina, desde então ainda não o usei para testar se ainda está infectado.

|- Formate,novamente,o pendrive.
-/-
|- Baixe: |DelFix| ( ... de Xplode )
DelFix_SetaVerde.jpg
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
delfix.gif
|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".
|- Poste o relatório!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! DigRam

 

Formatei o pendrive novamente sem problemas!

Segue abaixo relatório o DelFix:

 

# DelFix v10.4 - Logfile created 15/09/2013 at 01:20:47
# Updated 19/07/2013 by Xplode
# Username : Diego - PARTICULAR-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\USBFix
Deleted : C:\Combofix
Deleted : C:\Program Files\SEAF
Deleted : C:\Program Files\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\SeafLog.txt
Deleted : C:\UsbFix [Clean 1] PARTICULAR-PC.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Diego\Desktop\ComboFix.exe
Deleted : C:\Users\Diego\Desktop\seaf.exe
Deleted : C:\Users\Diego\Desktop\usbfix.exe
Deleted : C:\Users\Diego\Desktop\zoek.exe
Deleted : C:\Users\Diego\Downloads\HijackThis.msi
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKCU\Software\USBFix
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEAF
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Cleaning system restore ...

Deleted : RP #361 [installed HiJackThis | 09/13/2013 01:05:34]
Deleted : RP #362 [zoek.exe restore point | 09/13/2013 21:58:29]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! dieguin11

 

|- Caso encontre pastas ou atalhos que foram estabelecidos por ferramentas,pode deletar!

|- Seus logs estão limpos!

|- Bom trabalho! :)

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia! DigRam

 

Após isso tudo, notei que a pasta "Arquivos de Programas" está bloqueada para mim (com um cadeadinho no ícone), quando tento acessar diz que não tenho permissão para isso.

 

Possuo somente um usuário no PC e não fui eu que bloqueou a pasta, talvez seja alguma consequência deste vírus, você saberia me dizer como faço parar desbloquear.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! dieguin11

 

|- Baixe: < GrantPerms.zip > ( ... x86 ) (Windows XP ou 7 32 bits)

|- Ou: < acrv2vz2.jpg > ( ... by Farbar )

|- Baixe: < GrantPerms64.zip > ( ... x64 ) (Windows 7,64bits)
|- Descompacte-o para o disco local! ( C;D;etc... )
|- Execute: GrantPerms.exe ou GrantPerms64.exe

acrXBady.jpg

|- Copie e cole no campo este caminho,em substituição ao indicado: C:\Program Files
|- Clique "Unlock" e,ao concluir,clique OK.
|- À seguir,clique "List Permissions".
|- Poste o relatório: C:\GrantPerms\Perms.txt <<

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.