Virus espertos

Mensagem por **DeGenerator** » 24/06/2013 19:06

Olá

Estou com 2 vírus no meu PC, provavelmente malwares. O malwarebyte não detecta eles.

Um seria o site brasil-pesquisa .pw, um site que abre toda vida ao iniciar o PC. Ele não deixa você executar o painel de controle. Se você executar, o windows explorer para de funcionar (barra de baixo), fecha e volta, depois abre o mesmo site.

Outro virus é o autorun.inf, vírus super esperto, vive no meu pen drive. Ele não deixa eu executar nenhum arquivo .exe mais e cria atalhos de pasta no pen drive. Reiniciando o PC temporariamente eu até consegui instalar o Panda USB vacciner, mas o vírus renomeou o nome do próprio arquivo para AUTORUN_.inf para não ser capturado.

O 3° eu consegui retirar, o Lollipop.exe, é um processo-vírus de anúncio, não sei como ele saiu, mais ainda bem né.

Resumindo:

-Não consigo abrir o Painel de controle
-Não consigo abrir arquivos .exe, eles abrem e fecham na hora

Alguém ajuda, não quero formatar meu PC pois já formatei e não quero instalar tudo de novo.

@Edit:

Consegui o Log do Hijackthis ao abrir o PC:

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brasil-pesquisa.pw/r.asp#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://brasil-pesquisa.pw/r.asp#
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Speedy\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\Speedy\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [5f3] C:\Users\Speedy\AppData\Roaming\49224\5f3.js
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: 0376.js
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - DefaultPrefix: http://brasil-pesquisa.pw/r.asp#
O13 - WWW Prefix: http://brasil-pesquisa.pw/r.asp#
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 6828 bytes

Prestem atenção no site Pesquisa Brasil, vírus insuportável.

Mensagem por **BlackHDz** » 24/06/2013 19:19

As vezes o software/antivírus que você usa pra identificar algum vírus pode estar desatualizado e tals... Varia a versão do antivírus que você usa pra detectar também.

O que você poderia fazer, é trocar de antivírus, atualizar o antivírus que você usa, ou no mais extremo dos casos, formatar o computador mesmo...

Lugner · Mensagem por **Lugner** » 24/06/2013 19:22

Notei que no meu PC também cria atalhos em todo pendrive e não apaga... é vírus também?

Mensagem por **DeGenerator** » 24/06/2013 19:37

É vírus sim.

Mas eu não consigo instalar nenhum anti-vírus, não consigo acessar o regedit e não consigo entrar no Painel de Controle, já tenho o avira e o malwarebytes instalado e votlo a repetir, não detectaram nada.

Mensagem por **BlackHDz** » 24/06/2013 20:00

Já que não tem acesso ao regedit, acho que só formatando mesmo...

Mensagem por **DeGenerator** » 24/06/2013 20:11

Consegui executar o Combofix

Ai vai o Log

ComboFix 13-06-24.01 - Speedy 24/06/2013 20:00:01.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3563.2576 [GMT -3:00]
Executando de: c:\users\Speedy\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Speedy\AppData\Local\lollipop
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-24 to 2013-06-24 ))))))))))))))))))))))))))))
.
.
2013-06-24 23:05 . 2013-06-24 23:05 47648 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\0a750.js
2013-06-24 22:10 . 2013-06-24 22:10 -------- d-----w- c:\program files\CCleaner
2013-06-24 22:00 . 2013-06-24 22:57 47648 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\0376.js
2013-06-24 21:55 . 2013-06-24 21:55 -------- d-----w- c:\programdata\Panda Security
2013-06-24 21:55 . 2013-06-24 21:55 -------- d-----w- c:\program files\Panda USB Vaccine
2013-06-23 18:45 . 2013-06-23 18:45 -------- d-----w- c:\program files\dumps
2013-06-23 18:43 . 2013-06-23 18:43 -------- d-----w- c:\program files\Common Files\Steam
2013-06-23 18:43 . 2013-06-24 23:04 -------- d-----w- c:\program files\Steam
2013-06-21 18:09 . 2013-06-21 18:09 -------- d-----w- c:\program files\TeamViewer
2013-06-18 22:15 . 2013-06-18 22:15 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-06-18 16:03 . 2013-06-18 16:03 -------- d-sh--w- c:\program files\562
2013-06-18 15:53 . 2013-06-18 16:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-06-18 15:50 . 2013-06-18 15:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-06-17 00:12 . 2013-06-17 00:12 -------- d-----w- c:\program files\Rockstar Games
2013-06-16 20:10 . 2013-06-16 20:10 -------- d-----w- c:\program files\Common Files\Skype
2013-06-16 20:10 . 2013-06-16 20:10 -------- d-----r- c:\program files\Skype
2013-06-16 20:10 . 2013-06-16 20:10 -------- d-----w- c:\programdata\Skype
2013-06-16 20:10 . 2013-06-16 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-16 20:10 . 2013-06-16 20:10 -------- d-----w- c:\programdata\Malwarebytes
2013-06-16 20:10 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-16 16:42 . 2013-06-16 16:42 -------- d-----w- c:\program files\Enigma Software Group
2013-06-16 16:40 . 2013-06-16 19:31 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-16 16:40 . 2013-06-16 16:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-16 16:36 . 2013-06-16 17:04 -------- d-----w- C:\ongame
2013-06-16 16:26 . 2013-06-16 16:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-06-16 15:31 . 2013-06-16 16:31 -------- d-----w- c:\program files\Rigs of Rods 0.38
2013-06-15 22:55 . 2013-06-15 22:55 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-15 22:33 . 2013-06-15 22:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-15 22:33 . 2013-06-15 22:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-15 22:26 . 2013-06-15 22:27 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-15 22:26 . 2013-06-15 22:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-06-15 21:35 . 2013-06-15 21:35 -------- d-----w- C:\48ea
2013-06-15 16:49 . 2013-06-15 16:49 -------- d-----w- c:\programdata\Avira
2013-06-15 16:49 . 2013-06-15 16:49 -------- d-----w- c:\program files\Avira
2013-06-15 16:49 . 2013-06-15 16:45 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-15 16:49 . 2013-06-15 16:45 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-15 16:49 . 2013-06-15 16:45 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-15 16:19 . 2013-06-11 03:59 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2899756-E608-4EFC-939B-103866389706}\mpengine.dll
2013-06-15 16:19 . 2013-05-02 05:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-15 16:08 . 2013-06-15 16:08 -------- d-----w- c:\program files\Google
2013-06-15 16:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-06-15 16:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-06-15 16:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-06-15 16:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-06-15 16:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-06-15 16:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-06-15 16:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-06-15 16:07 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-15 16:07 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-06-11 21:38 . 2013-06-16 20:08 -------- d-----w- c:\program files\Recuva
2013-06-09 17:00 . 2013-06-15 16:29 -------- d-----w- c:\programdata\FLEXnet
2013-06-09 16:56 . 2013-06-09 16:56 -------- d-----w- c:\windows\system32\Macromed
2013-06-09 16:56 . 2013-06-09 16:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-06-09 16:55 . 2013-06-18 15:52 -------- d-----w- c:\program files\Common Files\Adobe
2013-06-08 22:41 . 2013-06-09 01:23 -------- d-----w- C:\Fraps
2013-06-02 19:32 . 2013-06-08 22:44 -------- d-----w- c:\program files\Grand Theft Auto IV - Episodes From Liberty City
2013-06-02 01:01 . 2013-06-02 01:01 -------- d-sh--w- c:\programdata\SecuROM
2013-06-02 01:01 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-06-02 01:01 . 2009-09-04 20:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-06-02 01:01 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-06-02 01:01 . 2013-06-02 01:01 -------- d-----w- c:\windows\system32\xlive
2013-06-02 01:01 . 2013-06-02 01:01 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-06-02 01:00 . 2006-09-28 19:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2013-06-01 23:54 . 2013-06-01 23:54 -------- d-----w- c:\programdata\ATI
2013-06-01 23:53 . 2013-06-01 23:53 0 ----a-w- c:\windows\ativpsrm.bin
2013-06-01 23:40 . 2013-06-01 23:40 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-06-01 23:40 . 2013-06-01 23:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-06-01 23:40 . 2013-06-01 23:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-06-01 23:37 . 2013-06-01 23:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-06-01 23:37 . 2010-11-16 23:04 101392 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2013-06-01 23:37 . 2010-11-25 13:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2013-06-01 23:37 . 2010-11-25 13:24 52736 ----a-w- c:\windows\system32\coinst.dll
2013-06-01 23:35 . 2013-06-01 23:35 -------- d-----w- c:\program files\My Company Name
2013-06-01 23:25 . 2013-06-01 23:25 -------- d-----w- c:\program files\ATI
2013-06-01 23:16 . 2013-06-05 21:37 -------- d-----w- c:\program files\ATI Technologies
2013-06-01 21:09 . 2013-06-24 04:39 -------- d-----w- C:\VICTOR
2013-06-01 19:57 . 2012-06-25 13:42 15168 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2013-06-01 19:57 . 2013-06-01 19:57 -------- d-----w- c:\programdata\Intel
2013-06-01 19:57 . 2013-06-01 19:57 -------- d-----w- c:\program files\Common Files\postureAgent
2013-06-01 19:57 . 2012-07-02 18:16 55104 ----a-w- c:\windows\system32\drivers\HECI.sys
2013-06-01 19:55 . 2012-04-10 06:40 2193472 ----a-w- c:\windows\system32\FMAPO.dll
2013-06-01 19:55 . 2012-03-08 03:47 95840 ----a-w- c:\windows\system32\AERTARen.dll
2013-06-01 19:55 . 2013-06-16 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2013-06-01 19:55 . 2013-06-01 19:56 -------- d-----w- c:\program files\Realtek
2013-06-01 19:55 . 2012-03-08 03:47 176736 ----a-w- c:\windows\system32\AERTACap.dll
2013-06-01 19:55 . 2013-06-01 19:57 -------- d--h--w- c:\program files\Temp
2013-06-01 19:55 . 2012-05-25 10:06 1706640 ------r- c:\windows\RtlExUpd.dll
2013-06-01 19:55 . 2013-06-01 23:15 -------- d-----w- c:\program files\Common Files\InstallShield
2013-06-01 19:55 . 2013-06-01 19:57 -------- d-----w- c:\program files\Intel
2013-06-01 19:55 . 2012-07-04 02:55 53248 ----a-r- c:\windows\system32\CSVer.dll
2013-06-01 19:55 . 2013-06-01 19:55 -------- d-----w- C:\Intel
2013-06-01 19:53 . 2013-06-01 19:53 -------- d-----w- c:\program files\Microsoft.NET
2013-06-01 19:53 . 2013-06-23 18:43 -------- d-sh--w- c:\windows\Installer
2013-06-01 19:42 . 2013-06-03 00:12 -------- d-----w- c:\users\Speedy
2013-06-01 19:29 . 2013-06-01 19:42 -------- d-----w- c:\windows\Panther
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"5f3"="c:\users\Speedy\AppData\Roaming\49224\5f3.js" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"uTorrent"="c:\users\Speedy\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-15 1045072]
"SearchProtection"="c:\users\Speedy\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-05-22 740712]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-06-15 345312]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
0a750.js [2013-6-24 47648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"= 1
"NoControlPanel"= 1
"NoWindowsUpdate"= 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
"AntiVirusOverride"="1"
"FirewallDisableNotify"="1"
"FirewallOverride"="1"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2012-01-03 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R3 XDva402;XDva402;c:\windows\system32\XDva402.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-06-15 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-01 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-25 176128]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-06-15 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 1435984]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-16 101392]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 18:14 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15 22:57]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-15 16:08]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-15 16:08]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://brasil-pesquisa.pw/r.asp#
mStart Page = hxxp://brasil-pesquisa.pw/r.asp#
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\WScript.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-06-24 20:08:11 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-06-24 23:08
.
Pré-execução: 323.744.452.608 bytes disponíveis
Pós execução: 323.564.769.280 bytes disponíveis
.
- - End Of File - - 1DAA9914C71EDECAB9F74CDAF4FC649C
A36C5E4F47E84449FF07ED3517B43A31

O Combofix não limpou o vírus e o painel de controle continua parando de responder

LoucurasdoPortal · Mensagem por **LoucurasdoPortal** » 24/06/2013 20:55

Cara... vocês estão falando grego. Nunintindi uma palavra!

MarcelloHenrique · Mensagem por **MarcelloHenrique** » 24/06/2013 21:01

Então é esse autorun.inf que está criando pastas em .exe, e quando abertas abrem a biblioteca, (Win 7 stater).
Pena q meu norton expirou licença, e fica criando pastas no pc, menos no HD (Disco local)
O que pode fazer é ocultar as pastas, pq apagar gera novas.
Aq vou tentar desfragmentar o disco.

Mensagem por **DeGenerator** » 24/06/2013 22:48

Amanhã irei filmar todos os problemas para facilitar o entendimento e uma busca por uma solução.

Estou com medo de ser monitorado, roubado e meus arquivos danificados.

@Edit: Consegui parar o virus brasil-pesquisa, mas ainda há restos "mortais" dele. Tive que matar todos os processos dele pelo OTL e o Miniregtool. Agora em vez de abrir brasil-pesquisa .pw, agora abre ftp:// fsquirt. exe/, uma página em branco (trocadilho safadenho, mas isso não vem ao caso). Mas pelo menos também ocultei as pastas "ocultas" do sistema que estavam aparecendo.

Código: Selecionar todos

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{215F7376-8C0A-4549-99B5-1D6607BA3A94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{215F7376-8C0A-4549-99B5-1D6607BA3A94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B25CE00-D365-4590-91D3-FFB448BDD1E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B25CE00-D365-4590-91D3-FFB448BDD1E6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\855e not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoInternetOpenWith not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
File C:\Arquivos de programas\Internet Explorer\h323log.txt not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Alex Negreiros\Dados de aplicativos\93 not found.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Speedy\Downloads\Kit para ***** esses virus!!\cmd.bat deleted successfully.
C:\Users\Speedy\Downloads\Kit para ***** esses virus!!\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\""|"- /E : value set successfully!
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1629
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Speedy
-> No Temporary Internet Files cache folder defined!
 
User: Todos os Usuários
-> No Temporary Internet Files cache folder defined!
 
User: Usuário Padrão
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500643 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 737 bytes
 
Total Files Cleaned = 1,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06242013_232015

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

@EDIT2!! Consigo agora abrir arquivos .exe sem problemas! Também posso entrar no regedit!! Que felicidade! puts

Mas o problema do painel de controle ainda persiste.

3 passos dados!

Quando finalmente resolver 100% o problema, vou postar aqui como resolver

Problema restante:
• Ao abrir o Painel de Controle, o Windows Explorer para de funcionar.

Algum help? :mrgreen:

MarcelloHenrique · Mensagem por **MarcelloHenrique** » 27/07/2013 23:29

Pelo combofix que eu usei, meu PC, assim q iniciado não inicia o Windows Explorer, ficando somente uma tela preta. Graças ao Open Hardware monitor (ativado o run windows startup, iniciar quando com o windows), que tem a opção de salvar um "log" em txt. Até ai tudo bem, mais o Win 7 tem um icone de ajuda, que é util para novos usuarios. Na caixa de pesquisa, pesquiso: Bibliotecas e abro Gerenciando as imagens. O Windows Explorer não iniciou ainda, mais já acesso o pc por completo =D
_____
DeG, istala o Open Hardware monitor, e faz o mesmo q fiz, so q na ajuda pesquisa Painel de controle. Vai abrindo o q ali aparecer, q vc vai encontrar assim: Clique aqui para abrir o painel de controle.
Se não conseguir fazer algo, chama ae que nois ajuda hehe'

Mensagem por **DeGenerator** » 29/07/2013 05:35

DESCOBRI GALERA!!!

Estou tão feliz, pqp!!

Baixem o Trojan Remover, pago mas vale a pena 1000%! Ele analisa todas as DLLs do sistema, coisas desativadas e etc. Detectou 2 trojans que nenhum outro anti-vírus detectou.

Fui em fóruns de remoção de malware e demorou 10 dias pra uma solução e nada. Com um simples vídeo consegui abrir o Painel de controle again!

Só espero que o vírus não desative denovo ://

Fica a dica ai, espero ter ajudado muitos

Cadê o Game

Virus espertos

Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos

Re: Virus espertos