Logo Hardware.com.br
HegonFelipe
HegonFelipe Super Participante Registrado
581 Mensagens 46 Curtidas

PC Contaminado com um Worm USB

#1 Por HegonFelipe 16/08/2013 - 11:39
Meu computador está infectado, acho que o coitado está em estado terminal.

Aqui está o log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 11:37:42, on 16/08/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)



Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\Downloads\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brasil-pesquisa.pw/r.asp#

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED

O4 - HKCU\..\Run: [662d] C:\Users\Usuario\AppData\Roaming\70\662d.js

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [INTERNATIONAL] International

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:  

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


Abraços;
pc computador worm contaminado infectado coitado hijackthis v1991 acho
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
16/08/2013 - 11:49
Olá HegonFelipe


veja.png Baixe este arquivo e salve-o no Desktop

*Clique com o botão direito do mouse nele e selecione Imagem

*Reinicie o PC


veja.png Conecte seu pen drive e seu celular no PC


veja.png Baixe o UsbFix (...de El desaparecido) e salve-o no Desktop (Área de Trabalho)

*Execute-o, clique [Pesquisa] e cole o relatório apresentado
HegonFelipe
HegonFelipe Super Participante Registrado
581 Mensagens 46 Curtidas
#3 Por HegonFelipe
16/08/2013 - 12:38
Está aqui. Pen Drive, Celular e HD Externo.



############################## | UsbFix V 7.129 | [Pesquisa]



Usuário: Usuario (Administrador) # USUARIO-PC

Atualizado em 24/06/2013 por El Desaparecido

Começou em 12:32:43 | 16/08/2013



Site: http://sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html

Contato: contact@sosvirus.net



PC: Hewlett-Packard (HP Pavilion g4 Notebook PC      ) (x64-based PC)

CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2501)

RAM -> [Total : 4044 | Free : 2534]

BIOS: InsydeH2O Version 03.61.01F.42

BOOT: Normal boot



OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1

WB: Windows Internet Explorer 9.0.8112.16421



SC: Security Center Service [(!) Disabled]

WU: Windows Update Service [Enabled]

AS: Windows Defender [Enabled | (!) Outdated]

FW: Windows FireWall Service [Enabled]



C:\ (%systemdrive%) -> Disco fixo # 551 Gb (184 Mb livre - 33%) [] # NTFS

D:\ -> Disco fixo # 21 Gb (2 Mb livre - 11%) [Recovery] # NTFS

E:\ -> Disco fixo # 4 Gb (1 Mb livre - 27%) [HP_TOOLS] # FAT32

F:\ -> CD-ROM

G:\ -> Disco removível # 2 Gb (1 Mb livre - 60%) [I5510 - HF] # FAT

H:\ -> CD-ROM

I:\ -> Disco removível # 15 Gb (10 Mb livre - 70%) [] # NTFS

J:\ -> Disco fixo # 596 Gb (241 Mb livre - 40%) [Externo - Hegon] # NTFS

X:\ -> Disco fixo # 20 Gb (19 Mb livre - 100%) [Novo volume] # NTFS



################## | Processos Ativos |



C:\Windows\system32\csrss.exe (440)

C:\Windows\system32\wininit.exe (676)

C:\Windows\system32\csrss.exe (700)

C:\Windows\system32\services.exe (732)

C:\Windows\system32\lsass.exe (760)

C:\Windows\system32\lsm.exe (768)

C:\Windows\system32\svchost.exe (876)

C:\Windows\system32\winlogon.exe (888)

C:\Windows\system32\svchost.exe (992)

C:\Windows\system32\atiesrxx.exe (332)

C:\Windows\System32\svchost.exe (536)

C:\Windows\System32\svchost.exe (564)

C:\Windows\system32\svchost.exe (616)

C:\Program Files\IDT\WDM\STacSV64.exe (424)

C:\Windows\system32\svchost.exe (1168)

C:\Windows\system32\atieclxx.exe (1364)

C:\Windows\system32\svchost.exe (1372)

C:\Windows\system32\WLANExt.exe (1472)

C:\Windows\system32\conhost.exe (1484)

C:\Windows\System32\spoolsv.exe (1616)

C:\Windows\system32\svchost.exe (1676)

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1800)

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (1852)

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1876)

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (1916)

C:\Windows\SysWOW64\PnkBstrA.exe (2012)

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (1092)

C:\Windows\system32\svchost.exe (1300)

C:\Windows\System32\svchost.exe (1600)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1728)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2244)

C:\Windows\system32\svchost.exe (2580)

C:\Windows\system32\taskhost.exe (2748)

C:\Windows\system32\Dwm.exe (2824)

C:\Windows\Explorer.EXE (2864)

C:\Windows\System32\rundll32.exe (2988)

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2388)

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3040)

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2348)

C:\Windows\system32\SearchIndexer.exe (3348)

C:\Windows\system32\taskeng.exe (3708)

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (3740)

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3864)

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3980)

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3084)

C:\Windows\SysWOW64\schtasks.exe (3332)

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2344)

C:\Windows\system32\conhost.exe (2836)

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3528)

C:\Windows\system32\svchost.exe (116)

C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (2532)

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (3460)

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3776)

C:\Windows\system32\sppsvc.exe (3512)

C:\Program Files\Windows Media Player\wmpnetwk.exe (3380)

C:\Windows\system32\wbem\wmiprvse.exe (3228)

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3152)

C:\Windows\System32\WUDFHost.exe (2744)

C:\Windows\system32\wbem\wmiprvse.exe (2608)

C:\Windows\system32\wuauclt.exe (4348)

C:\UsbFix\Go.exe (4840)



################## | El Desaparecido Section |



HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM\SOFTWARE | RunOnce : [] - 

HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 

HKU\S-1-5-21-3308939878-3132465996-936716146-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

HKU\S-1-5-21-3308939878-3132465996-936716146-1000\SOFTWARE | Run : [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-3308939878-3132465996-936716146-1000\SOFTWARE | Run : [662d] - C:\Users\Usuario\AppData\Roaming\70\662d.js



################## | Ficheiros # pastas infeciosos |



Presente ! G:\DCIM.lnk

Presente ! G:\Music.lnk

Presente ! G:\Picture.lnk

Presente ! G:\eBuddy.lnk

Presente ! G:\Theme.lnk

Presente ! G:\Other.lnk

Presente ! G:\system.lnk

Presente ! G:\Sounds.lnk

Presente ! G:\LOST.DIR.lnk

Presente ! G:\Android.lnk

Presente ! G:\download.lnk

Presente ! G:\doodlemobile_platform.lnk

Presente ! G:\com.kosenkov.alarmclock.lnk

Presente ! G:\eBooks.lnk

Presente ! G:\Digital Editions.lnk

Presente ! G:\bluetooth.lnk

Presente ! G:\gameloft.lnk

Presente ! G:\documents.lnk

Presente ! G:\samsungapps.lnk

Presente ! G:\media.lnk

Presente ! G:\CacheImagens.lnk

Presente ! G:\droidhen.lnk

Presente ! G:\openfeint.lnk

Presente ! G:\Images.lnk

Presente ! G:\Videos.lnk

Presente ! G:\prism.lnk

Presente ! G:\layar.lnk

Presente ! G:\dropbox.lnk

Presente ! G:\Others.lnk

Presente ! G:\svox.lnk

Presente ! G:\0Programa.lnk

Presente ! G:\70707\g61.js

Presente ! G:\70707\i6d.js

Presente ! I:\70707\g61.js

Presente ! I:\70707\i6d.js

Presente ! H:\autorun.exe

Presente ! D:\desktop.ini

Presente ! H:\autorun.inf



################## | Registro |



Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Presente ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig



################## | Mountpoints2 |







################## | Vaccin |



(!) Este computador não é vacinada!



################## | E.O.F | http://sosvirus.net |
.:: MontandoBits ::. - Tecnologia & Informação

http://montandobits.com.br/
HegonFelipe
HegonFelipe Super Participante Registrado
581 Mensagens 46 Curtidas
#5 Por HegonFelipe
16/08/2013 - 13:15
Relatório do RogueKiller:



RogueKiller V8.6.5 _x64_ [Aug  5 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/



Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario : Usuario [Privilegios de Admnistrador]

Modo : Verificar -- Data : 08/16/2013 13:13:04

| ARK || FAK || MBR |



¤¤¤ Entradas ruins : 0 ¤¤¤



¤¤¤ Entradas do Registro : 14 ¤¤¤

[RUN][SUSP PATH] HKCU\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [x]) -> ENCONTRADO

[RUN][SUSP PATH] HKUS\S-1-5-21-3308939878-3132465996-936716146-1000\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [x]) -> ENCONTRADO

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> ENCONTRADO

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> ENCONTRADO

[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> ENCONTRADO

[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> ENCONTRADO

[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO



¤¤¤ As tarefas agendadas : 0 ¤¤¤



¤¤¤ entradas de inicialização : 0 ¤¤¤



¤¤¤ Os navegadores da Web : 0 ¤¤¤



¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤



¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤



¤¤¤ Hives externas: ¤¤¤



¤¤¤ Infecção :  ¤¤¤



¤¤¤ Arquivo de Hosts: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts





127.0.0.1       localhost

::1             localhost





¤¤¤ Verificaçao do MBR: ¤¤¤



+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] 0cc3a470099e5e12827d9d8ff5de5095

[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo

1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 564693 Mo

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1156900864 | Size: 45586 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] ef8a2d6e57253d4bb5a5f42edf5c1174

[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584693 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1197860864 | Size: 21523 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo



+++++ PhysicalDrive1: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] 9680a774ae177409046dfa638907d264

[BSP] fd4e8df6458b35eb1a50304af0cc6d4a : Empty MBR Code

Partition table:

User = LL1 ... OK!

Error reading LL2 MBR!



+++++ PhysicalDrive2: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] bc164479126099e852105cd9cb100bb8

[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo

User = LL1 ... OK!

Error reading LL2 MBR!



+++++ PhysicalDrive3: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] b3215b940162d96a1dfd650978953ae5

[BSP] 2a3302e8565b1bd56630db38f6069b4d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 610477 Mo

User = LL1 ... OK!

Error reading LL2 MBR!



Concluido : << RKreport[0]_S_08162013_131304.txt >>
.:: MontandoBits ::. - Tecnologia & Informação

http://montandobits.com.br/
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#6 Por Wings
16/08/2013 - 13:22
veja.png Feche o RogueKiller


veja.png Baixe o Zoek (...de Smeenk) e salve-o no Desktop (Área de Trabalho)

Mantenha conectados o pen drive, o celular e o HD externo

*Clique com o botão direito do mouse no Zoek e selecione Imagem

*Baixe o arquivo anexado, abra-o e cole o seu conteúdo no espaço do Zoek

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Caso a reinicialização do PC seja solicitada, clique [OK]


veja.png Acesse este link

*Clique [Selecionar arquivo...], localize o relatório C:\zoek-results.txt e clique [Abrir]

*Selecione 4 jours e clique [Créer le lien Cjoint]

Imagem

*Cole o link criado ao lado de Le lien a été créé:

Imagem
HegonFelipe
HegonFelipe Super Participante Registrado
581 Mensagens 46 Curtidas
#7 Por HegonFelipe
16/08/2013 - 15:00
Relatório do RogueKiller:



RogueKiller V8.6.5 _x64_ [Aug  5 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/



Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario : Usuario [Privilegios de Admnistrador]

Modo : Remover -- Data : 08/16/2013 13:24:36

| ARK || FAK || MBR |



¤¤¤ Entradas ruins : 0 ¤¤¤



¤¤¤ Entradas do Registro : 13 ¤¤¤

[RUN][SUSP PATH] HKCU\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [x]) -> DELETADO

[RUN][SUSP PATH] HKUS\S-1-5-21-3308939878-3132465996-936716146-1000\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [x]) -> [0x2] O sistema não pode encontrar o arquivo especificado. 

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETADO

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NÃO SELECIONADO

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> NÃO SELECIONADO

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] O sistema não pode encontrar o arquivo especificado. 

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NÃO SELECIONADO

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NÃO SELECIONADO

[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> NÃO SELECIONADO

[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> NÃO SELECIONADO

[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NÃO SELECIONADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÃO SELECIONADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÃO SELECIONADO



¤¤¤ As tarefas agendadas : 0 ¤¤¤



¤¤¤ entradas de inicialização : 0 ¤¤¤



¤¤¤ Os navegadores da Web : 0 ¤¤¤



¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤



¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤



¤¤¤ Hives externas: ¤¤¤



¤¤¤ Infecção :  ¤¤¤



¤¤¤ Arquivo de Hosts: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts





127.0.0.1       localhost

::1             localhost





¤¤¤ Verificaçao do MBR: ¤¤¤



+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] 0cc3a470099e5e12827d9d8ff5de5095

[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo

1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 564693 Mo

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1156900864 | Size: 45586 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] ef8a2d6e57253d4bb5a5f42edf5c1174

[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584693 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1197860864 | Size: 21523 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo



+++++ PhysicalDrive1: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] 9680a774ae177409046dfa638907d264

[BSP] fd4e8df6458b35eb1a50304af0cc6d4a : Empty MBR Code

Partition table:

User = LL1 ... OK!

Error reading LL2 MBR!



+++++ PhysicalDrive2: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] bc164479126099e852105cd9cb100bb8

[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo

User = LL1 ... OK!

Error reading LL2 MBR!



+++++ PhysicalDrive3: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] b3215b940162d96a1dfd650978953ae5

[BSP] 2a3302e8565b1bd56630db38f6069b4d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 610477 Mo

User = LL1 ... OK!

Error reading LL2 MBR!



Concluido : << RKreport[0]_D_08162013_132436.txt >>

RKreport[0]_S_08162013_131304.txt


O log.txt ficou um tanto quanto grande, não consegui anexar e nem colocar no cjoint.com.
.:: MontandoBits ::. - Tecnologia & Informação

http://montandobits.com.br/
HegonFelipe
HegonFelipe Super Participante Registrado
581 Mensagens 46 Curtidas
#9 Por HegonFelipe
16/08/2013 - 16:17
Beleza, aqui está o log.txt



 O volume na unidade C nÆo tem nome.

 O N£mero de S‚rie do Volume ‚ 34DF-D2C0



 Pasta de C:\



01/07/2012  02:17    <DIR>          3a596edab9c07760f4436b

02/05/2012  22:22    <DIR>          AMD

03/08/2013  13:27             1.714 DelFix.txt

09/04/2012  13:27    <DIR>          Driversss

17/05/2013  15:59    <DIR>          f9d7175b3cfb5c61f70a

02/08/2013  18:14               254 folders.txt

15/08/2013  10:21    <DIR>          FRST

01/05/2012  14:41    <DIR>          i68Backups

09/04/2012  11:35    <DIR>          IDE

09/04/2012  13:31    <DIR>          Intel

16/08/2013  16:16                 0 log.txt

09/04/2012  11:34    <DIR>          MSOCache

14/07/2009  00:20    <DIR>          PerfLogs

06/08/2013  16:45    <DIR>          Program Files

15/08/2013  20:53    <DIR>          Program Files (x86)

02/08/2013  16:15    <DIR>          ProgramData

09/04/2012  10:20    <DIR>          Recovery

02/08/2013  23:34    <DIR>          RRPG

16/08/2013  12:36    <DIR>          UsbFix

16/08/2013  12:36             7.250 UsbFix [Scan 1] USUARIO-PC.txt

15/08/2012  19:17    <DIR>          Users

05/07/2012  20:53    <DIR>          wamp

15/08/2013  10:21    <DIR>          Windows

               4 arquivo(s)          9.218 bytes

              19 pasta(s)   197.418.782.720 bytes dispon¡veis
.:: MontandoBits ::. - Tecnologia & Informação

http://montandobits.com.br/
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal