Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
2 participantes
Página 1 de 1
Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Zeus Qua 27 Nov 2013, 16:37
Estou com o mesmo problema de muitos, ao utilizar pen drive no meu notebook, este foi infectado pelo seguinte vírus: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toda vez que uso a internet e acesso alguma página da internet aparece uma mensagem do antivírus Avast informando: uma ameaça foi detectada.
Gostaria da ajuda de vocês para remover este vírus e solucionar meus problemas.
Segue o log ...
Logfile of HijackThis v1.99.1
Scan saved at 15:18:14, on 27/11/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\wscript.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pc\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {64E2F96A-4FE4-4aa8-90B0-2A929AB6AA88} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - (no file)
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
O4 - HKLM\..\Run: [Microsoft] wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Microsoft] wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
O4 - Startup: Microsoft.vbe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A9A317-BA41-46B7-950E-F48A1A162394}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Toda vez que uso a internet e acesso alguma página da internet aparece uma mensagem do antivírus Avast informando: uma ameaça foi detectada.
Gostaria da ajuda de vocês para remover este vírus e solucionar meus problemas.
Segue o log ...
Logfile of HijackThis v1.99.1
Scan saved at 15:18:14, on 27/11/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\wscript.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pc\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {64E2F96A-4FE4-4aa8-90B0-2A929AB6AA88} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - (no file)
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
O4 - HKLM\..\Run: [Microsoft] wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Microsoft] wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
O4 - Startup: Microsoft.vbe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A9A317-BA41-46B7-950E-F48A1A162394}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Zeus- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 27/11/2013
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 16:41
Olá Zeus
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de El desaparecido) e salve-o no Desktop (Área de Trabalho)
*Conecte o pen drive no PC
*Clique com o botão direito do mouse no UsbFix e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Execute-o, clique [Pesquisa] e cole o relatório apresentado
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de El desaparecido) e salve-o no Desktop (Área de Trabalho)*Conecte o pen drive no PC
*Clique com o botão direito do mouse no UsbFix e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Execute-o, clique [Pesquisa] e cole o relatório apresentado
![Wings [In Memoriam]](https://2img.net/u/1712/29/07/67/avatars/414-76.jpg)
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Zeus Qua 27 Nov 2013, 17:12
############################## | UsbFix V 7.152 | [Pesquisa]
Usuário: pc (Administrador) # PC-PC
Atualizado em 20/11/2013 por El Desaparecido - Team SosVirus
Começou em 17:04:14 | 27/11/2013
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
RAM -> [Total : 2038 | Free : 501]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 149 Gb (90 Mb livre - 60%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
H:\ -> Disco removível # 7 Gb (6 Mb livre - 78%) [ALVIN PEN] # FAT32
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 416 |ParentID: 400)
C:\Windows\system32\wininit.exe (ID: 468 |ParentID: 400)
C:\Windows\system32\csrss.exe (ID: 480 |ParentID: 460)
C:\Windows\system32\services.exe (ID: 540 |ParentID: 468)
C:\Windows\system32\winlogon.exe (ID: 564 |ParentID: 460)
C:\Windows\system32\lsass.exe (ID: 592 |ParentID: 468)
C:\Windows\system32\lsm.exe (ID: 604 |ParentID: 468)
C:\Windows\system32\svchost.exe (ID: 696 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 876 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 920 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 948 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1104 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1200 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1316 |ParentID: 540)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1400 |ParentID: 540)
C:\Windows\System32\spoolsv.exe (ID: 1600 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1724 |ParentID: 540)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1792 |ParentID: 540)
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (ID: 1876 |ParentID: 540)
C:\ProgramData\DatacardService\HWDeviceService.exe (ID: 1940 |ParentID: 540)
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (ID: 1984 |ParentID: 540)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (ID: 2016 |ParentID: 540)
C:\Windows\system32\taskhost.exe (ID: 1472 |ParentID: 540)
C:\Windows\system32\Dwm.exe (ID: 1692 |ParentID: 920)
C:\Windows\Explorer.EXE (ID: 1256 |ParentID: 1468)
C:\Windows\system32\taskeng.exe (ID: 2056 |ParentID: 948)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2400 |ParentID: 1940)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 2516 |ParentID: 540)
C:\Program Files\Scpad\scpVista.exe (ID: 2592 |ParentID: 540)
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (ID: 2892 |ParentID: 540)
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (ID: 2924 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 2944 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3012 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3068 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3180 |ParentID: 3068)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 3308 |ParentID: 1256)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID: 3324 |ParentID: 1256)
C:\Windows\System32\wscript.exe (ID: 3444 |ParentID: 1256)
C:\Program Files\Panda USB Vaccine\USBVaccine.exe (ID: 3888 |ParentID: 2316)
C:\Windows\system32\SearchIndexer.exe (ID: 2572 |ParentID: 540)
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (ID: 3476 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3676 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3640 |ParentID: 540)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1416 |ParentID: 696)
C:\Windows\System32\WUDFHost.exe (ID: 2076 |ParentID: 920)
C:\Windows\System32\svchost.exe (ID: 4188 |ParentID: 540)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4336 |ParentID: 540)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4672 |ParentID: 1256)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4832 |ParentID: 696)
C:\Windows\system32\DllHost.exe (ID: 4860 |ParentID: 696)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5112 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5208 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5264 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5276 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5588 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5844 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6124 |ParentID: 4672)
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (ID: 6136 |ParentID: 5844)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 872 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5092 |ParentID: 4672)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 4712 |ParentID: 5216)
C:\Windows\system32\sppsvc.exe (ID: 4868 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 5292 |ParentID: 540)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5748 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4792 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 4288 |ParentID: 5092)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5380 |ParentID: 4672)
C:\Windows\system32\SearchProtocolHost.exe (ID: 5616 |ParentID: 2572)
C:\Windows\system32\SearchFilterHost.exe (ID: 4508 |ParentID: 2572)
C:\UsbFix\Go.exe (ID: 3884 |ParentID: 5684)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
04 - HKLM\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Clownfish] -
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Google Update] - "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Procura genérica |
Presente ! C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Presente ! C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Presente ! H:\Microsoft.vbe
Presente ! H:\TRABALHO AV2 - Filosofia.lnk
Presente ! H:\GALINHA1.lnk
Presente ! H:\GALINHA2.lnk
Presente ! H:\galinha.lnk
Presente ! H:\AUTORUN.INF
################## | Referência de comparação MD5 |
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
################## | Comparação MD5 |
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
################## | Registro |
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Usuário: pc (Administrador) # PC-PC
Atualizado em 20/11/2013 por El Desaparecido - Team SosVirus
Começou em 17:04:14 | 27/11/2013
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
RAM -> [Total : 2038 | Free : 501]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 149 Gb (90 Mb livre - 60%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
H:\ -> Disco removível # 7 Gb (6 Mb livre - 78%) [ALVIN PEN] # FAT32
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 416 |ParentID: 400)
C:\Windows\system32\wininit.exe (ID: 468 |ParentID: 400)
C:\Windows\system32\csrss.exe (ID: 480 |ParentID: 460)
C:\Windows\system32\services.exe (ID: 540 |ParentID: 468)
C:\Windows\system32\winlogon.exe (ID: 564 |ParentID: 460)
C:\Windows\system32\lsass.exe (ID: 592 |ParentID: 468)
C:\Windows\system32\lsm.exe (ID: 604 |ParentID: 468)
C:\Windows\system32\svchost.exe (ID: 696 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 876 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 920 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 948 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1104 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1200 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1316 |ParentID: 540)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1400 |ParentID: 540)
C:\Windows\System32\spoolsv.exe (ID: 1600 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1724 |ParentID: 540)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1792 |ParentID: 540)
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (ID: 1876 |ParentID: 540)
C:\ProgramData\DatacardService\HWDeviceService.exe (ID: 1940 |ParentID: 540)
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (ID: 1984 |ParentID: 540)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (ID: 2016 |ParentID: 540)
C:\Windows\system32\taskhost.exe (ID: 1472 |ParentID: 540)
C:\Windows\system32\Dwm.exe (ID: 1692 |ParentID: 920)
C:\Windows\Explorer.EXE (ID: 1256 |ParentID: 1468)
C:\Windows\system32\taskeng.exe (ID: 2056 |ParentID: 948)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2400 |ParentID: 1940)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 2516 |ParentID: 540)
C:\Program Files\Scpad\scpVista.exe (ID: 2592 |ParentID: 540)
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (ID: 2892 |ParentID: 540)
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (ID: 2924 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 2944 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3012 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3068 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3180 |ParentID: 3068)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 3308 |ParentID: 1256)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (ID: 3324 |ParentID: 1256)
C:\Windows\System32\wscript.exe (ID: 3444 |ParentID: 1256)
C:\Program Files\Panda USB Vaccine\USBVaccine.exe (ID: 3888 |ParentID: 2316)
C:\Windows\system32\SearchIndexer.exe (ID: 2572 |ParentID: 540)
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (ID: 3476 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3676 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 3640 |ParentID: 540)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1416 |ParentID: 696)
C:\Windows\System32\WUDFHost.exe (ID: 2076 |ParentID: 920)
C:\Windows\System32\svchost.exe (ID: 4188 |ParentID: 540)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4336 |ParentID: 540)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4672 |ParentID: 1256)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4832 |ParentID: 696)
C:\Windows\system32\DllHost.exe (ID: 4860 |ParentID: 696)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5112 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5208 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5264 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5276 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5588 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5844 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6124 |ParentID: 4672)
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (ID: 6136 |ParentID: 5844)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 872 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5092 |ParentID: 4672)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 4712 |ParentID: 5216)
C:\Windows\system32\sppsvc.exe (ID: 4868 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 5292 |ParentID: 540)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5748 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4792 |ParentID: 4672)
C:\Users\pc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 4288 |ParentID: 5092)
C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5380 |ParentID: 4672)
C:\Windows\system32\SearchProtocolHost.exe (ID: 5616 |ParentID: 2572)
C:\Windows\system32\SearchFilterHost.exe (ID: 4508 |ParentID: 2572)
C:\UsbFix\Go.exe (ID: 3884 |ParentID: 5684)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
04 - HKLM\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Clownfish] -
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Google Update] - "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Procura genérica |
Presente ! C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Presente ! C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Presente ! H:\Microsoft.vbe
Presente ! H:\TRABALHO AV2 - Filosofia.lnk
Presente ! H:\GALINHA1.lnk
Presente ! H:\GALINHA2.lnk
Presente ! H:\galinha.lnk
Presente ! H:\AUTORUN.INF
################## | Referência de comparação MD5 |
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
################## | Comparação MD5 |
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Presente ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
################## | Registro |
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Zeus- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 27/11/2013
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 17:21
Mantenha conectado o pen drive no PC*Clique com o botão direito do mouse no UsbFix e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Supressão] e cole o relatório apresentado (C:\UsbFix[Clean 1].txt)
*Reinicie o PC
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Zeus Qua 27 Nov 2013, 17:31
############################## | UsbFix V 7.152 | [Supressão]
Usuário: pc (Administrador) # PC-PC
Atualizado em 20/11/2013 por El Desaparecido - Team SosVirus
Começou em 17:23:27 | 27/11/2013
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
RAM -> [Total : 2038 | Free : 535]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 149 Gb (90 Mb livre - 60%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
H:\ -> Disco removível # 7 Gb (6 Mb livre - 78%) [ALVIN PEN] # FAT32
################## | Processos parados |
Parado! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1400 |ParentID: 540)
Parado! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 3308 |ParentID: 1256)
Parado! C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (ID: 5584 |ParentID: 540)
Parado! C:\Windows\System32\rundll32.exe (ID: 112 |ParentID: 696)
Parado! C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (ID: 4932 |ParentID: 540)
Parado! C:\Windows\System32\WUDFHost.exe (ID: 1924 |ParentID: 920)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1340 |ParentID: 540)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 960 |ParentID: 1340)
Parado! C:\Windows\system32\SearchIndexer.exe (ID: 2740 |ParentID: 540)
Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6112 |ParentID: 540)
Parado! C:\Windows\System32\spoolsv.exe (ID: 5816 |ParentID: 540)
Parado! C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (ID: 5512 |ParentID: 540)
Parado! C:\Windows\Explorer.exe (ID: 4088 |ParentID: 3884)
Parado! C:\Windows\system32\NOTEPAD.EXE (ID: 4020 |ParentID: 3884)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4572 |ParentID: 4088)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5808 |ParentID: 4572)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 580 |ParentID: 4572)
Parado! C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (ID: 4644 |ParentID: 580)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1016 |ParentID: 4572)
Parado! C:\Users\pc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 3680 |ParentID: 1016)
Parado! C:\Program Files\Scpad\scpVista.exe (ID: 5380 |ParentID: 540)
Parado! c:\program files\windows defender\MpCmdRun.exe (ID: 2692 |ParentID: 2764)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
04 - HKLM\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Clownfish] -
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Google Update] - "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Procura genérica |
Supprimido ! C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Supprimido ! C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Supprimido ! H:\Microsoft.vbe
Supprimido ! H:\TRABALHO AV2 - Filosofia.lnk
Supprimido ! H:\GALINHA1.lnk
Supprimido ! H:\GALINHA2.lnk
Supprimido ! H:\galinha.lnk
Não supprimido ! H:\AUTORUN.INF
(!) Ficheiros temporários suprimido.
################## | Referência de comparação MD5 |
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
################## | Comparação MD5 |
################## | Registro |
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\F
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{05964155-5f00-11e2-ac57-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{0d082538-1cd9-11e1-8db4-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{1b3904c1-2d82-11e2-b246-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{25104d1f-e9e3-11e0-b702-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{2c8d825c-aff1-11e1-bf00-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{2f0e8263-4f84-11e3-802d-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{4c6e4e9f-5e1f-11e1-a1d1-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{57a07547-4f9f-11e2-b36a-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{5d39a857-e565-11e0-98d6-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{635c5508-5436-11e1-b462-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{7d7608d5-5192-11e1-9232-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{8af8fc20-1e22-11e1-9cc5-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{9a047d66-d971-11e0-855c-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{a4b2ed08-2d16-11e2-8c87-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{aadcc4f6-e138-11e0-9c46-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{aadcc51f-e138-11e0-9c46-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e495b822-d949-11e0-a7ec-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e495b84f-d949-11e0-a7ec-001e101fb45e}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e73b2a95-dd86-11e1-9ffb-0013a984e935}
################## | Listing |
[27/06/2012 - 18:06:37 | D ] C:\## aswSnx private storage
[21/11/2012 - 18:04:23 | SHD ] C:\$Recycle.Bin
[27/11/2013 - 16:42:28 | D ] C:\AdwCleaner
[23/08/2011 - 19:33:19 | D ] C:\Arquivos de Programas
[10/06/2009 - 19:42:20 | N | 24] C:\autoexec.bat
[13/08/2012 - 20:54:00 | D ] C:\b12d1b29691a0777cc58
[10/11/2013 - 18:43:53 | N | 4] C:\cache.dat
[26/11/2013 - 15:44:01 | SHD ] C:\Config.Msi
[10/06/2009 - 19:42:20 | N | 10] C:\config.sys
[14/07/2009 - 02:53:55 | SHD ] C:\Documents and Settings
[20/09/2012 - 15:24:46 | D ] C:\Downloads
[19/02/2012 - 18:38:52 | D ] C:\dsp_sps
[13/08/2012 - 19:58:21 | D ] C:\f50b0013c1f8a32de23d1597925e
[27/11/2013 - 16:54:13 | ASH | 1602887680] C:\hiberfil.sys
[31/10/2013 - 10:32:58 | D ] C:\inetpub
[24/08/2011 - 17:07:54 | D ] C:\Intel
[24/08/2011 - 16:27:30 | N | 0] C:\IO.SYS
[01/08/2013 - 11:59:50 | D ] C:\Joymax
[24/08/2011 - 16:27:30 | N | 0] C:\MSDOS.SYS
[24/08/2011 - 16:33:27 | RHD ] C:\MSOCache
[11/06/2013 - 20:51:39 | D ] C:\output
[27/11/2013 - 16:54:19 | ASH | 2137186304] C:\pagefile.sys
[14/07/2009 - 00:37:05 | D ] C:\PerfLogs
[27/11/2013 - 16:41:45 | D ] C:\Program Files
[27/11/2013 - 16:40:52 | HD ] C:\ProgramData
[23/08/2011 - 19:33:20 | SHD ] C:\Recovery
[29/07/2013 - 21:43:42 | D ] C:\Riot Games
[27/11/2013 - 15:45:05 | SHD ] C:\System Volume Information
[27/11/2013 - 17:27:38 | D ] C:\UsbFix
[27/11/2013 - 17:27:46 | A | 10048] C:\UsbFix [Clean 1] PC-PC.txt
[27/11/2013 - 17:11:12 | N | 10193] C:\UsbFix [Scan 1] PC-PC.txt
[14/08/2012 - 00:03:46 | N | 638] C:\user.js
[31/10/2013 - 11:24:59 | RD ] C:\Users
[24/08/2011 - 17:39:07 | D ] C:\Web cam
[21/11/2013 - 09:16:49 | D ] C:\Windows
[26/11/2013 - 18:59:24 | N | 18392] H:\TRABALHO AV2 - Filosofia.docx
[27/11/2013 - 06:26:08 | D ] H:\Nova pasta
[29/10/2013 - 22:16:00 | N | 273512032] H:\GALINHA1.avi
[30/10/2013 - 11:58:00 | N | 673754604] H:\GALINHA2.avi
[30/10/2013 - 12:23:10 | N | 737576960] H:\galinha.pintadinha.3.avi
[27/11/2013 - 15:39:20 | H | 16] H:\AUTORUN.INF
################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Usuário: pc (Administrador) # PC-PC
Atualizado em 20/11/2013 por El Desaparecido - Team SosVirus
Começou em 17:23:27 | 27/11/2013
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
RAM -> [Total : 2038 | Free : 535]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 149 Gb (90 Mb livre - 60%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
H:\ -> Disco removível # 7 Gb (6 Mb livre - 78%) [ALVIN PEN] # FAT32
################## | Processos parados |
Parado! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1400 |ParentID: 540)
Parado! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 3308 |ParentID: 1256)
Parado! C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (ID: 5584 |ParentID: 540)
Parado! C:\Windows\System32\rundll32.exe (ID: 112 |ParentID: 696)
Parado! C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (ID: 4932 |ParentID: 540)
Parado! C:\Windows\System32\WUDFHost.exe (ID: 1924 |ParentID: 920)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1340 |ParentID: 540)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 960 |ParentID: 1340)
Parado! C:\Windows\system32\SearchIndexer.exe (ID: 2740 |ParentID: 540)
Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6112 |ParentID: 540)
Parado! C:\Windows\System32\spoolsv.exe (ID: 5816 |ParentID: 540)
Parado! C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (ID: 5512 |ParentID: 540)
Parado! C:\Windows\Explorer.exe (ID: 4088 |ParentID: 3884)
Parado! C:\Windows\system32\NOTEPAD.EXE (ID: 4020 |ParentID: 3884)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4572 |ParentID: 4088)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5808 |ParentID: 4572)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 580 |ParentID: 4572)
Parado! C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (ID: 4644 |ParentID: 580)
Parado! C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1016 |ParentID: 4572)
Parado! C:\Users\pc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 3680 |ParentID: 1016)
Parado! C:\Program Files\Scpad\scpVista.exe (ID: 5380 |ParentID: 540)
Parado! c:\program files\windows defender\MpCmdRun.exe (ID: 2692 |ParentID: 2764)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\620272dd-a7fe-411f-bf33-0968d5697288.exe /check
04 - HKLM\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Clownfish] -
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Google Update] - "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\pc\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Procura genérica |
Supprimido ! C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Supprimido ! C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Supprimido ! H:\Microsoft.vbe
Supprimido ! H:\TRABALHO AV2 - Filosofia.lnk
Supprimido ! H:\GALINHA1.lnk
Supprimido ! H:\GALINHA2.lnk
Supprimido ! H:\galinha.lnk
Não supprimido ! H:\AUTORUN.INF
(!) Ficheiros temporários suprimido.
################## | Referência de comparação MD5 |
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> H:\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
################## | Comparação MD5 |
################## | Registro |
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\F
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{05964155-5f00-11e2-ac57-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{0d082538-1cd9-11e1-8db4-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{1b3904c1-2d82-11e2-b246-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{25104d1f-e9e3-11e0-b702-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{2c8d825c-aff1-11e1-bf00-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{2f0e8263-4f84-11e3-802d-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{4c6e4e9f-5e1f-11e1-a1d1-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{57a07547-4f9f-11e2-b36a-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{5d39a857-e565-11e0-98d6-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{635c5508-5436-11e1-b462-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{7d7608d5-5192-11e1-9232-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{8af8fc20-1e22-11e1-9cc5-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{9a047d66-d971-11e0-855c-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{a4b2ed08-2d16-11e2-8c87-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{aadcc4f6-e138-11e0-9c46-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{aadcc51f-e138-11e0-9c46-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e495b822-d949-11e0-a7ec-0013a984e935}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e495b84f-d949-11e0-a7ec-001e101fb45e}
Supprimido ! HKU\S-1-5-21-29957834-3948166730-1670121115-1000\Software\.\.\.\.\Mountpoints2\{e73b2a95-dd86-11e1-9ffb-0013a984e935}
################## | Listing |
[27/06/2012 - 18:06:37 | D ] C:\## aswSnx private storage
[21/11/2012 - 18:04:23 | SHD ] C:\$Recycle.Bin
[27/11/2013 - 16:42:28 | D ] C:\AdwCleaner
[23/08/2011 - 19:33:19 | D ] C:\Arquivos de Programas
[10/06/2009 - 19:42:20 | N | 24] C:\autoexec.bat
[13/08/2012 - 20:54:00 | D ] C:\b12d1b29691a0777cc58
[10/11/2013 - 18:43:53 | N | 4] C:\cache.dat
[26/11/2013 - 15:44:01 | SHD ] C:\Config.Msi
[10/06/2009 - 19:42:20 | N | 10] C:\config.sys
[14/07/2009 - 02:53:55 | SHD ] C:\Documents and Settings
[20/09/2012 - 15:24:46 | D ] C:\Downloads
[19/02/2012 - 18:38:52 | D ] C:\dsp_sps
[13/08/2012 - 19:58:21 | D ] C:\f50b0013c1f8a32de23d1597925e
[27/11/2013 - 16:54:13 | ASH | 1602887680] C:\hiberfil.sys
[31/10/2013 - 10:32:58 | D ] C:\inetpub
[24/08/2011 - 17:07:54 | D ] C:\Intel
[24/08/2011 - 16:27:30 | N | 0] C:\IO.SYS
[01/08/2013 - 11:59:50 | D ] C:\Joymax
[24/08/2011 - 16:27:30 | N | 0] C:\MSDOS.SYS
[24/08/2011 - 16:33:27 | RHD ] C:\MSOCache
[11/06/2013 - 20:51:39 | D ] C:\output
[27/11/2013 - 16:54:19 | ASH | 2137186304] C:\pagefile.sys
[14/07/2009 - 00:37:05 | D ] C:\PerfLogs
[27/11/2013 - 16:41:45 | D ] C:\Program Files
[27/11/2013 - 16:40:52 | HD ] C:\ProgramData
[23/08/2011 - 19:33:20 | SHD ] C:\Recovery
[29/07/2013 - 21:43:42 | D ] C:\Riot Games
[27/11/2013 - 15:45:05 | SHD ] C:\System Volume Information
[27/11/2013 - 17:27:38 | D ] C:\UsbFix
[27/11/2013 - 17:27:46 | A | 10048] C:\UsbFix [Clean 1] PC-PC.txt
[27/11/2013 - 17:11:12 | N | 10193] C:\UsbFix [Scan 1] PC-PC.txt
[14/08/2012 - 00:03:46 | N | 638] C:\user.js
[31/10/2013 - 11:24:59 | RD ] C:\Users
[24/08/2011 - 17:39:07 | D ] C:\Web cam
[21/11/2013 - 09:16:49 | D ] C:\Windows
[26/11/2013 - 18:59:24 | N | 18392] H:\TRABALHO AV2 - Filosofia.docx
[27/11/2013 - 06:26:08 | D ] H:\Nova pasta
[29/10/2013 - 22:16:00 | N | 273512032] H:\GALINHA1.avi
[30/10/2013 - 11:58:00 | N | 673754604] H:\GALINHA2.avi
[30/10/2013 - 12:23:10 | N | 737576960] H:\galinha.pintadinha.3.avi
[27/11/2013 - 15:39:20 | H | 16] H:\AUTORUN.INF
################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Zeus- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 27/11/2013
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 17:40
Desconecte o pen drive Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de OldTimer) e salve-o no Desktop (Área de Trabalho)*Clique com o botão direito do mouse no OTL e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
*Clique [Verificar] e aguarde o término
*Anexe os relatórios OTL.txt e Extras.txt criados no Desktop (Área de Trabalho)
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Zeus Qua 27 Nov 2013, 18:03
Segue os anexos que pediu
Zeus- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 27/11/2013
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 18:28
Execute o OTL, copie e cole as linhas abaixo no espaço abaixo de Exames Personalizados/Correções:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (asukwfjp)
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-29957834-3948166730-1670121115-1000\..\SearchScopes\{5025DF88-505E-45FE-8968-40A9EE4A112D}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
:Files
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c
reg delete HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c
reg delete HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c
:Commands
[emptytemp]
*Clique [Consertar]
*Clique [OK] para reiniciar o PC
*Ao reiniciar, caso o UAC esteja ativado, surgirá uma janela de Aviso de Segurança do Windows perguntando se deseja executar o OTL. Clique [Executar]
*Cole o relatório C:\_OTL\MovedFiles\mêsdiaano_horaminutossegundos.log
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Informe como está o PC
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Zeus Qua 27 Nov 2013, 19:16
All processes killed
========== OTL ==========
Error: No service named ZTEusbser6k was found to stop!
Service\Driver key ZTEusbser6k not found.
File system32\DRIVERS\ZTEusbser6k.sys not found.
Error: No service named ZTEusbnmea was found to stop!
Service\Driver key ZTEusbnmea not found.
File system32\DRIVERS\ZTEusbnmea.sys not found.
Error: No service named ZTEusbmdm6k was found to stop!
Service\Driver key ZTEusbmdm6k not found.
File system32\DRIVERS\ZTEusbmdm6k.sys not found.
Error: No service named XDva401 was found to stop!
Service\Driver key XDva401 not found.
File C:\Windows\system32\XDva401.sys not found.
Error: No service named XDva391 was found to stop!
Service\Driver key XDva391 not found.
File C:\Windows\system32\XDva391.sys not found.
Error: No service named XDva389 was found to stop!
Service\Driver key XDva389 not found.
File C:\Windows\system32\XDva389.sys not found.
Error: No service named VGPU was found to stop!
Service\Driver key VGPU not found.
File System32\drivers\rdvgkmd.sys not found.
Error: No service named tsusbhub was found to stop!
Service\Driver key tsusbhub not found.
File system32\drivers\tsusbhub.sys not found.
Error: No service named Synth3dVsc was found to stop!
Service\Driver key Synth3dVsc not found.
File System32\drivers\synth3dvsc.sys not found.
Error: No service named massfilter was found to stop!
Service\Driver key massfilter not found.
File system32\drivers\massfilter.sys not found.
Error: No service named EagleXNt was found to stop!
Service\Driver key EagleXNt not found.
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Error: No service named asukwfjp was found to stop!
Service\Driver key asukwfjp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}\ not found.
Registry key HKEY_USERS\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5025DF88-505E-45FE-8968-40A9EE4A112D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5025DF88-505E-45FE-8968-40A9EE4A112D}\ not found.
Unable to delete ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} .
========== FILES ==========
< reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c >
A opera‡Æo foi conclu¡da com ˆxito.
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
< reg delete HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c >
Excluir o valor do Registro DealPly (Sim/NÆo)?
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
< reg delete HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c >
Excluir o valor do Registro DealPly (Sim/NÆo)?
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pc
->Temp folder emptied: 92843255 bytes
->Temporary Internet Files folder emptied: 7412334 bytes
->Java cache emptied: 596739 bytes
->FireFox cache emptied: 46106292 bytes
->Google Chrome cache emptied: 8757985 bytes
->Flash cache emptied: 919 bytes
User: Public
User: Todos os Usuários
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 12800 bytes
Windows Temp folder emptied: 69046 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11272013_190946
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
____________________________________________
Fiz o download do java,por hora,a mensagem do alerta anti virus ainda nao apareceu *u*
========== OTL ==========
Error: No service named ZTEusbser6k was found to stop!
Service\Driver key ZTEusbser6k not found.
File system32\DRIVERS\ZTEusbser6k.sys not found.
Error: No service named ZTEusbnmea was found to stop!
Service\Driver key ZTEusbnmea not found.
File system32\DRIVERS\ZTEusbnmea.sys not found.
Error: No service named ZTEusbmdm6k was found to stop!
Service\Driver key ZTEusbmdm6k not found.
File system32\DRIVERS\ZTEusbmdm6k.sys not found.
Error: No service named XDva401 was found to stop!
Service\Driver key XDva401 not found.
File C:\Windows\system32\XDva401.sys not found.
Error: No service named XDva391 was found to stop!
Service\Driver key XDva391 not found.
File C:\Windows\system32\XDva391.sys not found.
Error: No service named XDva389 was found to stop!
Service\Driver key XDva389 not found.
File C:\Windows\system32\XDva389.sys not found.
Error: No service named VGPU was found to stop!
Service\Driver key VGPU not found.
File System32\drivers\rdvgkmd.sys not found.
Error: No service named tsusbhub was found to stop!
Service\Driver key tsusbhub not found.
File system32\drivers\tsusbhub.sys not found.
Error: No service named Synth3dVsc was found to stop!
Service\Driver key Synth3dVsc not found.
File System32\drivers\synth3dvsc.sys not found.
Error: No service named massfilter was found to stop!
Service\Driver key massfilter not found.
File system32\drivers\massfilter.sys not found.
Error: No service named EagleXNt was found to stop!
Service\Driver key EagleXNt not found.
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Error: No service named asukwfjp was found to stop!
Service\Driver key asukwfjp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}\ not found.
Registry key HKEY_USERS\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-29957834-3948166730-1670121115-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5025DF88-505E-45FE-8968-40A9EE4A112D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5025DF88-505E-45FE-8968-40A9EE4A112D}\ not found.
Unable to delete ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} .
========== FILES ==========
< reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c >
A opera‡Æo foi conclu¡da com ˆxito.
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
< reg delete HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c >
Excluir o valor do Registro DealPly (Sim/NÆo)?
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
< reg delete HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v DealPly /c >
Excluir o valor do Registro DealPly (Sim/NÆo)?
C:\Users\pc\Desktop\cmd.bat deleted successfully.
C:\Users\pc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pc
->Temp folder emptied: 92843255 bytes
->Temporary Internet Files folder emptied: 7412334 bytes
->Java cache emptied: 596739 bytes
->FireFox cache emptied: 46106292 bytes
->Google Chrome cache emptied: 8757985 bytes
->Flash cache emptied: 919 bytes
User: Public
User: Todos os Usuários
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 12800 bytes
Windows Temp folder emptied: 69046 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11272013_190946
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
____________________________________________
Fiz o download do java,por hora,a mensagem do alerta anti virus ainda nao apareceu *u*
Zeus- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 27/11/2013
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 19:25
Execute o HijackThis, clique [Do a system scan only], selecione as entradas abaixo e clique [Fix checked]O3 - Toolbar: (no name) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - (no file)
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
*Feche o Hijack
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)*Execute o DelFix, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run]
*Feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txtO PC está limpo...
Um abraço...
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Virus de pendrive <http://pthacker.no-ip.org:8080/is-ready>
por Wings [In Memoriam] Qua 27 Nov 2013, 20:16
CASO RESOLVIDO
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Conteúdo patrocinado
Tópicos semelhantes» vírus em pendrive?
» PC com vírus de pendrive e propagandas
» Virus em pendrive transformando tudo em atalho
» Virus de Pendrive acusado pelo Avast
» pendrive com problema
» PC com vírus de pendrive e propagandas
» Virus em pendrive transformando tudo em atalho
» Virus de Pendrive acusado pelo Avast
» pendrive com problema
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|