Ir ao conteúdo
  • Cadastre-se
lhtrindade

autorun.inf no HD e HD Externo

Recommended Posts

Galera,

Estou com um problema com este malware, "autorun.inf" peguei ele através de um HD externo, e agora não consigo remover ele do HD e nem do HD Externo.

Fui executar o procedimento do link: http://forum.clubedohardware.com.br/leia-antes-postar/597599 porém quando vou iniciar o DDS e o Gmer ele abre e fecha imediatamente, quando eu reinicio o computar ele abre por um momento maior, porém também fecha sem terminar o processo. Fato semelhante acontece com o Penclean e o Malwarebytes.

Bom por isso não consegui nem os logs necessários para vocês ajudarem, não sei como proceder.

Agradeço desde já.

Obs: Vi que já existe um tópico sobre o autorun.inf logo abaixo, porém não consegui inserir este post la.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by NK at 11:10:48 on 2013-08-15

Microsoft Windows 8 Single Language 6.2.9200.0.1252.55.1046.18.5497.4343 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991

uSearch Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991

uDefault_Page_URL = hxxp://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault;

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [Google Update] "C:\Users\NK\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [bb] C:\Users\NK\AppData\Roaming\ad3f\bb.js

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

StartupFolder: C:\Users\NK\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\NK\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\NK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e96.js

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{C5D89A19-6BC9-4EC6-B655-470C8C38A3D9} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{E128E2DA-EE7B-4277-A754-474546DAEB43} : DHCPNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

x64-Run: [startUpManagerPositivo] C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-20 645952]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-20 7168]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-20 165760]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-18 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-18 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-18 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-18 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-10-20 241456]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-10-20 218760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-20 182752]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-20 364416]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-10-20 27792]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-19 342528]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-10-20 2201744]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-18 1030600]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2012-12-18 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-20 332080]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\Drivers\netr7364.sys [2012-6-2 729152]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-18 201304]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-08-14 12:15:36 1889280 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-14 12:15:34 337408 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-14 12:15:34 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-08-14 12:15:34 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-08-14 12:15:33 98304 ----a-w- C:\Windows\System32\apprepsync.dll

2013-08-14 12:15:33 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll

2013-08-14 12:15:33 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll

2013-08-14 12:15:33 68096 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-08-14 12:15:33 124416 ----a-w- C:\Windows\System32\apprepapi.dll

2013-08-13 18:45:36 -------- d-----w- C:\Users\NK\AppData\Roaming\Malwarebytes

2013-08-13 18:45:29 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-13 18:45:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-13 18:45:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-13 18:45:17 -------- d-----w- C:\Users\NK\AppData\Local\Programs

2013-08-13 17:27:26 -------- d-----w- C:\Backup Gava

2013-08-13 17:09:02 -------- d-----w- C:\PenClean

2013-08-13 16:38:50 -------- d-sh--w- C:\Users\NK\AppData\Roaming\ad3f

2013-08-13 16:38:49 -------- d-sh--w- C:\aceea

2013-08-12 12:55:22 -------- d-----w- C:\Users\NK\AppData\Roaming\PCDr

2013-08-09 12:48:57 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin

2013-07-26 17:36:16 -------- d-----w- C:\Users\NK\AppData\Local\ABBYY

2013-07-26 17:34:44 -------- d-----w- C:\ProgramData\ABBYY

2013-07-26 17:34:44 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY

2013-07-26 17:34:44 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint

2013-07-26 17:32:25 -------- d-----w- C:\ProgramData\UDL

2013-07-26 17:31:28 -------- d-----w- C:\Program Files\Epson Software

2013-07-26 17:25:54 118784 ----a-w- C:\Windows\System32\E_ILMHJB.DLL

2013-07-26 17:25:52 88064 ----a-w- C:\Windows\System32\E_IBCBHJB.DLL

2013-07-26 17:25:46 -------- d-----w- C:\ProgramData\EPSON

2013-07-26 17:25:26 -------- d-----w- C:\Program Files (x86)\Epson Software

2013-07-26 17:24:28 464384 ----a-w- C:\Windows\System32\esxw2ud.dll

2013-07-26 17:24:28 13824 ----a-w- C:\Windows\System32\esxcdev.dll

2013-07-26 17:24:28 132560 ----a-w- C:\Windows\System32\esdevapp.exe

2013-07-26 17:24:27 -------- d-----w- C:\Program Files (x86)\epson

2013-07-22 14:45:18 -------- d-----w- C:\Windows\System32\MRT

.

==================== Find3M ====================

.

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-25 12:08:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 12:08:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-25 12:08:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-19 13:54:54 706250 ----a-w- C:\Users\NK\AppData\Roaming\unins000.exe

2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-06-04 12:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-06-04 12:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe

2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe

2013-05-23 23:02:30 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-05-23 22:25:22 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

.

============= FINISH: 11:11:38,42 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Single Language

Boot Device: \Device\HarddiskVolume2

Install Date: 18/12/2012 10:09:10

System Uptime: 15/08/2013 08:45:28 (3 hours ago)

.

Motherboard: Positivo Informatica SA | | POS-EIH61CE

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 921 GiB total, 769,33 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP29: 26/07/2013 14:24:44 - Installed Epson Event Manager

RP30: 05/08/2013 11:59:53 - Ponto de Verificação Agendado

RP31: 12/08/2013 12:06:18 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

ABBYY FineReader 9.0 Sprint

Adobe Reader XI (11.0.03) - Português

AutoCAD 2010 - English

AutoCAD 2010 Language Pack - English

CCleaner

Desinstalar impressora EPSON TX133 TX135 Series

Dropbox

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

Google Chrome

Google Drive

Google Earth

Google Talk Plugin

Google Update Helper

HCM 2000 CD-ROM

HP Deskjet 2050 J510 series Ajuda

HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos

HP Deskjet 2050 J510 series Software básico do dispositivo

HP Photo Creations

HP Update

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Java 7 Update 25

Java Auto Updater

Módulo de Proteção Santander 3.2.0.2

Malwarebytes Anti-Malware versão 1.75.0.1300

McAfee Internet Security

Microsoft Office

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Platform

PowerDVD

Samsung_MonSetup

Shared C Run-time for x64

SketchUp 8

VIA Gerenciador de dispositivo de plataforma

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-15 11:15:13

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB

Running: gmer.exe; Driver: C:\Users\NK\AppData\Local\Temp\uxtorpoc.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files\mcafee.com\agent\mcagent.exe[4684] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fc902c177a 4 bytes [2C, 90, FC, 07]

.text C:\Program Files\mcafee.com\agent\mcagent.exe[4684] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fc902c1782 4 bytes [2C, 90, FC, 07]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [596:604] fffff960009575e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lhtrindade

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Encontra-se instalado em seu sistema dois antivírus (AVs) e dois antispyware (SP):

AV: McAfee Anti-Virus and Anti-Spyware

AV: Windows Defender

SP: McAfee Anti-Virus and Anti-Spyware

SP: Windows Defender

Não é aconselhável ter mais de 1 AV e SP... portanto, desinstale um deles e me avise para podermos dar continuidade ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×