Ir ao conteúdo
  • Cadastre-se
karolz

Virus no computador

Recommended Posts

Meu computador pegou um virus essa tarde (creio que foi de um pendrive) e acabou que todas as pastas deste meu pendrive e do meu hd externo viraram atalhos. Além de que o msconfig não está abrindo, o cmd não está funcionando de acordo, a restauração do sistema também não abriu e o meu antivirus não detectou nada. O sistema do C: em si não é de extrema importancia (claro que se der pra salvar tudo será ótimo), mas os arquivos do meu hd externo são e eu estou morrendo de medo de perder :( O log do gmer ficou grande mas está salvo aqui para caso seja necessário, e ambos os programas foram executados em modo de segurança.

Log DDS

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL

Internet Explorer: 10.0.9200.16660

Run by Karol at 22:41:39 on 2013-09-08

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3327.2460 [GMT -3:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [1760] c:\users\karol\appdata\roaming\017\1760.js

mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"

StartupFolder: c:\users\karol\appdata\roaming\microsoft\windows\start menu\programs\startup\4021.js

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Fazer o download de todos os links usando o IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Fazer o download usando o IDM - c:\program files\internet download manager\IEExt.htm

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{503B72FC-7BBC-4452-9CAF-BEBD6994157D} : DHCPNameServer = 192.168.0.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\karol\appdata\roaming\mozilla\firefox\profiles\0482woyo.default\

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-4-24 50248]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-4-24 41544]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-25 242240]

S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-24 37352]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-4-24 15944]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-4-24 186952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

S2 AntiVirSchedulerService;Avira Agendamento;c:\program files\avira\antivir desktop\sched.exe [2013-4-24 84024]

S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-24 108088]

S2 APNMCP;Serviço de atualização Ask;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-8-29 164816]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-24 84744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-4-24 68168]

S2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-4-24 23624]

S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2013-8-13 8192]

S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]

S2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-4-24 625304]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-26 1343400]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

.

=============== Created Last 30 ================

.

2013-09-08 23:30:23 -------- d-sh--w- c:\users\karol\appdata\roaming\017

2013-09-08 23:30:22 -------- d-sh--w- C:\002

2013-09-06 01:28:38 -------- d-----w- c:\users\karol\appdata\local\calibre-cache

2013-08-15 22:41:08 -------- d-----w- c:\windows\system32\MRT

2013-08-15 19:29:02 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-15 19:29:01 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-15 19:29:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-15 19:29:01 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-15 19:29:01 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-15 19:26:30 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-15 19:26:29 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-15 19:26:29 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-15 19:24:51 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-15 19:24:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-15 19:19:55 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-15 19:19:54 918528 ----a-w- c:\windows\system32\rdpcorets.dll

2013-08-15 19:19:53 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-13 17:24:16 -------- d-----w- c:\users\karol\appdata\roaming\calibre

2013-08-13 16:17:29 8192 ----a-w- c:\windows\system32\srvany.exe

2013-08-13 16:17:29 77824 ----a-w- c:\windows\KMService.exe

2013-08-11 23:01:11 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2013-08-11 23:00:58 -------- d-----w- c:\users\karol\appdata\roaming\dll-files.com

2013-08-11 23:00:52 -------- d-----w- c:\programdata\Logs

2013-08-11 23:00:50 17344 ----a-w- c:\windows\system32\roboot.exe

2013-08-11 23:00:49 -------- d-----w- c:\program files\Dll-Files.com Fixer

.

==================== Find3M ====================

.

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-07-08 21:56:43 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys

.

============= FINISH: 22:42:19,89 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 24/04/2013 20:09:40

System Uptime: 08/09/2013 22:39:15 (0 hours ago)

.

Motherboard: LENOVO | | Tilapia CRB

Processor: AMD Athlon II X2 250 Processor | CPU 1 | 2992/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 53,272 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 130,496 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 983 GiB total, 677,374 GiB free.

H: is FIXED (NTFS) - 896 GiB total, 838,196 GiB free.

I: is CDROM ()

J: is FIXED (NTFS) - 916 GiB total, 558,665 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP60: 07/09/2013 19:52:06 - Installed calibre

RP61: 08/09/2013 20:32:26 - Removed Microsoft Office Professional Plus 2010

.

==== Installed Programs ======================

.

Adobe Flash Player ActiveX

Adobe Reader XI (11.0.03) - Português

Aegisub 3.0.2

AIMP3

Ask Shopping Toolbar

Ask Toolbar

µTorrent

aTube Catcher

Avira Free Antivirus

calibre

DAEMON Tools Lite

Dll-Files Fixer

EA Download Manager

EaseUS Todo Backup Free 5.8

FormatFactory 3.1.1

Google Chrome

Google Update Helper

High-Definition Video Playback

Internet Download Manager

K-Lite Mega Codec Pack 9.8.5

League of Legends

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Creative CollectionPack 1

Nero 10 Kwik Themes 3

Nero 10 Kwik Themes 4

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero 10 PiP EffectPack 1

Nero 10 Video TransitionPack 1

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Kwik Media

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

NeroKwikMedia Help (CHM)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pando Media Booster

Pandora Service

PhotoScape

Plants vs Zombies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

The KMPlayer (remove only)

The Sims™ 3

The Sims™ 3 Volta ao Mundo

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, eu desinstalei meu antivirus antigo e instalei o G Data que me falaram ser muito bom, scaneei e ele achou dois virus. Como eu não sei se eram os mesmos, então achei melhor fazer um check up com vocês de qualquer maneira. Obrigada desde já pela ajuda e tá aqui os logs. O do Gmer, como eu disse antes, ficou bem grande então não vou postar de imediato tá?

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660

Run by Karol at 19:02:52 on 2013-09-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3327.2282 [GMT -3:00]

.

AV: G Data InternetSecurity 2012 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

SP: G Data InternetSecurity 2012 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\G Data\GDScan\GDScan.exe

C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Windows\system32\srvany.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

C:\Windows\KMService.exe

C:\Windows\system32\conhost.exe

C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe

C:\Windows\System32\vds.exe

C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe

C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\PANDORA.TV\PanService\PanProcess.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\internetsecurity\webfilter\AvkWebIE.dll

BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - c:\program files\common files\g data\avkproxy\BanksafeBHO.dll

TB: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\internetsecurity\webfilter\AvkWebIE.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

mRun: [G Data AntiVirus Tray Application] c:\program files\g data\internetsecurity\avktray\AVKTray.exe

mRun: [GDFirewallTray] c:\program files\g data\internetsecurity\firewall\GDFirewallTray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Fazer o download de todos os links usando o IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Fazer o download usando o IDM - c:\program files\internet download manager\IEExt.htm

TCP: NameServer = 8.8.8.8 177.66.120.31

TCP: Interfaces\{503B72FC-7BBC-4452-9CAF-BEBD6994157D} : DHCPNameServer = 8.8.8.8 177.66.120.31

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\karol\appdata\roaming\mozilla\firefox\profiles\0482woyo.default\

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-4-24 50248]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-4-24 41544]

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-9-11 40312]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-25 242240]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-4-24 15944]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-4-24 186952]

R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-9-11 79608]

R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2013-9-11 54648]

R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2013-9-11 30416]

R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-9-11 40312]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2011-8-10 1499656]

R2 AVKService;G Data Programador;c:\program files\g data\internetsecurity\avk\AVKService.exe [2011-8-10 464392]

R2 AVKWCtl;G Data Sentinela AntiVirus;c:\program files\g data\internetsecurity\avk\AVKWCtl.exe [2011-7-28 1454304]

R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-4-24 68168]

R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-4-24 23624]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-2-21 100216]

R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-8-13 8192]

R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-4-24 625304]

R3 GDFwSvc;G Data Personal Firewall;c:\program files\g data\internetsecurity\firewall\GDFwSvc.exe [2011-8-10 1613424]

R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-9-11 49016]

R3 GDScan;G Data Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2011-8-10 448008]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2013-9-11 29560]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-26 1343400]

.

=============== Created Last 30 ================

.

2013-09-12 02:16:30 -------- d-----w- c:\users\karol\appdata\local\G DATA

2013-09-12 01:09:06 30416 ----a-w- c:\windows\system32\drivers\GRD.sys

2013-09-12 00:19:03 49016 ----a-w- c:\windows\system32\drivers\PktIcpt.sys

2013-09-12 00:18:47 218104 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll

2013-09-12 00:18:47 212472 ----a-w- c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF2.dll

2013-09-12 00:18:46 51192 ----a-w- c:\program files\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\components\BanksafeXPCOM.dll

2013-09-12 00:18:41 40312 ----a-w- c:\windows\system32\drivers\HookCentre.sys

2013-09-12 00:18:40 79608 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2013-09-12 00:18:40 40312 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2013-09-12 00:18:38 29560 ----a-w- c:\windows\system32\drivers\GdNetMon32.sys

2013-09-12 00:18:34 54648 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys

2013-09-12 00:18:15 -------- d-----w- c:\programdata\G DATA

2013-09-12 00:18:15 -------- d-----w- c:\program files\G Data

2013-09-12 00:18:15 -------- d-----w- c:\program files\common files\G Data

2013-09-12 00:17:08 -------- d-----w- c:\users\karol\appdata\local\Downloaded Installations

2013-09-11 23:15:13 -------- d-----w- c:\windows\system32\appmgmt

2013-09-08 23:30:23 -------- d-sh--w- c:\users\karol\appdata\roaming\017

2013-09-08 23:30:22 -------- d-sh--w- C:\002

2013-09-06 01:28:38 -------- d-----w- c:\users\karol\appdata\local\calibre-cache

2013-08-15 22:41:08 -------- d-----w- c:\windows\system32\MRT

2013-08-15 19:29:02 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-15 19:29:01 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-15 19:29:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-15 19:29:01 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-15 19:29:01 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-15 19:26:30 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-15 19:26:29 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-15 19:26:29 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-15 19:24:51 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-15 19:24:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-15 19:19:55 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-15 19:19:54 918528 ----a-w- c:\windows\system32\rdpcorets.dll

2013-08-15 19:19:53 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M ====================

.

2013-08-13 16:17:11 8192 ----a-w- c:\windows\system32\srvany.exe

2013-08-13 16:17:11 77824 ----a-w- c:\windows\KMService.exe

2013-08-11 23:01:14 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

.

============= FINISH: 19:06:55,60 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 24/04/2013 20:09:40

System Uptime: 12/09/2013 19:00:13 (0 hours ago)

.

Motherboard: LENOVO | | Tilapia CRB

Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 54,689 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 130,494 GiB free.

E: is CDROM ()

G: is FIXED (NTFS) - 983 GiB total, 677,374 GiB free.

H: is FIXED (NTFS) - 896 GiB total, 838,742 GiB free.

I: is CDROM ()

J: is FIXED (NTFS) - 916 GiB total, 564,447 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP61: 08/09/2013 20:32:26 - Removed Microsoft Office Professional Plus 2010

RP62: 12/09/2013 19:05:44 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player ActiveX

Adobe Reader XI (11.0.03) - Português

Aegisub 3.0.2

AIMP3

µTorrent

aTube Catcher

calibre

DAEMON Tools Lite

EA Download Manager

EaseUS Todo Backup Free 5.8

FormatFactory 3.1.1

G Data InternetSecurity 2012

Google Chrome

Google Update Helper

High-Definition Video Playback

Internet Download Manager

K-Lite Mega Codec Pack 9.8.5

League of Legends

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Creative CollectionPack 1

Nero 10 Kwik Themes 3

Nero 10 Kwik Themes 4

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero 10 PiP EffectPack 1

Nero 10 Video TransitionPack 1

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Kwik Media

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

NeroKwikMedia Help (CHM)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pando Media Booster

Pandora Service

PhotoScape

Plants vs Zombies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

The KMPlayer (remove only)

The Sims™ 3

The Sims™ 3 Volta ao Mundo

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro karolz

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×