Ir ao conteúdo
  • Cadastre-se
DiegoEdon

Possível vírus criando arquivos enormes

Recommended Posts

Olá, boa noite.

Estou com um problema no meu PC, pois de uns tempos para cá o meu HD começou a acusar estar cheio.

Baixei então TreeSize Free, que mostra o tamanho de todas as pastas no PC, e verifiquei que havia um arquivo temporário com mais de 700 GB no caminho C:\Users\Casa\AppData\Local\Temp

Exclui este arquivo uma vez então o espaço no HD voltou ao normal. Porém o arquivo voltou a aparecer.

Seguem os logs necessários

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.13.2

Run by Edon-PC at 23:43:07 on 2013-12-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3990.2070 [GMT -2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Connectify\ConnectifyService.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Connectify\ConnectifyD.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Connectify\Connectify.exe

C:\Program Files (x86)\Connectify\DispatchUI.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Users\Edon-PC\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://search.b1.org/?bsrc=hmior&chid=c162341

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

uRun: [VirtualWifiRouter] C:\Users\Edon-PC\Downloads\Virtual-wi-fi-router.exe

uRun: [Google Update] "C:\Users\Edon-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

StartupFolder: C:\Users\Edon-PC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Edon-PC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.88.1

TCP: Interfaces\{6643D6A7-C2C6-45FF-AD2E-B6665229D821} : DHCPNameServer = 192.168.88.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

AppInit_DLLs= c:\progra~2\ssde96~1.hel\sprote~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Connectify Hotspot] C:\Program Files (x86)\Connectify\Connectify.exe autorun

x64-Run: [Connectify Dispatch] C:\Program Files (x86)\Connectify\DispatchUI.exe autorun

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Edon-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u7yrkih2.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

FF - prefs.js: browser.startup.homepage - about:addons

FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Edon-PC\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 cnnctfy3;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy3.sys [2013-9-26 35352]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-8 283200]

R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2013-8-10 487936]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-17 2656280]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-17 27760]

R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-5-12 1930240]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-17 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-17 76912]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-17 1357424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-3 102368]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-20 111616]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]

S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-1-3 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-1-3 13280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-3 203104]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-24 1255736]

.

=============== Created Last 30 ================

.

2013-12-02 14:35:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6FCCDBE-04D8-4F4B-8190-A9DB19490904}\offreg.dll

2013-12-02 14:34:27 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6FCCDBE-04D8-4F4B-8190-A9DB19490904}\mpengine.dll

2013-12-01 13:58:03 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-26 21:42:13 -------- d-----w- C:\Users\Edon-PC\AppData\Roaming\JAM Software

2013-11-26 21:42:09 -------- d-----w- C:\Program Files (x86)\JAM Software

2013-11-20 23:31:59 -------- d-----w- C:\Windows\System32\appmgmt

2013-11-14 12:10:15 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-11-07 12:34:28 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D87F85D6-9316-4B04-B6A2-9E9D5D2DA84D}\gapaengine.dll

2013-11-05 23:01:04 -------- d-----w- C:\Program Files (x86)\ETS

2013-11-05 22:52:54 -------- d-----w- C:\Users\Edon-PC\AppData\Local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-12 22:27:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-12 22:27:50 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-27 11:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-09-27 11:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-09-26 03:13:22 35352 ----a-w- C:\Windows\System32\drivers\cnnctfy3.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-13 21:54:00 384000 ----a-r- C:\Windows\System32\PsClikS64.dll

2013-09-13 21:54:00 323584 ----a-r- C:\Windows\SysWow64\PsClikS.dll

2013-09-13 21:50:58 288688 ----a-r- C:\Windows\System32\drivers\360FltOEM.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

.

============= FINISH: 23:43:33,01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 17/11/2012 21:02:36

System Uptime: 02/12/2013 12:23:23 (11 hours ago)

.

Motherboard: QBEX | | QBEX-H61H2-M2

Processor: Intel® Core i5-2310 CPU @ 2.90GHz | SOCKET 0 | 2901/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 883 GiB total, 2,811 GiB free.

D: is CDROM (UDF)

E: is CDROM (CDFS)

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4

BitTorrent

Connectify

DAEMON Tools Lite

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dropbox

Facebook Video Calling 1.2.0.287

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

HP Deskjet 2050 J510 series Software básico do dispositivo

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java 7 Update 13

Java Auto Updater

K-Lite Codec Pack 9.6.5 (Full)

Last.fm Scrobbler 2.1.30

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 PTB Language Pack

Microsoft Access MUI (Portuguese (Brazil)) 2013

Microsoft DCF MUI (Portuguese (Brazil)) 2013

Microsoft Excel MUI (Portuguese (Brazil)) 2013

Microsoft Groove MUI (Portuguese (Brazil)) 2013

Microsoft InfoPath MUI (Portuguese (Brazil)) 2013

Microsoft Lync MUI (Portuguese (Brazil)) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (Portuguese (Brazil)) 2013

Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2013

Microsoft OneNote MUI (Portuguese (Brazil)) 2013

Microsoft Outlook MUI (Portuguese (Brazil)) 2013

Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013

Microsoft Publisher MUI (Portuguese (Brazil)) 2013

Microsoft Research Mesh Virtual WIFI

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft Word MUI (Portuguese (Brazil)) 2013

MiniTool Partition Wizard Home Edition 7.1

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Onlinebandit 7.03

Pacote de Driver do Windows - Atheros (L1C) Net (09/27/2010 1.0.0.36)

Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)

PhotoScape

Platform

Revisores de Texto do Microsoft Office 2013 – Português do Brasil

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft .NET Framework 4.5 (KB2861208)

Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition

Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition

Ss.Helper 1.74

System Requirements Lab CYRI

TOEFL Sample Questions

TP-LINK TL-WN721N/TL-WN722N Driver

TP-LINK Wireless Configuration Utility

TreeSize Free V2.7

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition

Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition

Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition

Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition

Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition

VIA Gerenciador de dispositivo de plataforma

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-03 00:08:28

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST31000340NS rev.G005 931,51GB

Running: oto7rblr.exe; Driver: C:\Users\Edon-PC\AppData\Local\Temp\kxldapog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ffc000 45 bytes [5F, 00, 68, 00, 74, 00, 74, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002ffc02e 17 bytes [69, 00, 6D, 00, 67, 00, 2E, ...]

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

que isso, eu que agradeço pela atenção! Ainda estou precisando de ajuda sim.

Seguem os novos logs atualizados:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.13.2

Run by Edon-PC at 1:22:51 on 2013-12-05

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3990.1936 [GMT -2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Connectify\ConnectifyService.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Connectify\ConnectifyD.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Connectify\Connectify.exe

C:\Program Files (x86)\Connectify\DispatchUI.exe

C:\Users\Edon-PC\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://search.b1.org/?bsrc=hmior&chid=c162341

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [VirtualWifiRouter] C:\Users\Edon-PC\Downloads\Virtual-wi-fi-router.exe

uRun: [Google Update] "C:\Users\Edon-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

StartupFolder: C:\Users\Edon-PC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.88.1

TCP: Interfaces\{6643D6A7-C2C6-45FF-AD2E-B6665229D821} : DHCPNameServer = 192.168.88.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

AppInit_DLLs= c:\progra~2\ssde96~1.hel\sprote~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Connectify Hotspot] C:\Program Files (x86)\Connectify\Connectify.exe autorun

x64-Run: [Connectify Dispatch] C:\Program Files (x86)\Connectify\DispatchUI.exe autorun

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Edon-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u7yrkih2.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

FF - prefs.js: browser.startup.homepage - about:addons

FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Edon-PC\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Edon-PC\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 cnnctfy3;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy3.sys [2013-9-26 35352]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-8 283200]

R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2013-8-10 487936]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-17 2656280]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-17 27760]

R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-5-12 1930240]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-17 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-17 76912]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-17 1357424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-3 102368]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-20 111616]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]

S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-1-3 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-1-3 13280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-3 203104]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-24 1255736]

.

=============== Created Last 30 ================

.

2013-12-04 12:33:57 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEEF781E-864E-497B-AE07-EFAED702D5AC}\offreg.dll

2013-12-04 02:30:39 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEEF781E-864E-497B-AE07-EFAED702D5AC}\mpengine.dll

2013-12-03 02:53:58 1409 ----a-w- C:\Windows\QTFont.for

2013-12-03 02:50:40 86016 ----a-w- C:\Windows\unvise32.exe

2013-12-03 02:50:34 -------- d-----w- C:\Program Files (x86)\Longman Paper

2013-12-03 02:33:23 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-26 21:42:13 -------- d-----w- C:\Users\Edon-PC\AppData\Roaming\JAM Software

2013-11-26 21:42:09 -------- d-----w- C:\Program Files (x86)\JAM Software

2013-11-20 23:31:59 -------- d-----w- C:\Windows\System32\appmgmt

2013-11-14 12:10:15 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-11-07 12:34:28 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D87F85D6-9316-4B04-B6A2-9E9D5D2DA84D}\gapaengine.dll

2013-11-05 23:01:04 -------- d-----w- C:\Program Files (x86)\ETS

2013-11-05 22:52:54 -------- d-----w- C:\Users\Edon-PC\AppData\Local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-12 22:27:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-12 22:27:50 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-27 11:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-09-27 11:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-09-26 03:13:22 35352 ----a-w- C:\Windows\System32\drivers\cnnctfy3.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-13 21:54:00 384000 ----a-r- C:\Windows\System32\PsClikS64.dll

2013-09-13 21:54:00 323584 ----a-r- C:\Windows\SysWow64\PsClikS.dll

2013-09-13 21:50:58 288688 ----a-r- C:\Windows\System32\drivers\360FltOEM.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

.

============= FINISH: 1:23:27,61 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 17/11/2012 21:02:36

System Uptime: 04/12/2013 10:31:48 (15 hours ago)

.

Motherboard: QBEX | | QBEX-H61H2-M2

Processor: Intel® Core i5-2310 CPU @ 2.90GHz | SOCKET 0 | 2901/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 883 GiB total, 614,123 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP168: 03/12/2013 00:51:33 - Installed QuickTime

RP169: 04/12/2013 00:29:59 - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4

BitTorrent

Connectify

DAEMON Tools Lite

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dropbox

Facebook Video Calling 1.2.0.287

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

HP Deskjet 2050 J510 series Software básico do dispositivo

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java 7 Update 13

Java Auto Updater

K-Lite Codec Pack 9.6.5 (Full)

Last.fm Scrobbler 2.1.30

Longman Paper

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 PTB Language Pack

Microsoft Access MUI (Portuguese (Brazil)) 2013

Microsoft DCF MUI (Portuguese (Brazil)) 2013

Microsoft Excel MUI (Portuguese (Brazil)) 2013

Microsoft Groove MUI (Portuguese (Brazil)) 2013

Microsoft InfoPath MUI (Portuguese (Brazil)) 2013

Microsoft Lync MUI (Portuguese (Brazil)) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (Portuguese (Brazil)) 2013

Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2013

Microsoft OneNote MUI (Portuguese (Brazil)) 2013

Microsoft Outlook MUI (Portuguese (Brazil)) 2013

Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013

Microsoft Publisher MUI (Portuguese (Brazil)) 2013

Microsoft Research Mesh Virtual WIFI

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft Word MUI (Portuguese (Brazil)) 2013

MiniTool Partition Wizard Home Edition 7.1

Mozilla Firefox 20.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Onlinebandit 7.03

Pacote de Driver do Windows - Atheros (L1C) Net (09/27/2010 1.0.0.36)

Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)

PhotoScape

Platform

QuickTime

Revisores de Texto do Microsoft Office 2013 – Português do Brasil

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft .NET Framework 4.5 (KB2861208)

Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition

Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition

Ss.Helper 1.74

System Requirements Lab CYRI

TOEFL Sample Questions

TP-LINK TL-WN721N/TL-WN722N Driver

TP-LINK Wireless Configuration Utility

TreeSize Free V2.7

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition

Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition

Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition

Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition

Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition

VIA Gerenciador de dispositivo de plataforma

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-05 01:42:59

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST31000340NS rev.G005 931,51GB

Running: 9xx36phy.exe; Driver: C:\Users\Edon-PC\AppData\Local\Temp\kxldapog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff5000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002ff5011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Connectify\ConnectifyD.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75]

.text C:\Program Files (x86)\Connectify\ConnectifyD.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75]

.text ... * 2

.text C:\Program Files (x86)\Connectify\Connectify.exe[7256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75]

.text C:\Program Files (x86)\Connectify\Connectify.exe[7256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75]

.text ... * 2

.text C:\Program Files (x86)\Connectify\DispatchUI.exe[8012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75]

.text C:\Program Files (x86)\Connectify\DispatchUI.exe[8012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75]

.text ... * 2

.text C:\Program Files (x86)\BitTorrent\BitTorrent.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75]

.text C:\Program Files (x86)\BitTorrent\BitTorrent.exe[6992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75]

.text ... * 2

.text C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[7984] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75]

.text C:\Users\Edon-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[7984] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75]

.text ... * 2

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro DiegoEdon

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

C:\Users\Casa\AppData\Local\Temp

Exclui este arquivo uma vez então o espaço no HD voltou ao normal. Porém o arquivo voltou a aparecer.

Essa pasta é normal do sistema ;)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

diego_moicano, peço imensas desculpas pela ausência, infelizmente não tive tempo nos últimos dias de fazer o procedimento!

Finalmente o fiz, segue o log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.17.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Edon-PC :: EDON-PC [administrador]

Proteção: Permitir

16/12/2013 23:56:08

mbam-log-2013-12-16 (23-56-08).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 279745

Tempo decorrido: 4 minuto(s), 23 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1

HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Ruim: (c:\progra~2\ssde96~1.hel\sprote~1.dll) Bom: () -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 2

C:\Users\Edon-PC\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Edon-PC\AppData\Roaming\OpenCandy\247A9042D3C946D18E68E2C43FF717E1 (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 7

C:\Program Files (x86)\Ss.Helper\sprotector.dll (PUP.Optional.SProtect.A) -> Será deletado na próxima inicialização.

C:\Users\Casa\AppData\Roaming\HoolappForAndroid\Hoolapp.exe (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Edon-PC\AppData\Roaming\OpenCandy\247A9042D3C946D18E68E2C43FF717E1\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Casa\AppData\Local\Temp\is701137889\22find_B_cor_br_201319193057.exe (Trojan.Agent.SP) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Casa\7J1q6d4I2o\5x2K2q.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Edon-PC\AppData\Roaming\OpenCandy\247A9042D3C946D18E68E2C43FF717E1\ProtegeSetup.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Edon-PC\AppData\Roaming\OpenCandy\247A9042D3C946D18E68E2C43FF717E1\PSafeSetup_p2v0.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro DiegoEdon

Ok :)

Vamos fazer mais um scan para confirmar ;)

# Etapa nº 1 #

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×