Ir ao conteúdo
  • Cadastre-se
Quaderna

Problemas com Malwares

Recommended Posts

Olá, pessoal.

 

Ontem baixei um programa e ao executá-lo o anti-vírus alertou trojans etc. Os browsers foram configurados para o "dounty.com", "iawebssearches", "best search yahoo", a dropbox parou de sincronizar (dizia "não foi possível estabelecer conexão segura"). Tentei de tudo (restaurar padrões etc.) e só resolveu quando desinstalei um programa chamado Njax, que surgiu após executar o tal programa. O dounty e demais sumiram, dropbox voltou ao normal, ao que parece está tudo ok, mas quero me certificar de que meu notebook não está com outras ameaças, coisas no regedit do Njax etc. Espero que possam me ajudar. Abaixo estão os logs do Attach.txt, DDS.txt e Gmer.txt, nessa ordem.

 

LOG ATTACH.TXT

 

DDS (Ver_2012-11-20.01)

.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 24/11/2010 23:56:45
System Uptime: 10/11/2014 21:09:42 (2 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Pentium® CPU        P6100  @ 2.00GHz | N/A | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 83,768 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP355: 08/10/2014 14:48:35 - Scheduled Checkpoint
RP356: 10/10/2014 15:37:35 - Windows Update
RP357: 19/10/2014 19:25:26 - Scheduled Checkpoint
RP358: 30/10/2014 16:15:36 - Scheduled Checkpoint
RP359: 09/11/2014 22:58:25 - Scheduled Checkpoint
RP360: 10/11/2014 19:31:07 - Removed Adobe Download Assistant
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Photoshop CS4
Adobe Reader XI (11.0.06)
Alps Pointing-device for VAIO
aMSN 0.98.4
Application Manager for VAIO
ArcSoft WebCam Companion 3
Arquivo do WinRAR
AVG 2014
Best Buy pc app
BitComet 1.35
CCleaner
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
Corel WinDVD
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Diablo II
Digital Voice Editor 3
Disco de recordações HP
Dropbox
EVEREST Ultimate Edition v5.02
Farejador 10.1
Free MP3 Cutter 1.01
Free Video to MP3 Converter version 5.0.19.1015
Gigaget
Google Chrome
Google Talk Plugin
Google Update Helper
Guitar Pro 5.2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Foto e Imagem 2.0 - All-in-One
HP Foto e Imagem 2.0 - All-in-One Drivers
Huawei modem
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Módulo de Segurança - Banco do Brasil
Macromedia Fireworks MX 2004
Media Gallery
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Português do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Application Error Reporting
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox 30.0 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Speed 5.1.0
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
myflare
Oasis2Service
OOBE
Pazera Free MOV to AVI Converter 1.4
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Portinho 4.1.5
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Click to Call
Skype™ 6.11
SmartWi Connection Utility
SoulSeek 157 NS 13e
SpeedFan (remove only)
Ultima Online: Mondain's Legacy
Unlocker 1.9.0-x64
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinPcap 4.1.1
XMind 2012 (v3.3.1)
.
==== Event Viewer Messages From Past Week ========
.
10/11/2014 21:11:09, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFS
10/11/2014 21:10:33, Error: Service Control Manager [7000]  - The eamonm service failed to start due to the following error:  The system cannot find the file specified.
06/11/2014 19:59:48, Error: Service Control Manager [7034]  - The Oasis2Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
LOG DDS.TXT
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280
Run by Owner at 23:10:34 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1033.18.3758.2013 [GMT -2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\explorer.exe
c:\windows\system32\svchost.exe -k sdrsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX
uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: GigagetIEHelper Class: {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\SysWOW64\gigagetbho_v10.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\geturl.htm
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 189.4.64.82 189.4.64.87
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 189.4.64.82 189.4.64.87
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\25564656025437167602D2021457C6160213 : DHCPNameServer = 10.12.12.3
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\25564656025437167602D2021457C6160223 : DHCPNameServer = 10.12.12.3
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\25564656025437167602D202E40544 : DHCPNameServer = 10.12.12.3
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\54351474022303132302D2022584 : DHCPNameServer = 10.12.12.3
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\54351474022303132302D202D4543545 : DHCPNameServer = 10.12.12.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415656031&from=pcm&uid=HitachiXHTS545032B9SA00_100825PBPC08FDCYYYLMX&q={searchTerms}
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cu0fvsob.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-2 55280]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-5-28 254528]
R1 mosfilterdrv;mosfilterdrv;C:\Windows\System32\drivers\mosfilterdrv.sys [2014-11-10 60728]
R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-8-14 546104]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-3 61440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-7-29 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-5-26 257936]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-29 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-29 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-26 287232]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-12-30 116224]
S3 ICDUSB3;ICDUSB3;C:\Windows\System32\drivers\ICDUSB3.sys [2012-10-2 13312]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-20 19456]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-23 56832]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-25 1255736]
.
=============== Created Last 30 ================
.
2014-11-11 00:35:53 -------- d-----w- C:\Windows\System32\log
2014-11-10 21:47:52 -------- d-----w- C:\Users\Owner\AppData\Local\BoBrowser
2014-11-10 21:46:45 60728 ----a-w- C:\Windows\System32\drivers\mosfilterdrv.sys
2014-11-10 21:46:45 -------- d-----w- C:\Program Files (x86)\NJax
2014-11-10 21:46:44 -------- d-----w- C:\ProgramData\Online
2014-11-10 21:33:38 -------- d-----w- C:\Users\Owner\AppData\Local\Wondershare
2014-11-10 21:33:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2014-11-10 21:33:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wondershare
2014-11-10 20:49:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-10-29 15:44:48 813217 ----a-w- C:\Users\Owner\AppData\Roaming\unins000.exe
.
==================== Find3M  ====================
.
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 05:23:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 05:23:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-08 01:18:32 77004 ----a-w- C:\Windows\SysWow64\drivers\AFS.SYS
2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-10-16 13:50:24 3056008 ----a-w- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
.
============= FINISH: 23:11:22,51 ===============
 

 

LOG GMER.TXT

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-11 00:26:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgtyypow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                      fffff800031a6000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                                      fffff800031a6011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
 
---- User code sections - GMER 2.1 ----
 
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                            00000000775cc4dd 6 bytes JMP 71af000a
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                          00000000775d1287 6 bytes JMP 71a5000a
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                                                        0000000077093488 6 bytes JMP 71a8000a
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread                                                           00000000770ad552 5 bytes JMP 0000000174ab8fc8
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                             0000000076132c9e 4 bytes CALL 71ac0000
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                             0000000076391465 2 bytes [39, 76]
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[112] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                            00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                            0000000076132c9e 4 bytes CALL 71af0000
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1352] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy                                                       00000000766d429b 6 bytes JMP 71a8000a
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1352] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface                                                                 000000007624f150 6 bytes JMP 71ab000a
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                            0000000076391465 2 bytes [39, 76]
.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1352] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                           00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!DispatchMessageW           00000000763b787b 5 bytes JMP 00000001004bcc70
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!DispatchMessageA           00000000763b7bbb 5 bytes JMP 00000001004bcbb8
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!GetScrollInfo              00000000763c4018 5 bytes JMP 00000001004bcb60
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!SetScrollInfo              00000000763c40cf 5 bytes JMP 00000001004bc9d4
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!SetScrollPos               00000000763c87a5 5 bytes JMP 00000001004bca5c
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\USER32.dll!SetScrollRange             00000000763dd50b 5 bytes JMP 00000001004bcadc
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076391465 2 bytes [39, 76]
.text     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000763914bb 2 bytes [39, 76]
.text     ...                                                                                                                                                     * 2
 
---- Registry - GMER 2.1 ----
 
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb                                                                             
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)                                                         
 
---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Quaderna,

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe 51a612a8b27e2-zoek.png Zoek.exe (por Smeenk) e salve na sua área de trabalho.
 
Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

emptyclsid;resetieproxy;ffdefaults;msconfigcheck;autoclean;resethosts;shortcutfix;systemspecs;chrdefaults;resetwmi;

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o anexo deste post e salve-o no desktop.

Execute o FRST64.exe e clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Anexe o log na sua próxima resposta.

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia.

 

1)

 

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

2)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
  • Anexe o log na sua próxima resposta..

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos Turco tinha 2 logs de cada programa, aí não soube qual era, então anexei os 2 de cada. No Malware, depois que ele encontrou as ameaças, eu cliquei "mover todos para a quarentena", como você colocou, mas aí o botão "aplicar ações" (que tava ao lado direito) "sumiu", já que a tela mudou e o programa pediu pra reiniciar. É assim mesmo?

 

Tenho outra pergunta: o zoek e o FRST criaram uma pasta no c:/. A do zoek é backup (zoek_backup), eu posso deletá-la, né? A do FRST não parece backup, mas eu posso apagá-la também (tem que dar uninstall na do FRST ou só del mesmo? não lembro de o programa ter sido instalado, achei que fosse só executar)?

AdwCleanerR1.txt

AdwCleanerS1.txt

Malware Log de Proteção Diária.txt

Malware Log de verificação.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quaderna,

 

Com relação as ferramentas, deixe para remover ao final da análise.

 

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

2)

 

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o conteúdo do log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Delfix by Xplode e salve na sua área de trabalho.

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

2mez6ld.png

Clique no botão Executar.

Ao final será gerado um log, anexe-o na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK,

 

Para finalizar:
 
# Etapa nº 1 #


Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.

  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
# Etapa nº 2 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

 

IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!

  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...

Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!
<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços. thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×