Jump to content

Recommended Posts

Good afternoon I downloaded an Internet program and at the time of installation entered a trojan with the name of hijack.exefile I already ran the scan with the malware and every time I restart the computer it back would like help and support to solve my program is bought and I already downloaded the dds.src and already did the scan I would like to Pulb what appears in the TXT of the DDS hugs from Brazil 

Note: My programs only open when I open as ADM


DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Usuario at 13:10:48 on 2017-11-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.16285.13055 [GMT -2:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\DAODx.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
F:\Program Files (x86)\Steam\Steam.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Spotify Web Helper] C:\Users\Usuario\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRun: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E532C053-0A6C-4C55-B342-8A9C6715F8A2} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\x3xoe7yl.default\
FF - plugin: C:\Program Files\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2017-9-20 83656]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2017-9-20 43720]
R0 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2017-11-12 192952]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2017-11-12 252232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2017-9-24 283064]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-9-25 77440]
R1 wsddntf;Diebold Network Monitor;C:\Windows\System32\drivers\wsddntf.sys [2017-10-29 36984]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2257016]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2017-9-20 246272]
R2 Focusrite Control Server;Focusrite Control Server;C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [2017-9-22 1313792]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-25 6058960]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-9-21 10803440]
R2 Warsaw Technology;Warsaw Technology;C:\Program Files\Diebold\Warsaw\core.exe [2017-10-29 1056304]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-8-16 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-8-16 424192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2017-9-20 95760]
R3 FocusriteUSB;Focusrite USB;C:\Windows\System32\drivers\FocusriteUSB.sys [2017-9-22 87056]
R3 FocusriteUSBAudio;Focusrite USB Audio;C:\Windows\System32\drivers\FocusriteUSBAudio.sys [2017-9-22 45072]
R3 FocusriteUSBMidi;Focusrite USB MIDI;C:\Windows\System32\drivers\FocusriteUSBMidi.sys [2017-9-22 36880]
R3 FocusriteUSBSwRoot;USB Audio Root;C:\Windows\System32\drivers\FocusriteUSBSwRoot.sys [2017-9-22 88592]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-11-12 110016]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-11-12 45504]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-11-12 84256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2017-9-20 943832]
S1 wsddfac;wsddfac;C:\Windows\System32\drivers\wsddfac.sys [2017-10-29 28376]
S1 wsddpp;Warsaw - Driver (PP);C:\Windows\System32\drivers\wsddpp.sys [2017-10-29 25184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 358880]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 iobit_monitor_server;iobit_monitor_server;C:\PROGRA~2\IObit\ADVANC~1\drivers\Monitor_win7_x64.sys [2017-11-12 14680]
S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wsddprm;Warsaw - Driver (PRM);C:\Windows\System32\drivers\wsddprm.sys [2017-10-29 25184]
.
=============== Created Last 30 ================
.
2017-11-12 19:36:42    --------    d-----w-    C:\ProgramData\ProductData
2017-11-12 19:36:24    --------    d-----w-    C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-11-12 19:36:23    --------    d-----w-    C:\Program Files (x86)\Common Files\IObit
2017-11-12 19:36:14    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\IObit
2017-11-12 19:36:14    --------    d-----w-    C:\Program Files (x86)\IObit
2017-11-12 19:35:57    --------    d-----w-    C:\ProgramData\IObit
2017-11-12 19:20:51    --------    d-----w-    C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2017-11-12 16:10:26    192952    ----a-w-    C:\Windows\System32\drivers\MbamChameleon.sys
2017-11-12 16:10:24    84256    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2017-11-12 16:10:24    45504    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2017-11-12 16:10:24    252232    ----a-w-    C:\Windows\System32\drivers\mbamswissarmy.sys
2017-11-12 16:10:24    110016    ----a-w-    C:\Windows\System32\drivers\farflt.sys
2017-11-12 11:17:02    0    ----a-w-    C:\Windows\directx.sys
2017-11-12 00:18:40    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2017-11-09 20:49:24    --------    d-sh--w-    C:\ProgramData\SecuROM
2017-11-09 20:43:48    --------    d-----w-    C:\Windows\SysWow64\xlive
2017-11-09 20:43:48    --------    d-----w-    C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2017-11-09 20:41:24    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2017-10-29 21:46:57    36984    ----a-w-    C:\Windows\System32\drivers\wsddntf.sys
2017-10-29 21:46:57    28376    ----a-w-    C:\Windows\System32\drivers\wsddfac.sys
2017-10-29 21:46:57    25184    ------w-    C:\Windows\System32\drivers\wsddprm.sys
2017-10-29 21:46:57    25184    ------w-    C:\Windows\System32\drivers\wsddpp.sys
2017-10-29 21:46:55    --------    d--h--w-    C:\Program Files (x86)\GAS Tecnologia
2017-10-29 21:46:55    --------    d--h--w-    C:\Program Files (x86)\Diebold
2017-10-29 21:46:34    --------    d-----w-    C:\Program Files\Diebold
2017-10-29 21:45:47    --------    d-----w-    C:\Users\Usuario\AppData\Local\Aplicativo Itau
2017-10-25 21:03:31    --------    d-----w-    C:\Users\Usuario\aTubeCatcher
2017-10-23 18:51:38    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\Cycling '74
.
==================== Find3M  ====================
.
2017-11-11 16:27:12    16    ----a-w-    C:\Windows\System32\msvcsv60.dll
2017-11-11 16:27:12    16    ----a-w-    C:\Users\Usuario\AppData\Roaming\msregsvv.dll
2017-10-29 21:48:42    1856    ----a-w-    C:\Windows\Fonts\Warsaw Bold.ttf
2017-10-09 16:16:04    77440    ----a-w-    C:\Windows\System32\drivers\mbae64.sys
2017-09-25 18:30:17    7649280    ----a-w-    C:\Program Files (x86)\GUT3C93.tmp
2017-09-24 19:20:49    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2017-09-24 19:20:49    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2017-09-24 19:20:49    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2017-09-24 15:27:59    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2017-09-20 21:24:00    1864    ----a-w-    C:\Windows\Fonts\dbldwrsw.ttf
2017-09-20 20:48:12    0    ----a-w-    C:\Windows\ativpsrm.bin
.
============= FINISH: 13:11:00,68 ===============

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.