Jump to content

Recommended Posts

Good afternoon I downloaded an Internet program and at the time of installation entered a trojan with the name of hijack.exefile I already ran the scan with the malware and every time I restart the computer it back would like help and support to solve my program is bought and I already downloaded the dds.src and already did the scan I would like to Pulb what appears in the TXT of the DDS hugs from Brazil 

Note: My programs only open when I open as ADM


DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Usuario at 13:10:48 on 2017-11-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.16285.13055 [GMT -2:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\DAODx.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
F:\Program Files (x86)\Steam\Steam.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Spotify Web Helper] C:\Users\Usuario\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRun: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E532C053-0A6C-4C55-B342-8A9C6715F8A2} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\x3xoe7yl.default\
FF - plugin: C:\Program Files\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2017-9-20 83656]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2017-9-20 43720]
R0 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2017-11-12 192952]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2017-11-12 252232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2017-9-24 283064]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-9-25 77440]
R1 wsddntf;Diebold Network Monitor;C:\Windows\System32\drivers\wsddntf.sys [2017-10-29 36984]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2257016]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2017-9-20 246272]
R2 Focusrite Control Server;Focusrite Control Server;C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [2017-9-22 1313792]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-25 6058960]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-9-21 10803440]
R2 Warsaw Technology;Warsaw Technology;C:\Program Files\Diebold\Warsaw\core.exe [2017-10-29 1056304]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-8-16 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-8-16 424192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2017-9-20 95760]
R3 FocusriteUSB;Focusrite USB;C:\Windows\System32\drivers\FocusriteUSB.sys [2017-9-22 87056]
R3 FocusriteUSBAudio;Focusrite USB Audio;C:\Windows\System32\drivers\FocusriteUSBAudio.sys [2017-9-22 45072]
R3 FocusriteUSBMidi;Focusrite USB MIDI;C:\Windows\System32\drivers\FocusriteUSBMidi.sys [2017-9-22 36880]
R3 FocusriteUSBSwRoot;USB Audio Root;C:\Windows\System32\drivers\FocusriteUSBSwRoot.sys [2017-9-22 88592]
R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-11-12 110016]
R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-11-12 45504]
R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-11-12 84256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2017-9-20 943832]
S1 wsddfac;wsddfac;C:\Windows\System32\drivers\wsddfac.sys [2017-10-29 28376]
S1 wsddpp;Warsaw - Driver (PP);C:\Windows\System32\drivers\wsddpp.sys [2017-10-29 25184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 358880]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 iobit_monitor_server;iobit_monitor_server;C:\PROGRA~2\IObit\ADVANC~1\drivers\Monitor_win7_x64.sys [2017-11-12 14680]
S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wsddprm;Warsaw - Driver (PRM);C:\Windows\System32\drivers\wsddprm.sys [2017-10-29 25184]
.
=============== Created Last 30 ================
.
2017-11-12 19:36:42    --------    d-----w-    C:\ProgramData\ProductData
2017-11-12 19:36:24    --------    d-----w-    C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-11-12 19:36:23    --------    d-----w-    C:\Program Files (x86)\Common Files\IObit
2017-11-12 19:36:14    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\IObit
2017-11-12 19:36:14    --------    d-----w-    C:\Program Files (x86)\IObit
2017-11-12 19:35:57    --------    d-----w-    C:\ProgramData\IObit
2017-11-12 19:20:51    --------    d-----w-    C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2017-11-12 16:10:26    192952    ----a-w-    C:\Windows\System32\drivers\MbamChameleon.sys
2017-11-12 16:10:24    84256    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2017-11-12 16:10:24    45504    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2017-11-12 16:10:24    252232    ----a-w-    C:\Windows\System32\drivers\mbamswissarmy.sys
2017-11-12 16:10:24    110016    ----a-w-    C:\Windows\System32\drivers\farflt.sys
2017-11-12 11:17:02    0    ----a-w-    C:\Windows\directx.sys
2017-11-12 00:18:40    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2017-11-09 20:49:24    --------    d-sh--w-    C:\ProgramData\SecuROM
2017-11-09 20:43:48    --------    d-----w-    C:\Windows\SysWow64\xlive
2017-11-09 20:43:48    --------    d-----w-    C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2017-11-09 20:41:24    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2017-10-29 21:46:57    36984    ----a-w-    C:\Windows\System32\drivers\wsddntf.sys
2017-10-29 21:46:57    28376    ----a-w-    C:\Windows\System32\drivers\wsddfac.sys
2017-10-29 21:46:57    25184    ------w-    C:\Windows\System32\drivers\wsddprm.sys
2017-10-29 21:46:57    25184    ------w-    C:\Windows\System32\drivers\wsddpp.sys
2017-10-29 21:46:55    --------    d--h--w-    C:\Program Files (x86)\GAS Tecnologia
2017-10-29 21:46:55    --------    d--h--w-    C:\Program Files (x86)\Diebold
2017-10-29 21:46:34    --------    d-----w-    C:\Program Files\Diebold
2017-10-29 21:45:47    --------    d-----w-    C:\Users\Usuario\AppData\Local\Aplicativo Itau
2017-10-25 21:03:31    --------    d-----w-    C:\Users\Usuario\aTubeCatcher
2017-10-23 18:51:38    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\Cycling '74
.
==================== Find3M  ====================
.
2017-11-11 16:27:12    16    ----a-w-    C:\Windows\System32\msvcsv60.dll
2017-11-11 16:27:12    16    ----a-w-    C:\Users\Usuario\AppData\Roaming\msregsvv.dll
2017-10-29 21:48:42    1856    ----a-w-    C:\Windows\Fonts\Warsaw Bold.ttf
2017-10-09 16:16:04    77440    ----a-w-    C:\Windows\System32\drivers\mbae64.sys
2017-09-25 18:30:17    7649280    ----a-w-    C:\Program Files (x86)\GUT3C93.tmp
2017-09-24 19:20:49    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2017-09-24 19:20:49    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2017-09-24 19:20:49    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2017-09-24 15:27:59    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2017-09-20 21:24:00    1864    ----a-w-    C:\Windows\Fonts\dbldwrsw.ttf
2017-09-20 20:48:12    0    ----a-w-    C:\Windows\ativpsrm.bin
.
============= FINISH: 13:11:00,68 ===============

Share this post


Link to post
Share on other sites

Hi dowJonesBR :)

Do you still need assistance with this issue? Since your thread is old, it'll be closed if I don't hear back from you within 3 days.

Thank you!

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.