Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FireFox and Chrome opens IE always [Solved]


  • This topic is locked This topic is locked

#1
Space1969

Space1969

    Member

  • Member
  • PipPip
  • 34 posts
Hi,

Trying to start Chrome or Firefox opens IE. I believe there are rests from a malware. I have used Malwarebytes and AVG and obviously there are nothing left, but this problem remains and I cannot solve it. Is there anyone expert who can help me please?

Regards,
Jorge

Edited by Space1969, 16 April 2013 - 03:13 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Space1969

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

  • 0

#3
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks Gringo for helping me. It is worse now for some reason, meaning that If I start IE it redirects to a new IE window. Iow I cannot open any link.

I will however download the software and run the diagnostics and get back to you ASAP.

Regards,
  • 0

#4
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Gringo,

See the reports you asked for below.
Anything yoy need me to do, just ask me please.

The Security Check showed an error box but finished.

Regards,
Jorge



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jorgen at 20:03:17 on 2013-04-16
.
============== Running Processes ================
.
C:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Arquivos de programas\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\system32\WinFLService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\IObit\Advanced SystemCare 6\Monitor.exe
C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\AVG SafeGuard toolbar\vprot.exe
C:\Arquivos de programas\SugarSync\SugarSyncManager.exe
C:\WINDOWS\system32\WinFLTray.exe
C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServ.exe
C:\Arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = 80.84.34.175:9000
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\arquivos de programas\search settings\SearchSettings.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Facilitador de Leitor de Link Adobe PDF: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\arquivos de programas\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\arquivos de programas\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\arquivos de programas\search settings\SearchSettings.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SugarSync] "c:\arquivos de programas\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge] <no file>
mRun: [IntelAudioStudio] "c:\arquivos de programas\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"
mRun: [AtomTime] "c:\arquivos de programas\atomtime pro\AtomTime.EXE"
mRun: [AppleSyncNotifier] c:\arquivos de programas\arquivos comuns\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VirtualCloneDrive] "c:\arquivos de programas\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [CertificateRegistration] aetcrss1.exe
mRun: [APSDaemon] "c:\arquivos de programas\arquivos comuns\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\arquivos de programas\logmein\x86\LogMeInSystray.exe"
mRun: [DivXMediaServer] c:\arquivos de programas\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\arquivos de programas\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeAAMUpdater-1.0] "c:\arquivos de programas\arquivos comuns\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_UI] "c:\arquivos de programas\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\arquivos de programas\avg safeguard toolbar\vprot.exe"
mRunOnce: [B Register c:\arquivos de programas\divx\divx plus directshow filters\divxdech264.ax] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus directshow filters\DivXDecH264.ax",DllRegisterServer
mRunOnce: [AvgRemover] c:\documents and settings\jorgen\configurações locais\temporary internet files\content.ie5\fbae25mh\avg_remover_stf_x86_2013_2706[1].exe /run_number=2 /avgdir="c:\arquivos de programas\avg\avg2013\" /avgdatadir="c:\documents and settings\all users\dados de aplicativos\avg2013\"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jorgen\menuin~1\progra~1\inicia~1\ddbd5.lnk - c:\arquivos de programas\internet explorer\ddbd5.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\bttray.lnk - c:\arquivos de programas\anycom\blue usb-200-250\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\cinefo~1.lnk - c:\arquivos de programas\cineform\tools\GoProCineFormStatusViewer.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\mcafee~1.lnk - c:\arquivos de programas\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\anycom\blue usb-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video - <no file>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\arquivos de programas\anycom\blue usb-200-250\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{98F5B81D-4833-4DD1-90BE-DE2A2FED7296} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E96BDFEA-5510-42EE-AEC8-381D3D169734} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\arquivos comuns\avg secure search\viprotocolinstaller\15.0.0\ViProtocol.dll
Notify: LMIinit - LMIinit.dll
SSODL: Auterget - <orphaned>
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 255.255.255.255 hcurltest3
Hosts: 255.255.255.255 vnsjs1.1stworks.com
Hosts: 74.208.77.54 hcurltest1
Hosts: 74.208.223.76 hcurltest2
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: Applications\chrome.exe - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2013-04-16 20:00:55 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00:40 -------- d-----w- c:\windows\LastGood.Tmp
2013-04-16 20:00:34 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14:52 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\AVG2013
2013-04-16 17:13:50 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13:48 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13:45 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10:16 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\MFAData
2013-04-16 17:06:08 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06:08 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 13:13:02 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13:02 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07:20 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:37:24 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\AVG Secure Search
2013-04-16 12:37:21 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\AVG Secure Search
2013-04-16 12:37:12 -------- d-----w- c:\arquivos de programas\arquivos comuns\AVG Secure Search
2013-04-16 12:25:00 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14:31 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:37:27 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:13:37 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02:49 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\TuneUp Software
2013-04-15 22:01:11 -------- d--h--w- C:\$AVG
2013-04-15 22:01:10 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\AVG2013
2013-04-04 21:56:32 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\boost_interprocess
2013-04-04 21:56:16 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Bitcoin
2013-04-04 21:55:54 -------- d-----w- c:\arquivos de programas\Bitcoin
2013-03-29 03:38:21 370688 ----a-w- c:\arquivos de programas\internet explorer\ddbd5.exe
2013-03-27 01:00:51 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Autodesk
.
==================== Find3M ====================
.
2013-03-13 01:49:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:13 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56:44 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56:44 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58:22 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 02:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 06:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-08 07:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 07:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 07:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 07:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-01-26 03:55:46 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-22 20:33:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 20:32:58 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-22 20:32:58 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-22 20:32:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 20:04:56,24 ===============




--------------
--------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Acrobat 5.0
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere Elements 11
Adobe Reader XI (11.0.02) - Português
Adobe Shockwave Player 11.6
Advanced SystemCare 6
AiO_Scan
AiOSoftware
Amazon Kindle For PC v1.1
America's Army 3
ANYCOM Blue USB-200/250 Software
Apple Mobile Device Support
Apple Software Update
Arquivo do WinRAR
Assistente de Instalação Certisign
AtomTime Pro 3.1d
µTorrent
Atualização de Segurança para Microsoft Windows (KB2564958)
Atualização de Segurança para o Windows Media Player (KB2378111)
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB954155)
Atualização de Segurança para o Windows Media Player (KB968816)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player (KB975558)
Atualização de Segurança para o Windows Media Player (KB978695)
Atualização de Segurança para o Windows Media Player (KB979402)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para o Windows Media Player 9 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB942615)
Atualização de Segurança para Windows Internet Explorer 7 (KB944533)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows Internet Explorer 7 (KB953838)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows Internet Explorer 7 (KB969897)
Atualização de Segurança para Windows Internet Explorer 7 (KB972260)
Atualização de Segurança para Windows XP (KB2079403)
Atualização de Segurança para Windows XP (KB2115168)
Atualização de Segurança para Windows XP (KB2121546)
Atualização de Segurança para Windows XP (KB2160329)
Atualização de Segurança para Windows XP (KB2229593)
Atualização de Segurança para Windows XP (KB2259922)
Atualização de Segurança para Windows XP (KB2279986)
Atualização de Segurança para Windows XP (KB2286198)
Atualização de Segurança para Windows XP (KB2296011)
Atualização de Segurança para Windows XP (KB2296199)
Atualização de Segurança para Windows XP (KB2347290)
Atualização de Segurança para Windows XP (KB2360937)
Atualização de Segurança para Windows XP (KB2387149)
Atualização de Segurança para Windows XP (KB2393802)
Atualização de Segurança para Windows XP (KB2412687)
Atualização de Segurança para Windows XP (KB2419632)
Atualização de Segurança para Windows XP (KB2423089)
Atualização de Segurança para Windows XP (KB2436673)
Atualização de Segurança para Windows XP (KB2440591)
Atualização de Segurança para Windows XP (KB2443105)
Atualização de Segurança para Windows XP (KB2476490)
Atualização de Segurança para Windows XP (KB2476687)
Atualização de Segurança para Windows XP (KB2478960)
Atualização de Segurança para Windows XP (KB2478971)
Atualização de Segurança para Windows XP (KB2479628)
Atualização de Segurança para Windows XP (KB2479943)
Atualização de Segurança para Windows XP (KB2481109)
Atualização de Segurança para Windows XP (KB2483185)
Atualização de Segurança para Windows XP (KB2485376)
Atualização de Segurança para Windows XP (KB2485663)
Atualização de Segurança para Windows XP (KB2503658)
Atualização de Segurança para Windows XP (KB2503665)
Atualização de Segurança para Windows XP (KB2506212)
Atualização de Segurança para Windows XP (KB2506223)
Atualização de Segurança para Windows XP (KB2507618)
Atualização de Segurança para Windows XP (KB2507938)
Atualização de Segurança para Windows XP (KB2508272)
Atualização de Segurança para Windows XP (KB2508429)
Atualização de Segurança para Windows XP (KB2509553)
Atualização de Segurança para Windows XP (KB2511455)
Atualização de Segurança para Windows XP (KB2524375)
Atualização de Segurança para Windows XP (KB2535512)
Atualização de Segurança para Windows XP (KB2536276-v2)
Atualização de Segurança para Windows XP (KB2536276)
Atualização de Segurança para Windows XP (KB2544893-v2)
Atualização de Segurança para Windows XP (KB2544893)
Atualização de Segurança para Windows XP (KB2555917)
Atualização de Segurança para Windows XP (KB2562937)
Atualização de Segurança para Windows XP (KB2566454)
Atualização de Segurança para Windows XP (KB2567053)
Atualização de Segurança para Windows XP (KB2567680)
Atualização de Segurança para Windows XP (KB2570222)
Atualização de Segurança para Windows XP (KB2570947)
Atualização de Segurança para Windows XP (KB2584146)
Atualização de Segurança para Windows XP (KB2585542)
Atualização de Segurança para Windows XP (KB2592799)
Atualização de Segurança para Windows XP (KB2598479)
Atualização de Segurança para Windows XP (KB2603381)
Atualização de Segurança para Windows XP (KB2618451)
Atualização de Segurança para Windows XP (KB2619339)
Atualização de Segurança para Windows XP (KB2620712)
Atualização de Segurança para Windows XP (KB2621440)
Atualização de Segurança para Windows XP (KB2624667)
Atualização de Segurança para Windows XP (KB2631813)
Atualização de Segurança para Windows XP (KB2633171)
Atualização de Segurança para Windows XP (KB2639417)
Atualização de Segurança para Windows XP (KB2641653)
Atualização de Segurança para Windows XP (KB2646524)
Atualização de Segurança para Windows XP (KB2647518)
Atualização de Segurança para Windows XP (KB2653956)
Atualização de Segurança para Windows XP (KB2655992)
Atualização de Segurança para Windows XP (KB2659262)
Atualização de Segurança para Windows XP (KB2660465)
Atualização de Segurança para Windows XP (KB2661637)
Atualização de Segurança para Windows XP (KB2676562)
Atualização de Segurança para Windows XP (KB2685939)
Atualização de Segurança para Windows XP (KB2686509)
Atualização de Segurança para Windows XP (KB2691442)
Atualização de Segurança para Windows XP (KB2695962)
Atualização de Segurança para Windows XP (KB2698365)
Atualização de Segurança para Windows XP (KB2705219)
Atualização de Segurança para Windows XP (KB2707511)
Atualização de Segurança para Windows XP (KB2709162)
Atualização de Segurança para Windows XP (KB2712808)
Atualização de Segurança para Windows XP (KB2718523)
Atualização de Segurança para Windows XP (KB2719985)
Atualização de Segurança para Windows XP (KB2723135)
Atualização de Segurança para Windows XP (KB2724197)
Atualização de Segurança para Windows XP (KB2727528)
Atualização de Segurança para Windows XP (KB2731847)
Atualização de Segurança para Windows XP (KB2753842-v2)
Atualização de Segurança para Windows XP (KB2757638)
Atualização de Segurança para Windows XP (KB2758857)
Atualização de Segurança para Windows XP (KB2770660)
Atualização de Segurança para Windows XP (KB2780091)
Atualização de Segurança para Windows XP (KB2802968)
Atualização de Segurança para Windows XP (KB2807986)
Atualização de Segurança para Windows XP (KB2808735)
Atualização de Segurança para Windows XP (KB2813170)
Atualização de Segurança para Windows XP (KB2820917)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB923689)
Atualização de Segurança para Windows XP (KB938464-v2)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB953839)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB958869)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961371)
Atualização de Segurança para Windows XP (KB961373)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB968537)
Atualização de Segurança para Windows XP (KB969059)
Atualização de Segurança para Windows XP (KB969898)
Atualização de Segurança para Windows XP (KB969947)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB970430)
Atualização de Segurança para Windows XP (KB971468)
Atualização de Segurança para Windows XP (KB971486)
Atualização de Segurança para Windows XP (KB971557)
Atualização de Segurança para Windows XP (KB971633)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB972270)
Atualização de Segurança para Windows XP (KB973346)
Atualização de Segurança para Windows XP (KB973354)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973525)
Atualização de Segurança para Windows XP (KB973869)
Atualização de Segurança para Windows XP (KB973904)
Atualização de Segurança para Windows XP (KB974112)
Atualização de Segurança para Windows XP (KB974318)
Atualização de Segurança para Windows XP (KB974392)
Atualização de Segurança para Windows XP (KB974571)
Atualização de Segurança para Windows XP (KB975025)
Atualização de Segurança para Windows XP (KB975467)
Atualização de Segurança para Windows XP (KB975560)
Atualização de Segurança para Windows XP (KB975561)
Atualização de Segurança para Windows XP (KB975562)
Atualização de Segurança para Windows XP (KB975713)
Atualização de Segurança para Windows XP (KB977165-v2)
Atualização de Segurança para Windows XP (KB977816)
Atualização de Segurança para Windows XP (KB977914)
Atualização de Segurança para Windows XP (KB978037)
Atualização de Segurança para Windows XP (KB978251)
Atualização de Segurança para Windows XP (KB978262)
Atualização de Segurança para Windows XP (KB978338)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB978601)
Atualização de Segurança para Windows XP (KB978706)
Atualização de Segurança para Windows XP (KB979309)
Atualização de Segurança para Windows XP (KB979482)
Atualização de Segurança para Windows XP (KB979559)
Atualização de Segurança para Windows XP (KB979683)
Atualização de Segurança para Windows XP (KB979687)
Atualização de Segurança para Windows XP (KB980195)
Atualização de Segurança para Windows XP (KB980218)
Atualização de Segurança para Windows XP (KB980232)
Atualização de Segurança para Windows XP (KB980436)
Atualização de Segurança para Windows XP (KB981322)
Atualização de Segurança para Windows XP (KB981852)
Atualização de Segurança para Windows XP (KB981957)
Atualização de Segurança para Windows XP (KB981997)
Atualização de Segurança para Windows XP (KB982132)
Atualização de Segurança para Windows XP (KB982214)
Atualização de Segurança para Windows XP (KB982665)
Atualização de Segurança para Windows XP (KB982802)
Atualização para Windows XP (KB2141007)
Atualização para Windows XP (KB2345886)
Atualização para Windows XP (KB2467659)
Atualização para Windows XP (KB2492386)
Atualização para Windows XP (KB2541763)
Atualização para Windows XP (KB2607712)
Atualização para Windows XP (KB2616676)
Atualização para Windows XP (KB2641690)
Atualização para Windows XP (KB2661254-v2)
Atualização para Windows XP (KB2718704)
Atualização para Windows XP (KB2736233)
Atualização para Windows XP (KB2749655)
Atualização para Windows XP (KB951072-v2)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955759)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB961503)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB971029)
Atualização para Windows XP (KB971737)
Atualização para Windows XP (KB973687)
Atualização para Windows XP (KB973815)
Audible Download Manager
AVG 2013
Bing Bar
Bitcoin
BlackBerry Desktop Software 6.0.1
Bonjour
BufferChm
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Combat Arms
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
Counter-Strike: Source
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative WebCam NX Driver (2.00.04.0000)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DocProc
Download Updater (AOL LLC)
DVD Suite
Elements 11 Organizer
Emissor de Nota Fiscal Eletrônica (NF-e) 2.0
eSupportQFolder
Fax
FileASSASSIN
Folder Lock
Free Picture Resize Starter 4.5
Garmin ANT Agent
Garmin Communicator Plugin
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
GCAP2009
Gerenciador de Certificados Digitais - Certisign
GoPro CineForm Studio 1.3.2
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix para Windows Internet Explorer 7 (KB947864)
Hotfix para Windows XP (KB2158563)
Hotfix para Windows XP (KB2443685)
Hotfix para Windows XP (KB2570791)
Hotfix para Windows XP (KB2633952)
Hotfix para Windows XP (KB2756822)
Hotfix para Windows XP (KB2779562)
Hotfix para Windows XP (KB942288-v3)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
Hotfix para Windows XP (KB970653-v3)
Hotfix para Windows XP (KB976098-v2)
Hotfix para Windows XP (KB979306)
Hotfix para Windows XP (KB981793)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Instalação do DivX
Intel Audio Studio 2.0
Intel® PRO Network Connections 11.2.0.69
IrfanView (remove only)
IRPF2008 Windows - Declaração de Ajuste Anual
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
iTunes
Java 7 Update 11
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 31
Java™ 6 Update 7
JavaFX 2.1.1
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware versão 1.75.0.1300
MarketResearch
Marvell 61xx MRU
Matrox VFW Software Codecs, build 28
McAfee Security Scan Plus
Media Player Codec Pack 4.2.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft Application Error Reporting
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser
neroxml
NewCopy
Nexon Game Manager
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Nvu 1.0PR
Octoshape add-in for Adobe Flash Player
Pacote de Compatibilidade para o sistema Office 2007
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
Paint.NET v3.5.10
PC-CCID
PC Searc h- SR22
PowerDVD
PRE11 STI Installer
Prince of Persia T2T
ProductContext
PunkBuster Services
PxMergeModule
Readme
Receitanet
Receitanet 2008
RightEdge 2008 Edition 1
SafeSign
Scan
ScannerCopy
Search Settings v1.2.3
SecurDisc Viewer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)
Segoe UI
Sicalc Auto Atendimento
SigmaTel Audio
Skype Toolbars
Skype™ 5.0
SolutionCenter
Sonos Controller
Status
Steam
StrongVPN Client version 1.1
SugarSync Manager
Suporte para Aplicativos Apple
swMSM
System Requirements Lab
TBS WMP Plug-in
TrayApp
Uninstall 1.0.0.1
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
VirtualCloneDrive
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 2.0.5
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format Runtime
Windows XP Service Pack 3
Wisdom-soft Set up ScreenHunter 5.1 Free
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XviD & MP3 Codec Pack (remove only)
Xvid 1.2.2 final uninstall
Yontoo Layers Runtime 1.10.01
.
==== End Of File ===========================



----------
----------

317 Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware versão 1.75.0.1300
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 11
Java™ 6 Update 3
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Edited by Space1969, 16 April 2013 - 05:10 PM.

  • 0

#5
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
As I had problems starting IE I did remove FireFox and Google Chrome.
Sorry for that. I will only make changes you ask for to make it easier for you.

Regards

Edited by Space1969, 16 April 2013 - 05:15 PM.

  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Space1969


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#7
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Gringo,

I have been running the 2 programs, and it worked ok.

When I ran RogueKiller it seems there is one log generated after the scan and another after the delete, so I am attaching the 2 of them below.

Regards,
Jorge



# AdwCleaner v2.200 - Relatório criado em 16/04/2013 às 23:18:14
# Atualizado em 02/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Jorgen - CASA
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Jorgen\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\DOCUME~1\Jorgen\CONFIG~1\Temp\Uninstall.exe
Pasta Removido : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search
Pasta Removido : C:\Arquivos de programas\Arquivos comuns\Software Update Utility
Pasta Removido : C:\Arquivos de programas\Search Settings
Pasta Removido : C:\Arquivos de programas\Yontoo Layers Runtime
Pasta Removido : C:\DOCUME~1\Jorgen\CONFIG~1\Temp\boost_interprocess
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\blekko toolbars
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Removido : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Conduit
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Search Settings
Removido Durante o reboot : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Removido Durante o reboot : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bkidpdfiogmbfogbadljpeeljpildncm

***** [Registro] *****

Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Chave Removida : HKCU\Software\IGearSettings
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKCU\Software\Search Settings
Chave Removida : HKCU\Software\SmartBar
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\Software\AVG Security Toolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Removida : HKLM\SOFTWARE\Classes\dnUpdate
Chave Removida : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Chave Removida : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Chave Removida : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Chave Removida : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Removida : HKLM\SOFTWARE\Classes\SearchSettings.BHO
Chave Removida : HKLM\SOFTWARE\Classes\SearchSettings.BHO.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bkidpdfiogmbfogbadljpeeljpildncm
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Removida : HKLM\Software\Search Settings
Chave Removida : HKLM\Software\Tarma Installer
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro está limpo.

-\\ Mozilla Firefox v [Impossível ler a versão]

Arquivo : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\prefs.js

Removida : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Removida : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v [Impossível ler a versão]

Arquivo : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [10661 octets] - [16/04/2013 23:18:14]

########## EOF - C:\AdwCleaner[S1].txt - [10722 octets] ##########




----------------
----------------



RogueKiller V8.5.4 [Mar 18 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Site : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario : Jorgen [Privilegios de Admnistrador]
Modo : Verificar -- Data : 04/16/2013 23:35:09
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : AvgRemover (C:\Documents and Settings\Jorgen\Configurações locais\Temporary Internet Files\Content.IE5\FBAE25MH\avg_remover_stf_x86_2013_2706[1].exe /run_number=2 /avgdir="C:\Arquivos de programas\AVG\AVG2013\" /avgdatadir="C:\Documents and Settings\All Users\Dados de ap) -> ENCONTRADO
[TASK][SUSP PATH] Backup.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Microsoft\Windows NT\NTBackup\data\Backup.bks" /a /d "Conjunto criado em 8/6/2010 às 17:52" /v:yes /r:no /rs:no /hc:off /m normal /j "Backup" /l:s /f "H:\Backup Desktop.bkf" [x] -> ENCONTRADO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (80.84.34.175:9000) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB3F73E59)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB3F73718)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA0E98B4)

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0ff803a312b07bffbb3c593f4a11d3c1
[BSP] 6375b15f29cf7358cf040d9911134b09 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 199996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 409593240 | Size: 105238 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 269ae52cd08a30105afe3c50bfe376ae
[BSP] c3561f748728f544cd444bfc21c94b6a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[1]_S_04162013_02d2335.txt >>
RKreport[1]_S_04162013_02d2335.txt



--------------
--------------



RogueKiller V8.5.4 [Mar 18 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Site : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario : Jorgen [Privilegios de Admnistrador]
Modo : Remover -- Data : 04/16/2013 23:36:05
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : AvgRemover (C:\Documents and Settings\Jorgen\Configurações locais\Temporary Internet Files\Content.IE5\FBAE25MH\avg_remover_stf_x86_2013_2706[1].exe /run_number=2 /avgdir="C:\Arquivos de programas\AVG\AVG2013\" /avgdatadir="C:\Documents and Settings\All Users\Dados de ap) -> DELETADO
[TASK][SUSP PATH] Backup.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Microsoft\Windows NT\NTBackup\data\Backup.bks" /a /d "Conjunto criado em 8/6/2010 às 17:52" /v:yes /r:no /rs:no /hc:off /m normal /j "Backup" /l:s /f "H:\Backup Desktop.bkf" [x] -> DELETADO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (80.84.34.175:9000) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR PROXY
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB3F73E59)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB3F73718)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xBA0E98B4)

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0ff803a312b07bffbb3c593f4a11d3c1
[BSP] 6375b15f29cf7358cf040d9911134b09 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 199996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 409593240 | Size: 105238 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 269ae52cd08a30105afe3c50bfe376ae
[BSP] c3561f748728f544cd444bfc21c94b6a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[2]_D_04162013_02d2336.txt >>
RKreport[1]_S_04162013_02d2335.txt ; RKreport[2]_D_04162013_02d2336.txt
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Space1969

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#9
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I ran the Combofix and it went through the stages, I believe there were 50 of them. Then at some moment it want black without the desktop objects being viewed. I left it like that during the night, and when I woke up, it was the same so I restarted the computer. There has been no textfile generated, but the mouse pointer bahaves as there is something running in the background with the timeglass appearing and disappearing now and then.

Regards,
Jorge

Edited by Space1969, 17 April 2013 - 05:47 AM.

  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Jorge

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
  • 0

Advertisements


#11
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Gringo,

I performed the combofix in safe mode and the report is as down below.

Regards,
Jorge





ComboFix 13-04-15.01 - Jorgen 17/04/2013 16:08:52.2.2 - x86 MINIMAL
Executando de: c:\documents and settings\Jorgen\Desktop\ComboFix.exe
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jorgen\Dados de aplicativos\HPSU_48BitScanUpdate.log
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Logof.dll
c:\windows\wininit.ini
.
---- Execuções precedente -------
.
c:\documents and settings\All Users\Dados de aplicativos\AAUserName.txt
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\All Users\Dados de aplicativos\TEMP\8927A071.TMP
c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys
c:\documents and settings\Jorgen\Dados de aplicativos\7za.exe
c:\documents and settings\Jorgen\Dados de aplicativos\a.7z
c:\documents and settings\Jorgen\Dados de aplicativos\Google\Update\1
c:\documents and settings\Jorgen\Dados de aplicativos\Google\Update\1\SD\s.txt
c:\documents and settings\Jorgen\Dados de aplicativos\test
c:\documents and settings\Jorgen\Dados de aplicativos\test\BaseClasses.cs
c:\documents and settings\Jorgen\Dados de aplicativos\test\test.cs
c:\documents and settings\Jorgen\Dados de aplicativos\test\test.rep
C:\LOG33.tmp
C:\LOG37.tmp
C:\LOG3A.tmp
C:\LOG40.tmp
C:\LOG59.tmp
C:\LOGA2.tmp
C:\LOGC0.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Legacy_NPF
-------\Legacy_RKHIT
-------\Service_NEWDRIVER
-------\Service_RkHit
-------\Legacy_NEWDRIVER
-------\Legacy_NPF
-------\Legacy_RKHIT
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-17 to 2013-04-17 ))))))))))))))))))))))))))))
.
.
2013-04-17 02:26 . 2013-04-17 02:26 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG Secure Search
2013-04-17 02:18 . 2013-04-17 02:19 384 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-16 21:34 . 2013-04-16 21:34 -------- d-----w- c:\windows\LastGood
2013-04-16 20:00 . 2013-04-16 20:02 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00 . 2013-04-16 20:04 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG2013
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10 . 2013-04-17 11:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData
2013-04-16 17:10 . 2013-04-16 17:17 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Avg2013
2013-04-16 17:10 . 2013-04-16 17:10 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\MFAData
2013-04-16 17:06 . 2013-04-16 19:37 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06 . 2013-04-16 17:06 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 16:58 . 2013-04-16 16:58 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Mozilla
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07 . 2012-11-02 02:04 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:25 . 2013-04-16 12:37 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14 . 2013-04-16 12:14 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37 . 2013-04-16 11:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:13 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02 . 2013-04-15 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\TuneUp Software
2013-04-15 22:01 . 2013-04-15 22:01 -------- d-----w- C:\$AVG
2013-04-15 22:01 . 2013-04-16 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG2013
2013-04-15 21:39 . 2013-04-17 03:00 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Deployment
2013-04-04 21:56 . 2013-04-04 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Bitcoin
2013-04-04 21:55 . 2013-04-04 21:56 -------- d-----w- c:\arquivos de programas\Bitcoin
2013-03-29 03:38 . 2013-03-29 03:38 370688 ----a-w- c:\arquivos de programas\Internet Explorer\ddbd5.exe
2013-03-27 01:00 . 2013-03-27 01:00 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Autodesk
2013-03-27 01:00 . 2013-03-27 01:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 01:49 . 2012-11-18 02:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49 . 2012-11-18 02:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2004-08-04 03:45 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 03:40 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32 . 2013-03-01 13:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 02:40 . 2013-02-27 02:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-19 05:30 . 2013-02-19 05:30 664 ----a-w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\d3d9caps.tmp
2013-02-14 06:52 . 2013-02-14 06:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 02:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 07:37 . 2013-02-08 07:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 07:37 . 2013-02-08 07:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 07:37 . 2013-02-08 07:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 07:37 . 2013-02-08 07:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 07:37 . 2013-02-08 07:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-01-26 03:55 . 2004-08-04 03:45 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-22 20:33 . 2013-01-22 20:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 20:32 . 2012-07-06 23:32 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-22 20:32 . 2010-05-18 02:05 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-22 20:32 . 2008-01-30 04:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\arquivos de programas\SugarSync\SugarSyncManager.exe" [2013-04-04 11262304]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 16856968]
"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-07-20 321736]
"FLBackup"="c:\arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-07-20 276168]
"FreeRAM XP"="c:\arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-09-14 1591808]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"Advanced SystemCare 6"="c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"ANT Agent"="c:\arquivos de programas\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AtomTime"="c:\arquivos de programas\AtomTime Pro\AtomTime.EXE" [2004-12-03 396316]
"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"CertificateRegistration"="aetcrss1.exe" [2010-07-20 151552]
"APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"DivXMediaServer"="c:\arquivos de programas\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\arquivos de programas\AVG SafeGuard toolbar\vprot.exe" [2013-04-16 1219248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Jorgen\Menu Iniciar\Programas\Inicializar\
ddbd5.LNK - c:\arquivos de programas\Internet Explorer\ddbd5.exe [2013-3-29 370688]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BTTray.lnk - c:\arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe [2005-9-6 581693]
CineForm Status.lnk - c:\arquivos de programas\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-21 17:16 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 17:34 1891416 ----a-w- c:\garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-15 23:36 446464 ----a-w- c:\arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-06 16:04 1353080 ----a-w- c:\arquivos de programas\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Jorgen\\Dados de aplicativos\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\arquivos de programas\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [x]
R2 BBSvc;BingBar Service;c:\arquivos de programas\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
R2 FLService;FLService;c:\windows\system32\WinFLService.exe [x]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [x]
R2 Marvell RAID;Marvell RAID Event Agent;c:\arquivos de programas\Marvell\61xx\svc\mvraidsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 MRUWebService;MRU Web Service;c:\arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe [x]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [x]
R3 BBUpdate;BBUpdate;c:\arquivos de programas\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 Ipodtuv1d;Ipodtuv1d; [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2010-08-01 01:55 81920 ----a-w- c:\windows\system32\aetsprov.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 03:01 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 01:49]
.
2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2013-04-17 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\arquivos de programas\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-03 22:33]
.
2013-04-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-25 09:12]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-17 03:00]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-17 03:00]
.
2013-04-02 c:\windows\Tasks\videopadShakeIcon.job
- c:\arquivos de programas\NCH Software\VideoPad\videopad.exe [2012-12-23 01:54]
.
2012-07-10 c:\windows\Tasks\WavePadReminder.job
- c:\arquivos de programas\NCH Software\WavePad\wavepad.exe [2012-06-30 00:25]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 80.84.34.175:9000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video
Trusted Zone: cybertrust.com\shrweb7.idm
TCP: DhcpNameServer = 192.168.0.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKCU-Run-AdobeBridge - (no file)
SSODL-Auterget-{EB04A877-1967-421D-93C0-2B8C5A5B89EF} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WinFLAdrv.sys
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 16:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(380)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(1620)
c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-04-17 16:42:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-04-17 19:42
.
Pré-execução: 2.798.010.368 bytes disponíveis
Pós execução: 2.622.812.160 bytes disponíveis
.
- - End Of File - - 0CEAC53D9F20045486C20CC6FBD20980
  • 0

#12
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Some stuff are really slow - I opened an Excel file and it took maybe 5-10 slower first time. Also, running a movie is very slow.

Regards,
Jorgen
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Space1969

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#14
Space1969

Space1969

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks so muchs!

I had Google Chrome installed again and the last times it has not been working, but now it is opening fine!
Issue I can see is that MVIs movies are not playing as they should, but I do not know if that is because of extension problems and will check.

What was the problem?

Also, what kind of software would you recommend to use on a daily basis to not get these kind of problems again?

Below is the log file generated.



ComboFix 13-04-15.01 - Jorgen 17/04/2013 19:54:18.3.2 - x86
Executando de: c:\documents and settings\Jorgen\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Jorgen\Desktop\CFScript.txt
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-17 to 2013-04-17 ))))))))))))))))))))))))))))
.
.
2013-04-17 02:26 . 2013-04-17 02:26 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG Secure Search
2013-04-17 02:18 . 2013-04-17 02:19 384 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-16 21:34 . 2013-04-16 21:34 -------- d-----w- c:\windows\LastGood
2013-04-16 20:00 . 2013-04-16 20:02 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00 . 2013-04-16 20:04 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG2013
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10 . 2013-04-17 20:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData
2013-04-16 17:10 . 2013-04-16 17:17 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Avg2013
2013-04-16 17:10 . 2013-04-16 17:10 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\MFAData
2013-04-16 17:06 . 2013-04-16 19:37 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06 . 2013-04-16 17:06 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 16:58 . 2013-04-16 16:58 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Mozilla
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07 . 2012-11-02 02:04 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:25 . 2013-04-16 12:37 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14 . 2013-04-16 12:14 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37 . 2013-04-16 11:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:13 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02 . 2013-04-15 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\TuneUp Software
2013-04-15 22:01 . 2013-04-15 22:01 -------- d-----w- C:\$AVG
2013-04-15 22:01 . 2013-04-16 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG2013
2013-04-15 21:39 . 2013-04-17 03:00 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Deployment
2013-04-04 21:56 . 2013-04-04 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Bitcoin
2013-04-04 21:55 . 2013-04-04 21:56 -------- d-----w- c:\arquivos de programas\Bitcoin
2013-03-29 03:38 . 2013-03-29 03:38 370688 ----a-w- c:\arquivos de programas\Internet Explorer\ddbd5.exe
2013-03-27 01:00 . 2013-03-27 01:00 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Autodesk
2013-03-27 01:00 . 2013-03-27 01:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 01:49 . 2012-11-18 02:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49 . 2012-11-18 02:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2004-08-04 03:45 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 03:40 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32 . 2013-03-01 13:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 02:40 . 2013-02-27 02:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-19 05:30 . 2013-02-19 05:30 664 ----a-w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\d3d9caps.tmp
2013-02-14 06:52 . 2013-02-14 06:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 02:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 07:37 . 2013-02-08 07:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 07:37 . 2013-02-08 07:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 07:37 . 2013-02-08 07:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 07:37 . 2013-02-08 07:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 07:37 . 2013-02-08 07:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-01-26 03:55 . 2004-08-04 03:45 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-22 20:33 . 2013-01-22 20:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 20:32 . 2012-07-06 23:32 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-22 20:32 . 2010-05-18 02:05 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-22 20:32 . 2008-01-30 04:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\arquivos de programas\SugarSync\SugarSyncManager.exe" [2013-04-04 11262304]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 16856968]
"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-07-20 321736]
"FLBackup"="c:\arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-07-20 276168]
"FreeRAM XP"="c:\arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-09-14 1591808]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"Advanced SystemCare 6"="c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"ANT Agent"="c:\arquivos de programas\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AtomTime"="c:\arquivos de programas\AtomTime Pro\AtomTime.EXE" [2004-12-03 396316]
"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"CertificateRegistration"="aetcrss1.exe" [2010-07-20 151552]
"APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"DivXMediaServer"="c:\arquivos de programas\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\arquivos de programas\AVG SafeGuard toolbar\vprot.exe" [2013-04-16 1219248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Jorgen\Menu Iniciar\Programas\Inicializar\
ddbd5.LNK - c:\arquivos de programas\Internet Explorer\ddbd5.exe [2013-3-29 370688]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BTTray.lnk - c:\arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe [2005-9-6 581693]
CineForm Status.lnk - c:\arquivos de programas\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-21 17:16 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 17:34 1891416 ----a-w- c:\garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-15 23:36 446464 ----a-w- c:\arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-06 16:04 1353080 ----a-w- c:\arquivos de programas\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Jorgen\\Dados de aplicativos\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 BBSvc;BingBar Service;c:\arquivos de programas\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 Marvell RAID;Marvell RAID Event Agent;c:\arquivos de programas\Marvell\61xx\svc\mvraidsvc.exe [x]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 Ipodtuv1d;Ipodtuv1d; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\arquivos de programas\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [x]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
S2 FLService;FLService;c:\windows\system32\WinFLService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MRUWebService;MRU Web Service;c:\arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe [x]
S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [x]
S3 BBUpdate;BBUpdate;c:\arquivos de programas\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2010-08-01 01:55 81920 ----a-w- c:\windows\system32\aetsprov.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 03:01 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 01:49]
.
2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2013-04-17 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\arquivos de programas\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-03 22:33]
.
2013-04-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-25 09:12]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-17 03:00]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-17 03:00]
.
2013-04-17 c:\windows\Tasks\videopadShakeIcon.job
- c:\arquivos de programas\NCH Software\VideoPad\videopad.exe [2012-12-23 01:54]
.
2012-07-10 c:\windows\Tasks\WavePadReminder.job
- c:\arquivos de programas\NCH Software\WavePad\wavepad.exe [2012-06-30 00:25]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 80.84.34.175:9000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video
Trusted Zone: cybertrust.com\shrweb7.idm
TCP: DhcpNameServer = 192.168.0.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 20:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(6544)
c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\INK\SKCHUI.DLL
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tempo para conclusão: 2013-04-17 20:17:33
ComboFix-quarantined-files.txt 2013-04-17 23:17
ComboFix2.txt 2013-04-17 19:42
.
Pré-execução: 2.145.701.888 bytes disponíveis
Pós execução: 2.221.600.768 bytes disponíveis
.
- - End Of File - - 083C285A88D1E54C8461BCAC72319E7C
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


µTorrent
Java 7 Update 11
Java™ 6 Update 3
Java™ 6 Update 31
Java™ 6 Update 7
JavaFX 2.1.1
McAfee Security Scan Plus
Search Settings v1.2.3
Yontoo Layers Runtime 1.10.01

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP