Cannot find outgoing threat

dreamhouse · June 24, 2011

Hi,

My site has been attacked constantly and despite me cleaning it of the scripts I keep getting the message from Malwarebytes that it successfully blocked access to a potentially malicious website (as you will see in the attached Malwarebytes log file. I also attached the files you asked to be attached and pasted. Thank you so much in advance for your help. NOTE: The ark.txt is blank because there was nothing detected with GMER.

DDS.txt

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Clarita Maia at 12:30:26 on 2011-06-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4096.2511 [GMT -3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\network-indicator\NetworkIndicator.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = local

mSearchAssistant = hxxp://start.facemoods.com/?a=ost&s={searchTerms}&f=4

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [network indicator] C:\Program Files (x86)\network-indicator\NetworkIndicator.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_AllO.htm

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Barra de Ferramentas do RF - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Personalizar Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Preencher - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Salvar Formulários - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{E3C9263C-6DDB-42DD-9839-B5C49D9C17B1} : DhcpNameServer = 8.8.8.8 8.8.4.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

{0055C089-8582-441B-A0BF-17B458C2A3A8}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AE7CD045-E861-484f-8273-0445EE161910}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{C41A1C0E-EA6C-11D4-B1B8-444553540000}

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{F4971EE7-DAA0-4053-9964-665D8EE6A077}

{47833539-D0C5-4125-9FA8-0819E2EAAC93}

{724d43a0-0d85-11d4-9908-00400523e39a}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\

FF - prefs.js: browser.search.selectedEngine - IMDB

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-3-5 263480]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-5-10 56712]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-11-17 363344]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-22 2218600]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\A28E.tmp --> C:\Windows\system32\A28E.tmp [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

.

=============== Created Last 30 ================

.

2011-06-24 07:27:39 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60F57BE0-8CD5-4FA0-8B3A-E948EB2E6B7F}\mpengine.dll

2011-06-24 01:37:29 -------- d-----w- C:\Users\Clarita Maia\AppData\Roaming\TortoiseSVN

2011-06-24 01:16:37 -------- d-----w- C:\Program Files\TortoiseSVN

2011-06-24 01:16:37 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2011-06-23 16:22:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8AB4CE45-6C1F-4633-BC24-D0DF08F22060}

2011-06-23 02:44:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{16DE3943-53A0-4BF0-B8E8-68CE2F1A44EE}

2011-06-15 23:16:15 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-15 23:16:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-06-15 23:16:08 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-15 23:16:08 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-06-15 23:16:08 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-06-15 23:11:25 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-06-15 23:11:23 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-06-15 23:11:23 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-06-15 23:11:22 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-15 23:11:22 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-15 23:11:22 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-15 23:06:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-15 23:06:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-15 23:06:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-15 23:06:21 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-15 20:51:54 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5319DC61-6ABF-42D0-9D1E-C24F97B6BA49}

2011-06-15 20:50:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3001CB78-0D6B-4EF4-B645-FD03DD9B0AFB}

2011-06-15 20:41:30 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B8D89D8-C8F9-41C2-905A-66588FA12B54}

2011-06-15 20:40:46 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{7D2D9CD0-0EFD-4D47-934A-576A5F077A20}

2011-06-15 20:39:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C817F30-7EB6-47E2-AAE0-3068FDE3340B}

2011-06-15 20:31:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8C8F85C5-9873-48E9-832E-4C34A3FC760D}

2011-06-15 20:30:34 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1D89F89E-7441-41A4-B6ED-5C9C2AACC6C3}

2011-06-15 20:29:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{53137FC6-4FA8-4EA7-9D03-0C01F2874FFA}

2011-06-08 10:29:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D1BD08C1-BC11-4E9B-9D13-A1C05F9FB325}

2011-06-07 11:37:25 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B039C87-8110-459D-BB3F-934064577CB8}

2011-06-06 23:37:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{E6DF70DA-5348-468C-A067-07ECA822F3E0}

2011-06-06 11:36:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6D8CBCC8-6849-4C97-9F30-CDA0FBCF832B}

2011-06-05 22:54:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3E44E35D-346E-40D3-9421-A5757CA9289B}

2011-06-05 10:54:12 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{03AC6780-F594-4C44-8BB8-3BAAC75E3BA4}

2011-06-05 01:09:41 -------- d-----w- C:\Users\Clarita Maia\recovered

2011-06-04 22:40:26 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5748731C-7A18-4E9C-8C20-BD05626D9869}

2011-06-04 10:40:02 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D8472D72-2400-4739-B8E0-112B14A0DAD4}

2011-06-03 22:26:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{2E11BF66-C253-489C-AC65-B893D2BAF295}

2011-06-03 10:26:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4FF16397-9B1A-4232-93E8-20B5FA1897D0}

2011-06-02 12:09:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{27E095FA-DB9F-4711-AC89-693B3F8BBB6F}

2011-06-01 22:54:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{EEFE75E2-BFF7-48DB-AC77-3F6BC1AAAAB3}

2011-06-01 10:53:35 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{26D584BF-7AA4-47C0-A4BF-7E213A6E048B}

2011-05-31 22:53:08 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{13F8E24F-1E7D-4838-A8F2-1E9FBF64586C}

2011-05-31 17:39:27 -------- d-----w- C:\ProcAlyzer Dumps

2011-05-31 17:24:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2011-05-31 15:01:39 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-05-31 10:39:41 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4CA711DB-2670-430F-B957-44043B17DCDD}

2011-05-30 14:08:59 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{61635730-BA97-4B01-A612-A5615C41079F}

2011-05-29 23:31:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6E2BE3AD-7352-47F2-8DBF-8997EE86B409}

2011-05-29 01:06:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C6B9BE4-0BDB-45F6-AE50-C5F7A10D69A1}

2011-05-28 11:01:47 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{C5FDCAEF-FBF5-4DD7-9E18-D8AFA280FE4B}

2011-05-27 22:49:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{B321D025-DA65-4B2E-BC79-5A210FCC1D38}

2011-05-27 10:49:28 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5F161FD6-5BB1-4E52-BF61-2F71ADB703D4}

2011-05-26 22:49:03 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{00B6BA41-FCB1-41C7-A455-2DD30BC420D7}

2011-05-26 10:48:38 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3DF1335C-FB02-42CD-AE26-D452C9752159}

2011-05-25 16:07:46 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{C27C835B-FC52-445D-B015-7C7BC87095AC}

.

==================== Find3M ====================

.

2011-06-23 16:22:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-03 19:33:46 2854504 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-05-02 21:03:32 88680 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-05-02 18:28:04 1004544 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-20 17:34:30 3049064 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-04-20 17:34:30 2393192 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-04-20 14:14:40 46600 ----a-w- C:\Windows\SysWow64\drivers\GbpKm.sys

2011-04-18 21:50:00 2601816 ----a-w- C:\Windows\System32\WavesGUILib.dll

2011-04-18 21:50:00 2238296 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll

2011-04-15 19:00:36 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-04-08 02:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-04-08 02:19:16 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-04-08 02:19:16 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-04-08 02:19:14 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll

2011-04-08 02:19:06 6338152 ----a-w- C:\Windows\System32\nvcpl.dll

2011-04-08 02:18:42 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-03-28 17:46:40 146568 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

.

============= FINISH: 12:31:35,89 ===============

protection-log-2011-06-24.txt

attach.zip

screen317 · June 27, 2011

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

dreamhouse · June 28, 2011

Hi screen317,

So you´re the brave one to undertake SUCH a task! Thank you so!

But there were things I did not specify in my original post that I have to tell you now. I had alreadty done a Combofix cleanup before posting, out of despair (and it really messed up somethings: Java uninstalled, my SendBlaster program had to be reinstalled, etc.). Before that I used several online scanners for my computer and ALL my installed programs: Microsoft Security Essentials, Malwarebytes, System Protector (from Advanced System Optimizer), went over again and again the files in my server, etc. I changed ALL my passwords, including email, went over my database and checked, uninstalled all p2p applications, etc. Finally I found a little script online from a generous security geek and when searching my index.html page found the LAST of the malicious scripts. I removed it and here is what happened. The "attack page" banner from firefox was finally removed after I had asked for MANY revisions, that liberated my site for very short periods. But finally since yesterday the site is on and without ANY more restrictions to it by Google. And there are no more popups from Malwarebytes.

BUT NOW the problem changed. Yesterday when Google finally liberated my site from the flagging.everything cleared in Firefix, but NOT IE9. When I entered my site with the www IE would load normally and no popups from Malwarebytes BUT if I entered the plain address without the www, THEN it would take ages to load and the Malwarebytes popup would pop and only after some 50 seconds to 1 minute the site would load. Well, today the two addressess (with and without www) load pretty fast in IE9 and without the Malwarebytes popup BUT the program crashes and gives out the message IE stoped working. My guess is that the outgoing file is, of course, still inside somewhere in my computer and is triggered by the iexplore process. So now can you please help me locate this file (if this is even the case)???? I am sending you the Malwarebytes quick scan result ( I am apalled to see it had these infections still) as you asked. Also sending the new Combofix.txt and a new DDS done just now, ok? It´s weird and I just read the DDS log that says that there are no restore points in my machine....WOW, I thought Combofix was supposed to haver done just that before it ran....something is wrong!!!

I posted all logs because you did not specify if you wanted any logs attached. I thank you in advance for your help, my friend!

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6963

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

27/06/2011 19:30:17

mbam-log-2011-06-27 (19-30-17).txt

Scan type: Quick scan

Objects scanned: 191511

Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-06-27.01 - Clarita Maia 27/06/2011 20:07:32.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4096.2671 [GMT -3:00]

Executando de: c:\users\Clarita Maia\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 204 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Windows\Start Menu\Internet Explorer.lnk

c:\windows\SysWow64\MailBee.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))

.

2011-06-27 23:17 . 2011-06-27 23:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-06-27 23:17 . 2011-06-27 23:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-06-27 23:17 . 2011-06-27 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-27 22:57 . 2011-06-27 23:06 -------- d-----w- C:\32788R22FWJFW

2011-06-27 15:46 . 2011-06-27 15:46 -------- d-----w- c:\users\Clarita Maia\dwhelper

2011-06-27 15:40 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18E05442-5BFF-4D32-B91C-99E084C2D56C}\mpengine.dll

2011-06-27 13:46 . 2011-06-27 13:46 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-27 13:46 . 2011-06-27 13:46 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-27 12:39 . 2011-06-27 12:39 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{4348F952-06D9-4A05-9582-0406A7E1992F}

2011-06-27 00:19 . 2011-06-27 00:19 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{6E5B2F3A-F553-43E7-ADCB-0533FA26E898}

2011-06-26 16:03 . 2011-06-13 12:06 46624 ----a-w- c:\windows\SysWow64\drivers\GbpKm.sys

2011-06-26 12:18 . 2011-06-26 12:18 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{4958ABF6-A8D0-4ED6-BDCF-C3C29B27AE78}

2011-06-25 23:54 . 2011-06-25 23:54 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{9CFC643E-CB4C-48F6-B421-5B94808487D9}

2011-06-25 21:49 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-06-25 21:49 . 2011-06-26 01:04 -------- d-----w- c:\program files (x86)\SpywareBlaster

2011-06-25 17:19 . 2011-06-25 17:22 -------- d-----w- c:\program files\Unlocker

2011-06-25 14:59 . 2011-06-25 14:59 -------- d-----w- c:\program files (x86)\ESET

2011-06-25 11:54 . 2011-06-25 11:54 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{8674AC19-AB7C-4885-B3AD-2C3D73426736}

2011-06-25 11:47 . 2011-06-25 11:47 -------- d-----w- c:\users\Clarita Maia\AppData\Roaming\Malwarebytes

2011-06-25 11:46 . 2011-05-29 12:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-25 11:46 . 2011-06-25 11:46 -------- d-----w- c:\programdata\Malwarebytes

2011-06-25 11:46 . 2011-06-25 11:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-25 11:46 . 2011-05-29 12:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 16:41 . 2011-06-24 16:41 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{8E0286DF-986E-4651-9766-B3C3C782FC68}

2011-06-24 01:37 . 2011-06-24 01:37 -------- d-----w- c:\users\Clarita Maia\AppData\Roaming\TortoiseSVN

2011-06-24 01:16 . 2011-06-24 01:16 -------- d-----w- c:\program files\TortoiseSVN

2011-06-24 01:16 . 2011-06-24 01:16 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2011-06-23 16:22 . 2011-06-23 16:22 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{8AB4CE45-6C1F-4633-BC24-D0DF08F22060}

2011-06-23 02:44 . 2011-06-23 02:45 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{16DE3943-53A0-4BF0-B8E8-68CE2F1A44EE}

2011-06-15 23:16 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-15 23:16 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-15 23:16 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-15 23:16 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 23:16 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 23:11 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-06-15 23:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-15 23:11 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-06-15 23:11 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 23:11 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 23:11 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 23:06 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 23:06 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-15 23:06 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 23:06 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-15 20:51 . 2011-06-15 20:52 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{5319DC61-6ABF-42D0-9D1E-C24F97B6BA49}

2011-06-15 20:50 . 2011-06-15 20:50 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{3001CB78-0D6B-4EF4-B645-FD03DD9B0AFB}

2011-06-15 20:41 . 2011-06-15 20:41 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{6B8D89D8-C8F9-41C2-905A-66588FA12B54}

2011-06-15 20:40 . 2011-06-15 20:40 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{7D2D9CD0-0EFD-4D47-934A-576A5F077A20}

2011-06-15 20:39 . 2011-06-15 20:39 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{1C817F30-7EB6-47E2-AAE0-3068FDE3340B}

2011-06-15 20:31 . 2011-06-15 20:31 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{8C8F85C5-9873-48E9-832E-4C34A3FC760D}

2011-06-15 20:30 . 2011-06-15 20:30 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{1D89F89E-7441-41A4-B6ED-5C9C2AACC6C3}

2011-06-15 20:29 . 2011-06-15 20:29 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{53137FC6-4FA8-4EA7-9D03-0C01F2874FFA}

2011-06-08 10:29 . 2011-06-08 10:29 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{D1BD08C1-BC11-4E9B-9D13-A1C05F9FB325}

2011-06-07 11:37 . 2011-06-07 11:37 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{6B039C87-8110-459D-BB3F-934064577CB8}

2011-06-06 23:37 . 2011-06-06 23:37 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{E6DF70DA-5348-468C-A067-07ECA822F3E0}

2011-06-06 15:55 . 2011-06-06 15:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-06 11:36 . 2011-06-06 11:36 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{6D8CBCC8-6849-4C97-9F30-CDA0FBCF832B}

2011-06-05 22:54 . 2011-06-05 22:54 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{3E44E35D-346E-40D3-9421-A5757CA9289B}

2011-06-05 10:54 . 2011-06-05 10:54 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{03AC6780-F594-4C44-8BB8-3BAAC75E3BA4}

2011-06-05 01:09 . 2011-06-05 01:09 -------- d-----w- c:\users\Clarita Maia\recovered

2011-06-04 22:40 . 2011-06-04 22:40 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{5748731C-7A18-4E9C-8C20-BD05626D9869}

2011-06-04 10:40 . 2011-06-04 10:40 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{D8472D72-2400-4739-B8E0-112B14A0DAD4}

2011-06-03 22:26 . 2011-06-03 22:27 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{2E11BF66-C253-489C-AC65-B893D2BAF295}

2011-06-03 10:26 . 2011-06-03 10:26 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{4FF16397-9B1A-4232-93E8-20B5FA1897D0}

2011-06-02 12:09 . 2011-06-02 12:09 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{27E095FA-DB9F-4711-AC89-693B3F8BBB6F}

2011-06-01 22:54 . 2011-06-01 22:54 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{EEFE75E2-BFF7-48DB-AC77-3F6BC1AAAAB3}

2011-06-01 10:53 . 2011-06-01 10:53 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{26D584BF-7AA4-47C0-A4BF-7E213A6E048B}

2011-05-31 22:53 . 2011-05-31 22:53 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{13F8E24F-1E7D-4838-A8F2-1E9FBF64586C}

2011-05-31 17:39 . 2011-05-31 17:39 -------- d-----w- C:\ProcAlyzer Dumps

2011-05-31 17:24 . 2011-05-31 18:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2011-05-31 15:01 . 2011-05-31 15:04 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-31 10:39 . 2011-05-31 10:39 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{4CA711DB-2670-430F-B957-44043B17DCDD}

2011-05-30 14:08 . 2011-05-30 14:09 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{61635730-BA97-4B01-A612-A5615C41079F}

2011-05-29 23:31 . 2011-05-29 23:31 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{6E2BE3AD-7352-47F2-8DBF-8997EE86B409}

2011-05-29 01:06 . 2011-05-29 01:06 -------- d-----w- c:\users\Clarita Maia\AppData\Local\{1C6B9BE4-0BDB-45F6-AE50-C5F7A10D69A1}

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-26 19:13 . 2010-05-17 02:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-26 15:35 . 2011-03-05 13:46 2412 ----a-w- c:\windows\system32\ASOROSet.bin

2011-06-23 16:22 . 2011-05-20 14:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-07 17:10 . 2009-11-07 18:48 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-25 07:25 . 2011-04-08 02:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-05-25 07:25 . 2011-04-08 02:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-05-25 07:25 . 2011-04-08 02:18 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-05-25 07:25 . 2010-07-09 18:27 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-05-25 07:25 . 2011-04-08 02:19 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-25 07:25 . 2011-04-08 02:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-25 07:25 . 2011-04-08 02:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-05-25 07:25 . 2010-07-10 07:38 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-05-25 07:25 . 2010-07-10 07:38 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-05-25 07:25 . 2010-07-10 07:38 2644584 ----a-w- c:\windows\system32\nvapi64.dll

2011-05-03 19:33 . 2011-05-22 22:12 2854504 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-05-02 21:03 . 2011-05-22 22:12 88680 ----a-w- c:\windows\system32\RCoInst64.dll

2011-05-02 18:28 . 2011-05-22 22:12 1004544 ----a-w- c:\windows\system32\RCoRes64.dat

2011-04-22 22:15 . 2011-05-25 10:19 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-20 17:34 . 2011-05-22 22:12 2393192 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-04-20 17:34 . 2011-05-22 22:12 3049064 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-04-18 21:50 . 2011-05-22 22:12 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll

2011-04-18 21:50 . 2011-05-22 22:12 2238296 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll

2011-04-15 19:00 . 2011-05-22 22:26 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-09 07:02 . 2011-05-10 23:13 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 12:05 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-10 23:13 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-10 23:13 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 12:05 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-08 05:14 . 2011-05-22 23:49 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll

2011-04-08 05:14 . 2011-05-22 23:49 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"network indicator"="c:\program files (x86)\network-indicator\NetworkIndicator.exe" [2009-11-19 139264]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-02-09 16184]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-06-13 12:03 1412896 ------w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\n:\0pdboot.exe\0autocheck autochk *\0sasnative64

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A28E.tmp [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-10-05 263480]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-06-13 169760]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 17:59]

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 17:59]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: + Offline &Explorer: Download the link - file://c:\program files (x86)\Offline Explorer Enterprise\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\program files (x86)\Offline Explorer Enterprise\Add_AllO.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Barra de Ferramentas do RF - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Personalizar Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Preencher - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Salvar Formulários - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\

FF - prefs.js: browser.search.selectedEngine - IMDB

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 0

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKLM-Run-VMSnap3 - c:\windows\VMSnap3.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A28E.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-47226902-3634177583-4091192680-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B55426BA-5197-14EC-5AEE-A6FAED9699C8}*]

"makgecpiendcgjpgkmfncolehb"=hex:6f,61,6a,6a,64,6c,6e,6c,6d,6d,6e,68,66,65,6c,

64,6c,62,6b,64,61,68,62,64,63,6a,67,6c,69,61,00,62

"abjhnclmidpcpoaomeoljclcacjcjaamlh"=hex:70,61,6c,67,64,66,6b,66,68,66,6d,62,

6c,63,66,64,68,66,6b,63,69,68,6b,66,6c,6d,70,70,6d,65,65,62,00,00

.

[HKEY_USERS\S-1-5-21-47226902-3634177583-4091192680-1001_Classes\Wow6432Node\CLSID\{6285882e-60eb-45a3-8bb8-4c528624640b}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000ae

"Therad"=dword:00000009

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_USERS\S-1-5-21-47226902-3634177583-4091192680-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):5a,7b,c3,10,8c,20,99,19,b7,48,1d,9d,bd,ff,de,4e,93,9e,61,29,38,

50,f1,22,52,48,50,a0,57,85,78,6a,0e,4b,87,a3,c4,d0,91,79,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Advanced System Optimizer 3\SystemProtector.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-06-27 20:38:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-06-27 23:38

.

Pré-execução: 1.412.952.064 bytes disponíveis

Pós execução: 1.149.181.952 bytes disponíveis

.

- - End Of File - - 57FA05EEA937A08C75ADE570D25B4332

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Clarita Maia at 21:29:51 on 2011-06-27

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4096.2312 [GMT -3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\network-indicator\NetworkIndicator.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup