Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My IE opens by itself


  • This topic is locked This topic is locked
4 replies to this topic

#1 fmansur

fmansur

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 26 March 2011 - 03:48 PM

Hello,

I have IE version 8.0, Windows XP, and when I turn my computer, the IE runs by itself. I does not open random pages, always opens google, but it freezes and I can´t close it.

I scaned my computer with avira and trendscan antivirus, the avira had found a VB.banker.psa, but the problem continues after removing this malware.

Here is the DDS log.

Thanks for the help.

Fábio Mansur

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by fabiobm at 11:40:35,37 on s b 26/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1003 [GMT -3:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro OfficeScan Antivirus *Enabled/Outdated* {E841F2E3-C793-40F8-B6B8-FB279D60C1E1}
AV: Trend Micro OfficeScan Antivirus *Enabled/Outdated* {B93EE760-86A6-4FA6-B626-4F7066DDC280}
.
============== Running Processes ===============
.
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Arquivos de programas\Aker\Aker Client\acservice.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\NEC\DtermSP30\PriorityPolicer.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe
C:\Arquivos de programas\Citrix\Secure Access Client\nsverctl.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Arquivos de programas\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Arquivos de programas\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Arquivos de programas\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\BO112E.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe
C:\Arquivos de programas\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe
C:\Arquivos de programas\Dell\QuickSet\quickset.exe
C:\Arquivos de programas\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Arquivos de programas\Wave Systems Corp\SecureUpgrade.exe
C:\Arquivos de programas\DellTPad\ApMsgFwd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Arquivos de programas\DellTPad\HidFind.exe
C:\Arquivos de programas\DellTPad\Apntex.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Arquivos de programas\Aker\Aker Client\akerclient.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Windows\system32\iqc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Citrix\Secure Access Client\nsload.exe
C:\Arquivos de programas\Citrix\ICA Client\PNAMAIN.EXE
C:\ProgramData\Windows\Tasks\twunk_16.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe
C:\Arquivos de programas\Vivo 3G\CMUpdater.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
D:\Fabiobm\Utils\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080201
uSearch Page = hxxp://www.google.com.br/hws/sb/dell-row-rel/pt-BR/side.html?channel=br
uDefault_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=2080201
uSearch Bar = hxxp://www.google.com.br/hws/sb/dell-row-rel/pt-BR/side.html?channel=br
uWindow Title = Microsoft Internet Explorer provided by Ci&T Software S/A
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
mSearchAssistant = hxxp://www.google.com.br/hws/sb/dell-row-rel/pt-BR/side.html?channel=br
mURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe csrcs.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Media Player Sharing Plugin: {680b7c05-0629-433e-87de-6fbb75087c13} - c:\programdata\windows\nporbit.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\arquiv~1\gbplugin\gbiehAbn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: TwebstBHO Class: {f533e300-85e2-46fa-9cd9-5358bf11ee42} - c:\programdata\codecentrix\twebst\TwebstBHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [iqc] c:\windows\system32\iqc.exe
uRun: [Google Update] "c:\documents and settings\fabiobm.cit\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\arquivos de programas\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\arquivos de programas\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\arquivos de programas\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\arquivos de programas\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\arquivos de programas\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\arquivos de programas\wave systems corp\SecureUpgrade.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\arquivos de programas\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [WinVNC] "c:\arquivos de programas\realvnc\winvnc\WinVNC.exe" -servicehelper
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OfficeScanNT Monitor] "c:\arquivos de programas\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AkerClient] c:\arquivos de programas\aker\aker client\\akerclient.exe
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\arquivos de programas\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\arquivos de programas\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [iqc] c:\windows\system32\iqc.exe
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRunServices: [csrcs] c:\windows\system32\csrcs.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\citrix~2.lnk - c:\arquivos de programas\citrix\secure access client\nsload.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\citrix~1.lnk - c:\windows\installer\{388c130b-0079-46b4-a0d5-dc2dd7a89a7b}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bancoreal.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: secureweb.com.br\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244309614250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244309598093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
TCP: {CCFD6224-5B79-4B4C-9F9D-26CE6B973BD7} = 200.220.227.56 200.142.132.32
TCP: {F5A002AA-C2A8-4DA7-8EEF-39D5111E85C8} = 172.16.24.5,172.16.22.22,172.16.22.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: GbPluginAbn - c:\arquiv~1\gbplugin\gbiehAbn.dll
Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: gemsafe - c:\arquivos de programas\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\arquiv~1\gbplugin\gbiehAbn.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 10.19.145.49 jbtbdsvsr009
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2009-4-6 47512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-24 28552]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2011-3-26 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-23 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-23 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-23 243024]
R2 acservice;Aker Client Service;c:\arquivos de programas\aker\aker client\acservice.exe [2008-4-23 470744]
R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-3-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-3-26 267944]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\arquivos de programas\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-26 61960]
R2 cag;Citrix cag plugin for Access Gateway;c:\arquivos de programas\arquivos comuns\deterministic networks\common files\cag.sys [2010-3-8 81024]
R2 DtermSP.PriorityPolicer;NEC DtermSP Priority Policer;c:\arquivos de programas\nec\dtermsp30\PriorityPolicer.exe [2009-4-16 114688]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-4-6 55576]
R2 nsverctl;Citrix Secure Access Client Service;c:\arquivos de programas\citrix\secure access client\nsverctl.exe [2010-3-12 151504]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\arquivos de programas\ocs inventory agent\OcsService.exe [2009-10-27 69632]
R2 TmFilter;Trend Micro Filter;c:\arquivos de programas\trend micro\officescan client\tmxpflt.sys [2008-6-26 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\arquivos de programas\trend micro\officescan client\tmpreflt.sys [2008-6-26 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-9-8 5120]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [2010-3-12 41624]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S2 Aker_Client_Auth;Aker Authentication Client;"c:\arquivos de programas\aker\cliente de autenticação\authc.exe" --> c:\arquivos de programas\aker\cliente de autenticação\Authc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\arquivos de programas\avg\avg9\avgwdsvc.exe" --> c:\arquivos de programas\avg\avg9\avgwdsvc.exe [?]
S2 OracleDBConsolebaseloca;OracleDBConsolebaseloca;c:\orabd_dez\product\10.2.0\db_1\bin\nmesrvc.exe [2008-12-31 24064]
S2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\orabd_dez\product\10.2.0\db_1\bin\tnslsnr --> c:\orabd_dez\product\10.2.0\db_1\bin\TNSLSNR [?]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-9-8 14336]
S3 akertap;Aker Tap Driver;c:\windows\system32\drivers\akertap.sys [2003-3-14 13720]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\arquivos de programas\avg\avg9\toolbar\toolbarbroker.exe --> c:\arquivos de programas\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [2009-10-5 104960]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [2009-10-5 104960]
S3 HSPADataCardusbser6k;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser6k.sys [2009-10-5 104960]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-3-7 100480]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 OracleClientCache80;OracleClientCache80;c:\ora_disc\bin\ONRSD80.EXE [2007-12-10 144896]
S3 OracleDEVELOPER_HOMEClientCache80;OracleDEVELOPER_HOMEClientCache80;c:\oracle\ora_dev\bin\ONRSD80.EXE [2002-10-18 101136]
S3 sith_bus;SIT HYBRID USB Composite Device;c:\windows\system32\drivers\sith_bus.sys [2007-4-29 22144]
S3 sith_flt;SIT Hybrid USB Filter Service;c:\windows\system32\drivers\sith_flt.sys [2007-4-29 4224]
S3 sith_mdm;SIT HYBRID Modem;c:\windows\system32\drivers\sith_mdm.sys [2007-8-2 39936]
S3 sith_prt;SIT HYBRID Status;c:\windows\system32\drivers\sith_prt.sys [2007-8-2 38912]
S3 TmProxy;OfficeScan NT Proxy Service;c:\arquivos de programas\trend micro\officescan client\TmProxy.exe [2008-6-26 575064]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2009-9-11 98432]
.
=============== Created Last 30 ================
.
2011-03-26 04:03:45 -------- d-----w- c:\windows\system32\NtmsData
2011-03-26 04:03:06 -------- d-----w- c:\docume~1\fabiobm.cit\dadosd~1\Avira
2011-03-26 03:59:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-26 03:59:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Avira
2011-03-26 03:59:22 -------- d-----w- c:\arquivos de programas\Avira
2011-03-26 03:36:20 -------- d-----w- C:\HijackThis
2011-03-26 02:12:06 -------- d-----w- c:\docume~1\fabiobm.cit\config~1\dadosd~1\Deployment
2011-03-25 02:56:55 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-25 02:56:33 -------- d-----w- c:\arquivos de programas\Panda Security
2011-03-22 13:56:31 -------- d-----r- c:\arquivos de programas\Skype
2011-03-22 13:38:21 -------- d-----w- c:\arquivos de programas\CCleaner
2011-03-16 01:50:33 -------- d-----w- c:\arquivos de programas\Rising Research
2011-03-15 04:27:29 -------- d-----w- c:\documents and settings\fabiobm.cit\Tracing
2011-03-15 04:25:57 -------- d-----w- c:\arquivos de programas\Microsoft
2011-03-15 04:25:32 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2011-03-15 04:19:40 -------- d-----w- c:\arquivos de programas\arquivos comuns\Windows Live
2011-03-15 04:17:45 -------- d-----w- C:\ProgramData
2011-03-15 04:17:42 40960 ----a-w- c:\windows\system32\Project1.exe
2011-03-15 04:17:41 49152 ----a-w- c:\windows\system32\iqc.exe
2011-03-10 02:16:53 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-10 02:14:00 -------- d-----w- c:\docume~1\fabiobm.cit\dadosd~1\PriceGong
2011-03-10 01:57:19 -------- d-----w- c:\docume~1\fabiobm.cit\config~1\dadosd~1\Temp
2011-03-10 01:54:40 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\2DBoy
2011-03-10 01:54:23 -------- d-----w- c:\arquivos de programas\WorldOfGooDemo
2011-03-08 02:28:52 -------- d-----w- c:\arquivos de programas\URUSoft
2011-03-08 02:21:23 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-03-08 02:21:23 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-03-08 02:21:23 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-03-08 02:21:23 100480 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-03-08 02:20:35 -------- d-----w- c:\arquivos de programas\VIVO INTERNET
2011-03-07 01:04:10 -------- d-sh--w- c:\documents and settings\fabiobm.cit\IECompatCache
2011-03-02 00:24:14 -------- d-----w- c:\docume~1\fabiobm.cit\dadosd~1\Kingston
2011-02-26 02:36:38 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-25 17:57:50 -------- d-----w- c:\docume~1\fabiobm.cit\dadosd~1\JGsoft
2011-02-25 17:56:07 -------- d-----w- c:\arquivos de programas\XMind
2011-02-25 17:45:13 -------- d-----w- c:\docume~1\fabiobm.cit\config~1\dadosd~1\PCHealth
2011-02-24 21:33:15 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-02-24 21:31:24 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-02-24 21:23:36 -------- d-----w- c:\docume~1\fabiobm.cit\dadosd~1\ICAClient
.
==================== Find3M ====================
.
2011-02-09 13:53:27 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:12 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:03:37 1855104 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:41:44,42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:02 AM

Posted 27 March 2011 - 02:54 AM

Hi,

I notice from your log that there's more than 1 Antivirus installed. Avira and TrendMicro
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Also, before performing a scan with your Antivirus, always make sure it's up to date, because I see your Avira & trendmicro are both outdated and not even enabled.

Anyway, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 fmansur

fmansur
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 06 April 2011 - 11:28 AM

Hi, I kept only the trend antivirus, I usualy use only this one, I had installed the AVG also just for testing. It says in the report it´s outdated, but only for a couple of days.

I also ran CCleaner to remove temporary files and register "garbage", and the Malwarebytes' Anti-Malware. It found nothing and the problem persists.

Here is the gmer log and attached are the DDS files.

Thanks for the help.

Fábio Mansur

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-06 13:12:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHZ2080BH_G2 rev.00850009
Running: gmer.exe; Driver: C:\DOCUME~1\fabiobm.CIT\CONFIG~1\Temp\ffdyypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\fabiobm.CIT\CONFIG~1\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[1300] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 0142E810 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)
.text C:\WINDOWS\system32\winlogon.exe[1300] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 0142E6B0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A86B70 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 00AB3A70 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!GetKeyState 7E379ED9 5 Bytes JMP 00A86E30 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!GetAsyncKeyState 7E37A78F 5 Bytes JMP 00A87240 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!GetKeyboardState 7E37D226 5 Bytes JMP 00A87030 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A86AF0 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\DellTPad\Apoint.exe[2968] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 00AB3AA0 C:\ARQUIV~1\GbPlugin\gbiehAbn.dll (Gbieh Module/Banco Real)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40505092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40505092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40505092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[4248] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 405053B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40505092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5408] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 405053B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40374666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 40504FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40504E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40505092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 4040DBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[5544] ole32.dll!OleLoadFromStream 7750981B 5 Bytes JMP 405053B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:02 AM

Posted 06 April 2011 - 01:31 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Edited by miekiemoes, 06 April 2011 - 01:32 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:02 AM

Posted 14 April 2011 - 03:58 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users