Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Keeps redirecting


  • This topic is locked This topic is locked
28 replies to this topic

#1 yahfz

yahfz

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 29 April 2014 - 02:34 AM

Hi, first of all thank you
When i go to facebook it redirects me back to google, some pages won't work, this might be DNS infected right?
I did some runs to show you guys my log. 




DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16545
Run by Yahfz at 4:26:44 on 2014-04-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4095.2634 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ExitLag\ExitLag.exe
C:\Program Files (x86)\ExitLag\ss5capengine_exitlag.exe
C:\Program Files (x86)\ExitLag\networktunnelx64helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
mSearch Page = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://go.microsoft.com
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: %SystemRoot%\system32\networkdlllsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 186.216.64.5 189.91.0.15
TCP: Interfaces\{D0BEBC8E-7E2D-4DCF-949E-084487E6297F} : DHCPNameServer = 186.216.64.5 189.91.0.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-12 40392]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-4-16 14448]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-17 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-28 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-4-28 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-28 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-28 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-22 1255736]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-4-15 2227536]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-8 377616]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-4-17 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-4-17 701512]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-12 1617352]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-12 20542408]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-4-12 413128]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-25 4972864]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-29 05:48:57 427376 ----a-w- C:\Windows\SysWow64\networkdlllsp.dll
2014-04-29 03:25:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-29 03:07:19 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-04-29 03:07:03 -------- d-----w- C:\AdwCleaner
2014-04-29 03:04:17 -------- d-----w- C:\Windows\System32\appmgmt
2014-04-28 23:51:39 -------- d-----w- C:\Users\Yahfz\AppData\Local\ElevatedDiagnostics
2014-04-28 20:19:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-04-28 20:19:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-28 20:08:08 388096 ----a-r- C:\Users\Yahfz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-04-28 20:08:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-04-28 17:26:12 -------- d-----w- C:\Users\Yahfz\AppData\Local\Sony
2014-04-28 17:26:12 -------- d-----w- C:\Program Files\Sony
2014-04-28 09:30:40 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-28 09:14:01 -------- d-----w- C:\Windows\Migration
2014-04-28 08:56:28 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui
2014-04-28 08:51:45 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-04-28 08:51:45 29696 ----a-w- C:\Windows\System32\drivers\terminpt.sys
2014-04-28 08:51:45 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-04-28 08:51:45 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-28 08:51:44 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-04-28 08:51:44 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-04-28 08:51:44 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-04-28 08:51:44 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-04-28 08:34:26 -------- d-----w- C:\Windows\System32\MRT
2014-04-28 08:07:53 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-04-28 08:06:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-04-28 08:06:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-04-28 08:06:02 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-04-28 08:06:02 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-04-28 08:06:01 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-04-28 08:06:01 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-04-28 08:06:00 484864 ----a-w- C:\Windows\System32\wer.dll
2014-04-28 08:06:00 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-04-28 08:06:00 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-04-28 08:04:43 3159552 ----a-w- C:\Windows\System32\win32k.sys
2014-04-28 08:04:31 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-04-28 08:04:31 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-04-28 08:04:31 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-04-28 08:04:30 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-04-28 08:04:30 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-04-28 08:04:30 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-04-28 08:04:30 1684416 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-28 08:04:07 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-04-28 08:04:07 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-28 08:04:07 1897408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-28 08:03:50 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-04-28 08:03:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-04-28 08:03:26 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-04-28 08:03:26 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-28 07:51:17 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0A697CA-285D-4C38-A008-B53437A7953A}\mpengine.dll
2014-04-28 07:48:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-04-28 07:48:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-04-28 07:48:15 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-04-28 07:48:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-04-28 01:02:46 -------- d-----w- C:\Program Files (x86)\osu!
2014-04-26 19:24:56 -------- d-----w- C:\ProgramData\GridinSoft
2014-04-26 09:19:35 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\TS3Client
2014-04-26 09:19:33 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-04-26 03:56:08 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\DarkSoulsII
2014-04-25 09:16:40 -------- d-----w- C:\Program Files\OBS
2014-04-25 09:16:39 -------- d-----w- C:\Program Files (x86)\OBS
2014-04-25 09:11:53 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\OBS
2014-04-25 07:22:11 -------- d-----w- C:\Users\Yahfz\AppData\Local\LogMeIn Hamachi
2014-04-25 07:22:11 -------- d-----w- C:\Users\Yahfz\AppData\Local\LogMeIn
2014-04-25 07:22:11 -------- d-----w- C:\ProgramData\LogMeIn
2014-04-25 07:21:57 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-04-25 07:19:44 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\.minecraft
2014-04-25 04:38:55 -------- d-----w- C:\Users\Yahfz\AppData\Local\Unity
2014-04-25 04:15:27 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-04-23 00:59:52 15584 ----a-w- C:\Users\Yahfz\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2014-04-23 00:58:17 -------- d-sh--w- C:\ProgramData\SecuROM
2014-04-23 00:57:25 -------- d-----w- C:\Users\Yahfz\AppData\Local\Rockstar Games
2014-04-23 00:57:20 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2014-04-23 00:56:58 -------- d-----w- C:\Windows\SysWow64\xlive
2014-04-23 00:56:58 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-20 15:34:11 -------- d-----w- C:\Users\Yahfz\AppData\Local\Blizzard
2014-04-20 15:06:51 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-04-20 07:18:07 -------- d-----w- C:\Fraps
2014-04-19 04:39:09 -------- d-----w- C:\Program Files (x86)\AP Tuner
2014-04-19 03:13:31 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-04-19 03:12:17 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\NVIDIA
2014-04-19 03:12:16 -------- d-----w- C:\Users\Yahfz\AppData\Local\Blizzard Entertainment
2014-04-19 03:12:10 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\Battle.net
2014-04-19 03:12:10 -------- d-----w- C:\Users\Yahfz\AppData\Local\Battle.net
2014-04-19 03:12:04 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-04-19 03:12:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-04-19 03:12:04 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-04-19 02:59:15 -------- d-----w- C:\ProgramData\Battle.net
2014-04-18 02:47:52 291296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-18 02:33:39 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2014-04-18 02:15:40 -------- d--h--w- C:\Windows\msdownld.tmp
2014-04-18 02:15:40 -------- d-----w- C:\Windows\SysWow64\directx
2014-04-18 02:15:32 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2014-04-17 22:26:28 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\Malwarebytes
2014-04-17 22:26:24 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-17 22:26:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-17 22:26:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-17 13:09:24 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\TeamViewer
2014-04-17 09:49:50 -------- d-----w- C:\Users\Yahfz\AppData\Local\PunkBuster
2014-04-17 07:33:37 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\MPC-HC
2014-04-17 05:43:56 -------- d-----w- C:\Users\Yahfz\AppData\Local\ESN
2014-04-17 05:31:41 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-04-17 05:31:40 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-04-17 05:31:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-04-17 05:31:06 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-17 05:31:06 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-17 05:30:52 -------- d-----w- C:\ProgramData\Package Cache
2014-04-17 04:32:15 -------- d-----w- C:\Program Files\CCleaner
2014-04-16 22:16:42 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2014-04-16 22:16:42 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2014-04-16 22:16:29 -------- d-----w- C:\ProgramData\Sony Mobile
2014-04-16 22:16:20 -------- d-----w- C:\Program Files (x86)\Sony Mobile
2014-04-16 22:13:36 -------- d-----w- C:\Program Files (x86)\Sony
2014-04-16 09:20:50 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-04-16 09:20:08 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\Origin
2014-04-16 09:20:07 -------- d-----w- C:\Users\Yahfz\AppData\Local\Origin
2014-04-16 09:15:51 -------- d-----w- C:\ProgramData\Origin
2014-04-16 09:15:50 -------- d-----w- C:\ProgramData\Electronic Arts
2014-04-16 09:15:39 -------- d-----w- C:\Program Files (x86)\Origin
2014-04-15 00:48:55 -------- d-----w- C:\Users\Yahfz\AppData\Local\TeamSpeak 3 Client
2014-04-14 07:52:27 -------- d-----w- C:\Warner Bros. Interactive Entertainment
2014-04-14 07:19:03 98816 ----a-w- C:\Windows\sed.exe
2014-04-14 07:19:03 256000 ----a-w- C:\Windows\PEV.exe
2014-04-14 07:19:03 208896 ----a-w- C:\Windows\MBR.exe
2014-04-14 01:49:22 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\LolClient
2014-04-13 21:12:47 -------- d-----w- C:\Users\Yahfz\AppData\Local\AAA_Internet_Publishing,_
2014-04-13 21:12:45 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL
2014-04-13 06:21:56 -------- d-----w- C:\Program Files (x86)\JDownloader
2014-04-13 06:19:57 -------- d-----w- C:\ProgramData\Oracle
2014-04-13 01:09:18 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\BitTorrent
2014-04-12 23:06:53 -------- d-----w- C:\Users\Yahfz\AppData\Local\Skype
2014-04-12 23:06:47 -------- d-----r- C:\Program Files (x86)\Skype
2014-04-12 18:19:00 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\NetworkTunnel
2014-04-12 18:14:29 -------- d-----w- C:\Program Files (x86)\ExitLag
2014-04-12 17:43:24 -------- d-----w- C:\ProgramData\Steam
2014-04-12 17:33:24 -------- d-----w- C:\Program Files (x86)\LEGO - The Hobbit
2014-04-12 17:33:12 -------- d-----w- C:\Users\Yahfz\AppData\Local\Programs
2014-04-12 17:24:23 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-04-12 17:24:23 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-04-12 17:24:22 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-04-12 17:24:05 -------- d-----w- C:\Riot Games
2014-04-12 17:23:18 -------- d-----w- C:\Users\Yahfz\AppData\Local\PMB Files
2014-04-12 17:23:18 -------- d-----w- C:\ProgramData\PMB Files
2014-04-12 17:23:16 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-04-12 17:22:55 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\Riot Games
2014-04-12 13:47:28 -------- d-----w- C:\Users\Yahfz\AppData\Local\Razer
2014-04-12 08:00:08 -------- d-----w- C:\Windows\Panther
2014-04-12 06:56:17 -------- d-----w- C:\Users\Yahfz\AppData\Local\Diagnostics
2014-04-12 04:43:56 -------- d-----w- C:\Users\Yahfz\AppData\Roaming\uTorrent
2014-04-12 03:34:54 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-04-12 03:34:54 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-04-12 03:34:54 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-04-12 03:34:54 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-04-12 03:34:53 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-04-12 03:34:53 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-04-12 03:34:45 -------- d-----w- C:\Users\Yahfz\AppData\Local\NVIDIA Corporation
2014-04-12 03:34:45 -------- d-----w- C:\Users\Yahfz\AppData\Local\NVIDIA
2014-04-12 03:34:44 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-12 03:34:44 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-12 03:33:55 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-04-12 03:33:34 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-04-12 03:33:34 6768584 ----a-w- C:\Windows\System32\nvcpl.dll
2014-04-12 03:33:34 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-04-12 03:33:34 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-04-12 03:33:34 3683457 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-04-12 03:33:34 3512664 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-04-12 03:33:28 60248 ----a-w- C:\Windows\System32\OpenCL.dll
2014-04-12 03:33:28 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-04-12 03:33:24 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-04-12 03:33:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-04-12 03:25:00 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-04-12 03:14:36 -------- d-----w- C:\Program Files (x86)\Steam
2014-04-12 03:14:36 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-04-12 03:12:00 -------- d-sh--w- C:\Windows\Installer
2014-04-12 03:09:22 -------- d-----w- C:\Windows\pss
2014-04-12 03:07:14 -------- d-----w- C:\Users\Yahfz\AppData\Local\Google
2014-04-12 03:07:02 -------- d-----w- C:\Users\Yahfz\AppData\Local\Deployment
2014-04-12 03:07:02 -------- d-----w- C:\Users\Yahfz\AppData\Local\Apps
.
==================== Find3M  ====================
.
2014-04-14 02:19:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-21 19:43:52 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-21 19:43:50 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-21 19:43:50 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-20 21:14:22 15453904 ----a-w- C:\Windows\SysWow64\xlive.dll
2014-02-20 21:14:20 13642960 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2014-02-04 02:37:55 191424 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:28:55 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:00:42 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
.
============= FINISH:  4:26:59,09 ===============


ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2014 00:05:12
System Uptime: 29/04/2014 00:10:12 (4 hours ago)
.
Motherboard: DIGITRON |  | G31T-M7
Processor: Intel® Core™2 Quad CPU    Q6600  @ 2.40GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 25,97 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP41: 28/04/2014 18:05:05 - Instalado ESET NOD32 Antivirus
RP42: 29/04/2014 00:03:59 - Removed Java 7 Update 51
RP43: 29/04/2014 00:06:41 - Installed Java 7 Update 55
RP44: 29/04/2014 01:22:04 - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP45: 29/04/2014 01:22:18 - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
.
==== Installed Programs ======================
.
AP Tuner 3.08
Atualizações da NVIDIA 12.4.55
Battle.net
Battlefield 4™
CCleaner
Dota 2
ESN Sonar
ExitLag
Fraps (remove only)
Google Chrome
Google Update Helper
Grand Theft Auto IV
Hearthstone
HiJackThis
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MSVCRT Redists
NVIDIA Driver de controle do 3D Vision 337.50
NVIDIA Driver de gráficos 337.50
NVIDIA Driver de áudio HD 1.3.30.1
NVIDIA Driver do 3D Vision 337.50
NVIDIA GeForce Experience 2.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA ShadowPlay 12.4.55
NVIDIA Software do sistema PhysX 9.13.1220
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.22
Open Broadcaster Software
Origin
osu!
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
Painel de controle da NVIDIA 337.50
Pando Media Booster
PunkBuster Services
Razer Synapse 2.0
SHIELD Streaming
Skype™ 6.14
Spybot - Search & Destroy
Steam
TeamSpeak 3 Client
TeamViewer 9
Unity Web Player
Vegas Pro 12.0 (64-bit)
Windows Live ID Sign-in Assistant
WinRAR 5.10 beta 2 (64-bit)
.
==== End Of File ===========================

ComboFIX: 
ComboFix 14-04-26.01 - Yahfz 29/04/2014   0:20.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4095.2631 [GMT -3:00]
Executando de: c:\users\Yahfz\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\networkdlllsp.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-28 to 2014-04-29  ))))))))))))))))))))))))))))
.
.
2014-04-29 03:23 . 2014-04-29 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-29 03:07 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-29 03:07 . 2014-04-29 03:09 -------- d-----w- C:\AdwCleaner
2014-04-29 03:04 . 2014-04-29 03:04 -------- d-----w- c:\windows\system32\appmgmt
2014-04-28 20:19 . 2014-04-28 22:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-28 20:19 . 2014-04-28 20:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-04-28 20:08 . 2014-04-28 20:08 -------- d-----w- c:\program files (x86)\Trend Micro
2014-04-28 17:26 . 2014-04-28 17:26 -------- d-----w- c:\program files\Sony
2014-04-28 09:30 . 2014-04-28 09:30 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 09:14 . 2014-04-28 09:14 -------- d-----w- c:\windows\Migration
2014-04-28 08:56 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2014-04-28 08:51 . 2012-08-23 14:12 29696 ----a-w- c:\windows\system32\drivers\terminpt.sys
2014-04-28 08:51 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-28 08:51 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-28 08:51 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-28 08:51 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-28 08:51 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-28 08:34 . 2014-04-28 08:35 -------- d-----w- c:\windows\system32\MRT
2014-04-28 08:07 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 08:06 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-04-28 08:06 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-04-28 08:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-04-28 08:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-04-28 08:06 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-04-28 08:06 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-04-28 08:06 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-28 08:04 . 2014-02-07 01:25 3159552 ----a-w- c:\windows\system32\win32k.sys
2014-04-28 08:04 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-28 08:04 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-28 08:04 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-28 08:04 . 2014-01-24 02:40 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-28 08:04 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-28 08:04 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-28 08:04 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-28 08:04 . 2013-11-26 11:34 1897408 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-28 08:04 . 2013-11-26 11:34 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-28 08:04 . 2013-11-26 11:34 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-28 08:03 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-28 08:03 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-28 07:51 . 2014-04-17 08:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0A697CA-285D-4C38-A008-B53437A7953A}\mpengine.dll
2014-04-28 07:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-28 07:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-28 07:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-04-28 07:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-04-28 07:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-04-28 07:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-04-28 07:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-04-28 07:48 . 2012-06-02 18:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-28 07:48 . 2012-06-02 18:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-04-28 01:02 . 2014-04-28 17:25 -------- d-----w- c:\program files (x86)\osu!
2014-04-26 19:24 . 2014-04-26 19:24 -------- d-----w- c:\programdata\GridinSoft
2014-04-26 09:19 . 2014-04-26 09:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-04-25 09:16 . 2014-04-25 09:16 -------- d-----w- c:\program files\OBS
2014-04-25 09:16 . 2014-04-28 03:31 -------- d-----w- c:\program files (x86)\OBS
2014-04-25 07:22 . 2014-04-25 07:22 -------- d-----w- c:\programdata\LogMeIn
2014-04-25 07:21 . 2014-04-25 07:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-04-25 04:15 . 2014-04-25 04:15 -------- d-----w- c:\program files (x86)\TeamViewer
2014-04-23 00:58 . 2014-04-23 00:58 -------- d-sh--w- c:\programdata\SecuROM
2014-04-23 00:57 . 2014-04-23 00:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-23 00:56 . 2014-04-23 00:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 00:56 . 2014-04-23 00:56 -------- d-----w- c:\windows\SysWow64\xlive
2014-04-20 15:06 . 2014-04-20 15:34 -------- d-----w- c:\program files (x86)\Hearthstone
2014-04-20 07:18 . 2014-04-25 16:23 -------- d-----w- C:\Fraps
2014-04-19 04:39 . 2014-04-19 04:39 -------- d-----w- c:\program files (x86)\AP Tuner
2014-04-19 03:13 . 2014-04-19 04:13 -------- d-----w- c:\program files (x86)\World of Warcraft
2014-04-19 03:12 . 2014-04-26 01:16 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-20 02:19 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-19 03:12 -------- d-----w- c:\program files (x86)\Battle.net
2014-04-19 02:59 . 2014-04-19 02:59 -------- d-----w- c:\programdata\Battle.net
2014-04-18 02:47 . 2014-04-19 01:35 291296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 02:33 . 2014-04-23 19:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-04-18 02:15 . 2014-04-26 09:53 -------- d--h--w- c:\windows\msdownld.tmp
2014-04-18 02:15 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\MSI Afterburner
2014-04-17 22:26 . 2014-04-17 22:26 -------- d-----w- c:\programdata\Malwarebytes
2014-04-17 22:26 . 2014-04-17 22:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-04-17 22:26 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 05:31 . 2014-04-17 05:31 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-04-17 05:31 . 2014-04-17 15:01 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-04-17 05:31 . 2014-04-28 02:43 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-17 05:31 . 2014-04-28 02:43 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-17 05:31 . 2014-04-17 05:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-17 05:30 . 2014-04-17 05:31 -------- d-----w- c:\programdata\Package Cache
2014-04-17 04:32 . 2014-04-17 04:32 -------- d-----w- c:\program files\CCleaner
2014-04-16 22:16 . 2014-04-16 22:16 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 22:16 . 2014-04-16 22:16 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\programdata\Sony Mobile
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\Sony Mobile
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\programdata\Sony
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\program files (x86)\Sony
2014-04-16 09:20 . 2014-04-16 09:24 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-16 09:15 . 2014-04-28 02:50 -------- d-----w- c:\programdata\Origin
2014-04-16 09:15 . 2014-04-17 05:44 -------- d-----w- c:\programdata\Electronic Arts
2014-04-16 09:15 . 2014-04-28 02:12 -------- d-----w- c:\program files (x86)\Origin
2014-04-14 07:52 . 2014-04-14 07:52 -------- d-----w- C:\Warner Bros. Interactive Entertainment
2014-04-13 21:12 . 2013-02-01 09:39 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2014-04-13 06:21 . 2014-04-13 06:27 -------- d-----w- c:\program files (x86)\JDownloader
2014-04-13 06:19 . 2014-04-29 03:06 -------- d-----w- c:\programdata\Oracle
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----r- c:\program files (x86)\Skype
2014-04-12 23:06 . 2014-04-14 07:59 -------- d-----w- c:\programdata\Skype
2014-04-12 18:14 . 2014-04-12 18:14 -------- d-----w- c:\program files (x86)\ExitLag
2014-04-12 17:43 . 2014-04-12 17:43 -------- d-----w- c:\programdata\Steam
2014-04-12 17:33 . 2014-04-21 13:29 -------- d-----w- c:\program files (x86)\LEGO - The Hobbit
2014-04-12 17:31 . 2014-04-12 17:31 -------- d-----w- c:\program files\WinRAR
2014-04-12 17:24 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-04-12 17:24 . 2014-04-12 17:24 -------- d-----w- C:\Riot Games
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\programdata\PMB Files
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\program files (x86)\Pando Networks
2014-04-12 13:38 . 2014-04-12 13:51 -------- d-----w- c:\program files (x86)\Razer
2014-04-12 13:38 . 2014-04-12 13:38 -------- d-----w- c:\programdata\Razer
2014-04-12 08:00 . 2014-04-28 21:39 -------- d-----w- c:\windows\Panther
2014-04-12 03:34 . 2010-05-26 14:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-23 01:07 . 2009-08-18 15:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-04-23 01:07 . 2009-08-18 14:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-31 12:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-28 08:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-20 21:14 . 2014-02-20 21:14 15453904 ----a-w- c:\windows\SysWow64\xlive.dll
2014-02-20 21:14 . 2014-02-20 21:14 13642960 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 00:44 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 00:43]
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 00:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com
TCP: DhcpNameServer = 186.216.64.5 189.91.0.15
TCP: Interfaces\{D0BEBC8E-7E2D-4DCF-949E-084487E6297F}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2144593176-2422547833-2565079189-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,15,9b,7f,a2,a5,e5,ce,0d,8f,3c,47,db,21,3f,76,76,83,0d,2d,21,
   16,61,c3,ce,80,90,d3,ff,d6,77,72,ef,fe,24,dd,54,d0,8a,62,42,f5,fe,76,00,e6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-04-29  00:25:48
ComboFix-quarantined-files.txt  2014-04-29 03:25
ComboFix2.txt  2014-04-28 07:40
ComboFix3.txt  2014-04-26 19:53
ComboFix4.txt  2014-04-25 09:06
ComboFix5.txt  2014-04-29 03:19
.
Pré-execução: 32.078.606.336 bytes disponíveis
Pós execução: 31.499.677.696 bytes disponíveis
.
- - End Of File - - EBF60974D5CF9757B2BE3FDC6CC0D4FE
A36C5E4F47E84449FF07ED3517B43A31
 

Attached Files


Edited by yahfz, 29 April 2014 - 04:16 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 29 April 2014 - 01:13 PM


Hello yahfz,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 12:04 AM

Hi, Gringo!
First of all thank you very much for helping me.
Here are the logs that you asked for! I am brazillian, if you want me to translate some phrases there just ask :)


-AdwCleaner-:
 
 
# AdwCleaner v3.205 - Relatório criado 30/04/2014 às 01:51:32
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Yahfz - YAHFZ-PC
# Executando de : C:\Users\Yahfz\Downloads\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Google Chrome v34.0.1847.131
 
[ Arquivo : C:\Users\Yahfz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [830 octets] - [29/04/2014 00:07:06]
AdwCleaner[R1].txt - [894 octets] - [30/04/2014 01:50:39]
AdwCleaner[S0].txt - [953 octets] - [29/04/2014 00:09:45]
AdwCleaner[S1].txt - [881 octets] - [30/04/2014 01:51:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [940 octets] ##########



Junkware-Removal-Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Yahfz on 30/04/2014 at  1:56:19,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/04/2014 at  2:01:05,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by yahfz, 30 April 2014 - 12:07 AM.


#4 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 01:53 AM

Update: Some pages won't load. Youtube works fine, google as well, facebook won't. 
Error Code: ERR_CONNECTION_TIMED_OUT



#5 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 06:26 AM

Update 2: Some sites are redirecting to this particular url:
37693.pf.aclst.com



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 30 April 2014 - 07:13 AM


Hello yahfz

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 07:35 AM

Combofix LOG:
 

ComboFix 14-04-30.01 - Yahfz 30/04/2014   9:26.8.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4095.2771 [GMT -3:00]
Executando de: c:\users\Yahfz\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\networkdlllsp.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-28 to 2014-04-30  ))))))))))))))))))))))))))))
.
.
2014-04-30 12:29 . 2014-04-30 12:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-30 07:01 . 2014-04-30 07:01 -------- d-----w- c:\program files (x86)\Activision
2014-04-30 04:56 . 2014-04-30 04:56 -------- d-----w- c:\windows\ERUNT
2014-04-29 03:07 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-29 03:07 . 2014-04-30 04:51 -------- d-----w- C:\AdwCleaner
2014-04-29 03:04 . 2014-04-29 03:04 -------- d-----w- c:\windows\system32\appmgmt
2014-04-28 20:19 . 2014-04-29 13:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-04-28 20:19 . 2014-04-29 13:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-28 20:08 . 2014-04-28 20:08 -------- d-----w- c:\program files (x86)\Trend Micro
2014-04-28 17:26 . 2014-04-28 17:26 -------- d-----w- c:\program files\Sony
2014-04-28 09:30 . 2014-04-28 09:30 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 09:14 . 2014-04-28 09:14 -------- d-----w- c:\windows\Migration
2014-04-28 08:56 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2014-04-28 08:51 . 2012-08-23 14:12 29696 ----a-w- c:\windows\system32\drivers\terminpt.sys
2014-04-28 08:51 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-28 08:51 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-28 08:51 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-28 08:51 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-28 08:51 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-28 08:34 . 2014-04-28 08:35 -------- d-----w- c:\windows\system32\MRT
2014-04-28 08:07 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 08:06 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-04-28 08:06 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-04-28 08:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-04-28 08:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-04-28 08:06 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-04-28 08:06 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-04-28 08:06 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-28 08:04 . 2014-02-07 01:25 3159552 ----a-w- c:\windows\system32\win32k.sys
2014-04-28 08:04 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-28 08:04 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-28 08:04 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-28 08:04 . 2014-01-24 02:40 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-28 08:04 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-28 08:04 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-28 08:04 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-28 08:04 . 2013-11-26 11:34 1897408 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-28 08:04 . 2013-11-26 11:34 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-28 08:04 . 2013-11-26 11:34 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-28 08:03 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-28 08:03 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-28 07:51 . 2014-04-17 08:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0A697CA-285D-4C38-A008-B53437A7953A}\mpengine.dll
2014-04-28 07:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-28 07:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-28 07:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-04-28 07:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-04-28 07:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-04-28 07:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-04-28 07:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-04-28 07:48 . 2012-06-02 18:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-28 07:48 . 2012-06-02 18:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-04-28 01:02 . 2014-04-29 11:11 -------- d-----w- c:\program files (x86)\osu!
2014-04-26 19:24 . 2014-04-26 19:24 -------- d-----w- c:\programdata\GridinSoft
2014-04-26 09:19 . 2014-04-26 09:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-04-25 09:16 . 2014-04-25 09:16 -------- d-----w- c:\program files\OBS
2014-04-25 09:16 . 2014-04-28 03:31 -------- d-----w- c:\program files (x86)\OBS
2014-04-25 07:22 . 2014-04-25 07:22 -------- d-----w- c:\programdata\LogMeIn
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-04-23 00:58 . 2014-04-23 00:58 -------- d-sh--w- c:\programdata\SecuROM
2014-04-23 00:57 . 2014-04-23 00:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-23 00:56 . 2014-04-23 00:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 00:56 . 2014-04-23 00:56 -------- d-----w- c:\windows\SysWow64\xlive
2014-04-20 15:06 . 2014-04-20 15:34 -------- d-----w- c:\program files (x86)\Hearthstone
2014-04-20 07:18 . 2014-04-25 16:23 -------- d-----w- C:\Fraps
2014-04-19 04:39 . 2014-04-19 04:39 -------- d-----w- c:\program files (x86)\AP Tuner
2014-04-19 03:13 . 2014-04-19 04:13 -------- d-----w- c:\program files (x86)\World of Warcraft
2014-04-19 03:12 . 2014-04-26 01:16 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-20 02:19 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-19 03:12 -------- d-----w- c:\program files (x86)\Battle.net
2014-04-19 02:59 . 2014-04-19 02:59 -------- d-----w- c:\programdata\Battle.net
2014-04-18 02:47 . 2014-04-19 01:35 291296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 02:33 . 2014-04-23 19:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-04-18 02:15 . 2014-04-26 09:53 -------- d--h--w- c:\windows\msdownld.tmp
2014-04-18 02:15 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\MSI Afterburner
2014-04-17 22:26 . 2014-04-17 22:26 -------- d-----w- c:\programdata\Malwarebytes
2014-04-17 05:31 . 2014-04-17 05:31 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-04-17 05:31 . 2014-04-17 15:01 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-04-17 05:31 . 2014-04-30 10:28 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-17 05:31 . 2014-04-29 15:03 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-17 05:31 . 2014-04-17 05:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-17 05:30 . 2014-04-29 04:22 -------- d-----w- c:\programdata\Package Cache
2014-04-17 04:32 . 2014-04-17 04:32 -------- d-----w- c:\program files\CCleaner
2014-04-16 22:16 . 2014-04-16 22:16 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 22:16 . 2014-04-16 22:16 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\programdata\Sony Mobile
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\Sony Mobile
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\programdata\Sony
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\program files (x86)\Sony
2014-04-16 09:20 . 2014-04-16 09:24 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-16 09:15 . 2014-04-30 10:55 -------- d-----w- c:\programdata\Origin
2014-04-16 09:15 . 2014-04-17 05:44 -------- d-----w- c:\programdata\Electronic Arts
2014-04-16 09:15 . 2014-04-30 09:50 -------- d-----w- c:\program files (x86)\Origin
2014-04-14 07:52 . 2014-04-14 07:52 -------- d-----w- C:\Warner Bros. Interactive Entertainment
2014-04-13 21:12 . 2013-02-01 09:39 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2014-04-13 06:21 . 2014-04-13 06:27 -------- d-----w- c:\program files (x86)\JDownloader
2014-04-13 06:19 . 2014-04-29 03:06 -------- d-----w- c:\programdata\Oracle
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----r- c:\program files (x86)\Skype
2014-04-12 23:06 . 2014-04-14 07:59 -------- d-----w- c:\programdata\Skype
2014-04-12 18:14 . 2014-04-12 18:14 -------- d-----w- c:\program files (x86)\ExitLag
2014-04-12 17:43 . 2014-04-12 17:43 -------- d-----w- c:\programdata\Steam
2014-04-12 17:33 . 2014-04-21 13:29 -------- d-----w- c:\program files (x86)\LEGO - The Hobbit
2014-04-12 17:31 . 2014-04-12 17:31 -------- d-----w- c:\program files\WinRAR
2014-04-12 17:24 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-04-12 17:24 . 2014-04-12 17:24 -------- d-----w- C:\Riot Games
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\programdata\PMB Files
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\program files (x86)\Pando Networks
2014-04-12 13:38 . 2014-04-12 13:51 -------- d-----w- c:\program files (x86)\Razer
2014-04-12 13:38 . 2014-04-12 13:38 -------- d-----w- c:\programdata\Razer
2014-04-12 08:00 . 2014-04-28 21:39 -------- d-----w- c:\windows\Panther
2014-04-12 03:34 . 2010-05-26 14:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-23 01:07 . 2009-08-18 15:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-04-23 01:07 . 2009-08-18 14:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-31 12:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-28 08:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-20 21:14 . 2014-02-20 21:14 15453904 ----a-w- c:\windows\SysWow64\xlive.dll
2014-02-20 21:14 . 2014-02-20 21:14 13642960 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 00:44 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 00:43]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 00:43]
.
.
--------- X64 Entries -----------
.
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com
TCP: DhcpNameServer = 186.216.64.5 189.91.0.15
TCP: Interfaces\{D0BEBC8E-7E2D-4DCF-949E-084487E6297F}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2144593176-2422547833-2565079189-1001\Software\SecuROM\License information*]
"datasecu"=hex:12,a4,bb,f4,ae,dd,21,18,4f,77,3b,32,8f,71,cd,a9,f2,72,a2,0b,e9,
   cf,61,19,07,cc,46,be,59,ac,4f,33,a7,3c,6d,ae,7c,f9,f6,f1,78,c6,37,ec,6f,2c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-04-30  09:32:30 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-04-30 12:32
ComboFix2.txt  2014-04-29 10:59
.
Pré-execução: 28.402.343.936 bytes disponíveis
Pós execução: 28.373.549.056 bytes disponíveis
.
- - End Of File - - B659DFAEA610CE97A914F6E5040E3522
A36C5E4F47E84449FF07ED3517B43A31


Some websites still redirect to this url: 

d6f6.f.aclst.com

Plus, the deleted file always comeback, before i started this thread i ran combofix, and that was the exact same file that was deleted right now..

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 30 April 2014 - 10:55 AM

What browser does the redirect?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 11:39 AM

All of em, IE and Chrome.
plus, some pages are not loading correctly though.. =(


Edited by yahfz, 30 April 2014 - 12:04 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 30 April 2014 - 08:05 PM


Hello yahfz




Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 April 2014 - 09:54 PM

But im using chrome, should i do anyway?



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 01 May 2014 - 08:27 AM

Hello

Yes and I was going to do this next




We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 01 May 2014 - 09:54 AM

Done, looks like its working good right now, but some pages isn't loading correctly (theres only texts and stuff like that) its not loading the website completely..
I would like to ask you the permission to run combofix again to see if the file is still there, i remember that file always comeback. 
I will not run without your permission, Thank you.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 AM

Posted 01 May 2014 - 01:11 PM


Hello yahfz

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 yahfz

yahfz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 01 May 2014 - 02:40 PM

ComboFix 14-04-30.01 - Yahfz 01/05/2014  16:30:10.11.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4095.2468 [GMT -3:00]
Executando de: c:\users\Yahfz\Downloads\ComboFix.exe
Comandos utilizados :: c:\users\Yahfz\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-01 to 2014-05-01  ))))))))))))))))))))))))))))
.
.
2014-05-01 19:33 . 2014-05-01 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-01 17:35 . 2014-05-01 17:35 -------- d-----w- c:\windows\Sun
2014-05-01 17:34 . 2014-05-01 17:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-05-01 17:34 . 2014-05-01 17:34 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-01 17:34 . 2014-05-01 17:34 -------- d-----w- c:\program files (x86)\Java
2014-04-30 07:01 . 2014-04-30 07:01 -------- d-----w- c:\program files (x86)\Activision
2014-04-30 04:56 . 2014-04-30 04:56 -------- d-----w- c:\windows\ERUNT
2014-04-29 03:07 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-29 03:07 . 2014-05-01 17:39 -------- d-----w- C:\AdwCleaner
2014-04-29 03:04 . 2014-04-29 03:04 -------- d-----w- c:\windows\system32\appmgmt
2014-04-28 20:19 . 2014-04-29 13:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-04-28 20:19 . 2014-04-29 13:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-28 20:08 . 2014-04-28 20:08 -------- d-----w- c:\program files (x86)\Trend Micro
2014-04-28 17:26 . 2014-04-28 17:26 -------- d-----w- c:\program files\Sony
2014-04-28 09:30 . 2014-04-28 09:30 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 09:14 . 2014-04-28 09:14 -------- d-----w- c:\windows\Migration
2014-04-28 08:56 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2014-04-28 08:51 . 2012-08-23 14:12 29696 ----a-w- c:\windows\system32\drivers\terminpt.sys
2014-04-28 08:51 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-28 08:51 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-28 08:51 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-28 08:51 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-28 08:51 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-28 08:51 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-28 08:34 . 2014-04-28 08:35 -------- d-----w- c:\windows\system32\MRT
2014-04-28 08:07 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 08:06 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-04-28 08:06 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-04-28 08:06 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-04-28 08:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-04-28 08:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-04-28 08:06 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-04-28 08:06 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-04-28 08:06 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-28 08:04 . 2014-02-07 01:25 3159552 ----a-w- c:\windows\system32\win32k.sys
2014-04-28 08:04 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-28 08:04 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-28 08:04 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-28 08:04 . 2014-01-24 02:40 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-28 08:04 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-28 08:04 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-28 08:04 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-28 08:04 . 2013-11-26 11:34 1897408 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-28 08:04 . 2013-11-26 11:34 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-28 08:04 . 2013-11-26 11:34 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-04-28 08:03 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-04-28 08:03 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-28 08:03 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-28 07:51 . 2014-04-17 08:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0A697CA-285D-4C38-A008-B53437A7953A}\mpengine.dll
2014-04-28 07:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-28 07:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-28 07:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-04-28 07:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-04-28 07:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-04-28 07:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-04-28 07:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-04-28 07:48 . 2012-06-02 18:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-28 07:48 . 2012-06-02 18:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-04-28 01:02 . 2014-05-01 06:08 -------- d-----w- c:\program files (x86)\osu!
2014-04-26 19:24 . 2014-04-26 19:24 -------- d-----w- c:\programdata\GridinSoft
2014-04-26 09:19 . 2014-04-26 09:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-04-25 09:16 . 2014-04-25 09:16 -------- d-----w- c:\program files\OBS
2014-04-25 09:16 . 2014-04-28 03:31 -------- d-----w- c:\program files (x86)\OBS
2014-04-25 07:22 . 2014-04-25 07:22 -------- d-----w- c:\programdata\LogMeIn
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-25 05:55 . 2014-04-25 05:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-04-23 00:58 . 2014-04-23 00:58 -------- d-sh--w- c:\programdata\SecuROM
2014-04-23 00:57 . 2014-04-23 00:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-23 00:56 . 2014-04-23 00:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 00:56 . 2014-04-23 00:56 -------- d-----w- c:\windows\SysWow64\xlive
2014-04-20 15:06 . 2014-04-20 15:34 -------- d-----w- c:\program files (x86)\Hearthstone
2014-04-20 07:18 . 2014-04-25 16:23 -------- d-----w- C:\Fraps
2014-04-19 04:39 . 2014-04-19 04:39 -------- d-----w- c:\program files (x86)\AP Tuner
2014-04-19 03:13 . 2014-04-19 04:13 -------- d-----w- c:\program files (x86)\World of Warcraft
2014-04-19 03:12 . 2014-04-26 01:16 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-20 02:19 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-04-19 03:12 . 2014-04-19 03:12 -------- d-----w- c:\program files (x86)\Battle.net
2014-04-19 02:59 . 2014-04-19 02:59 -------- d-----w- c:\programdata\Battle.net
2014-04-18 02:47 . 2014-04-19 01:35 291296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 02:33 . 2014-04-23 19:22 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2014-04-18 02:15 . 2014-04-26 09:53 -------- d--h--w- c:\windows\msdownld.tmp
2014-04-18 02:15 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\MSI Afterburner
2014-04-17 22:26 . 2014-04-17 22:26 -------- d-----w- c:\programdata\Malwarebytes
2014-04-17 05:31 . 2014-04-17 05:31 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-04-17 05:31 . 2014-04-17 15:01 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-04-17 05:31 . 2014-05-01 01:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-17 05:31 . 2014-05-01 01:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-17 05:31 . 2014-04-17 05:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-17 05:30 . 2014-04-29 04:22 -------- d-----w- c:\programdata\Package Cache
2014-04-17 04:32 . 2014-04-17 04:32 -------- d-----w- c:\program files\CCleaner
2014-04-16 22:16 . 2014-04-16 22:16 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 22:16 . 2014-04-16 22:16 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\programdata\Sony Mobile
2014-04-16 22:16 . 2014-04-28 21:46 -------- d-----w- c:\program files (x86)\Sony Mobile
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\programdata\Sony
2014-04-16 22:13 . 2014-04-28 21:47 -------- d-----w- c:\program files (x86)\Sony
2014-04-16 09:20 . 2014-04-16 09:24 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-16 09:15 . 2014-05-01 01:46 -------- d-----w- c:\programdata\Origin
2014-04-16 09:15 . 2014-04-17 05:44 -------- d-----w- c:\programdata\Electronic Arts
2014-04-16 09:15 . 2014-05-01 01:09 -------- d-----w- c:\program files (x86)\Origin
2014-04-14 07:52 . 2014-04-14 07:52 -------- d-----w- C:\Warner Bros. Interactive Entertainment
2014-04-13 21:12 . 2013-02-01 09:39 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2014-04-13 06:21 . 2014-04-13 06:27 -------- d-----w- c:\program files (x86)\JDownloader
2014-04-13 06:19 . 2014-05-01 17:34 -------- d-----w- c:\programdata\Oracle
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-12 23:06 . 2014-04-12 23:06 -------- d-----r- c:\program files (x86)\Skype
2014-04-12 23:06 . 2014-04-14 07:59 -------- d-----w- c:\programdata\Skype
2014-04-12 18:14 . 2014-04-12 18:14 -------- d-----w- c:\program files (x86)\ExitLag
2014-04-12 17:43 . 2014-04-12 17:43 -------- d-----w- c:\programdata\Steam
2014-04-12 17:33 . 2014-04-21 13:29 -------- d-----w- c:\program files (x86)\LEGO - The Hobbit
2014-04-12 17:31 . 2014-04-12 17:31 -------- d-----w- c:\program files\WinRAR
2014-04-12 17:24 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-04-12 17:24 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-04-12 17:24 . 2014-04-12 17:24 -------- d-----w- C:\Riot Games
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\programdata\PMB Files
2014-04-12 17:23 . 2014-04-12 17:23 -------- d-----w- c:\program files (x86)\Pando Networks
2014-04-12 13:38 . 2014-04-12 13:51 -------- d-----w- c:\program files (x86)\Razer
2014-04-12 13:38 . 2014-04-12 13:38 -------- d-----w- c:\programdata\Razer
2014-04-12 08:00 . 2014-04-28 21:39 -------- d-----w- c:\windows\Panther
2014-04-12 03:34 . 2010-05-26 14:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-12 03:34 . 2010-05-26 14:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-23 01:07 . 2009-08-18 15:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-04-23 01:07 . 2009-08-18 14:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-31 12:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-28 08:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-20 21:14 . 2014-02-20 21:14 15453904 ----a-w- c:\windows\SysWow64\xlive.dll
2014-02-20 21:14 . 2014-02-20 21:14 13642960 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-01 14:41 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 14:40]
.
2014-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 14:40]
.
.
--------- X64 Entries -----------
.
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.200
TCP: Interfaces\{D0BEBC8E-7E2D-4DCF-949E-084487E6297F}: NameServer = 208.67.222.222,208.67.220.200
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2144593176-2422547833-2565079189-1001\Software\SecuROM\License information*]
"datasecu"=hex:12,a4,bb,f4,ae,dd,21,18,4f,77,3b,32,8f,71,cd,a9,f2,72,a2,0b,e9,
   cf,61,19,07,cc,46,be,59,ac,4f,33,a7,3c,6d,ae,7c,f9,f6,f1,78,c6,37,ec,6f,2c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-05-01  16:35:36
ComboFix-quarantined-files.txt  2014-05-01 19:35
ComboFix2.txt  2014-05-01 14:38
ComboFix3.txt  2014-05-01 06:14
ComboFix4.txt  2014-04-30 12:32
ComboFix5.txt  2014-05-01 19:28
.
Pré-execução: 17.592.832.000 bytes disponíveis
Pós execução: 17.522.757.632 bytes disponíveis
.
- - End Of File - - 7889B4185E4600994E2233949B41AD2E
A36C5E4F47E84449FF07ED3517B43A31

now facebook just started redirecting to google. =(
this is happening on google chrome only. IE is fine

Edited by yahfz, 02 May 2014 - 12:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users