Jump to content


Photo

Information about logfile of Combofix


  • This topic is locked This topic is locked
23 replies to this topic

#1 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 September 2012 - 09:26 AM

Hi everybody,

I've been looking for a section where I could send my logfile as Combofix result to get help, but I can't find it. Can i post it here or some one could suggest me something about?
Thanks in advance

EDIT:
Yes, please copy/paste it into this topic.
Also, please go to http://www.spywarein...showtopic=79038 and post the requested logs as we need this information to help you.

Edited by Rocket Grannie, 20 September 2012 - 09:57 AM.


#2 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 20 September 2012 - 05:36 PM

Welcome polmar to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Please visit the Instructions for posting requested logs and post the logs from DDS, Malwarebytes Anti-Malware and Security Check.

You may also post your ComboFix log, although please be aware that running ComboFix without the supervision of a helper such as myself is extremely risky.

Are you noticing anything odd on your computer, such as popups, slowness or redirects?
==========

In your next post please provide the following:
  • ComboFix.txt.
  • DDS.txt.
  • MBAM log.
  • checkup.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#3 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 21 September 2012 - 07:33 AM

Hi Dark Knight and Rocket Granny, thank you both for your quick answer :)

In these last days I received several error, slowness, redirections, a file called yeldmanager triying to open itself and finally virus Lve security platinum caught me.
When I saw it I just turn off my pc, put into security mod, and I got back with the restoration manager.
Then I've look for information about this problem and I found forum suggesting to use Malwarebytes, Combofix and Hijackthis..so I started alone with Malwarebytes with simple/fast scan and it gaves me such as 3 problems, and other 6 with complete scan.
After that I used Combofix and then i write the post.

I'm sorry but yesterday I forgot to save logfile of malwarebytes firsts scan, I can send:

- Combofix.txt (from yesterday, just afeter malware bytes)
- DDS.txt. (today)
- malwarebytes (of today, after having scan and cleaned 'i suppose' my system with malwarebyte first time and Combo)
- checkup (today)

Anyway, I send all of these log files, hoping it can be usefull. I want also say that for the moment it seem have less problem my pc, I mean after using Malwarebytes and combo, dds and checkup.

Here I paste the results:

1. COMBOFIX
ComboFix 12-09-20.01 - pol 20/09/2012 14:43:44.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4028.2377 [GMT 1:00]
Running from: c:\users\pol\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\07439fd5-7039-4014-b635-5bf088a1465b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16ab6978-b6b5-41fa-81a1-8bffc55a69b9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6928cebe-dc61-4564-a488-e19724a8de68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a6735b1-c078-4648-9416-b6bb29ec3dc1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9ad10df8-6662-488d-9a0f-1fab1ee3403d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9f8591c3-5048-42f7-9553-387b30449f54.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ac96894a-064b-4c44-a457-9d5aaee7032a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\adb45b82-004f-4eed-bd54-d60d7eda1ff5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c2690c4c-81f4-4565-a861-643c7af1fa90.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e86f11dd-8b83-43cc-899e-f935ce0a1ea0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\windows\UA000104.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
.
.
2012-09-20 13:53 . 2012-09-20 13:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\users\pol\AppData\Roaming\Malwarebytes
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 11:34 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 11:06 . 2012-09-20 11:16 -------- d-----w- c:\programdata\225932DF000165DB004DDCA4F875F002
2012-09-12 07:56 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:56 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:56 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 07:56 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:56 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:56 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:56 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 13:04 . 2012-09-09 13:04 -------- d-----w- c:\users\pol\AppData\Local\Macromedia
2012-09-09 12:27 . 2012-09-20 11:16 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-09 12:27 . 2012-09-09 12:27 -------- d-----w- c:\programdata\McAfee
2012-09-09 12:27 . 2012-09-09 12:32 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-09-09 12:27 . 2012-09-09 12:27 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\users\pol\AppData\Roaming\Vodafone
2012-09-07 08:21 . 2010-03-25 17:09 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-09-07 08:21 . 2010-03-25 17:09 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\programdata\Vodafone
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\programdata\FLEXnet
2012-09-07 08:20 . 2012-09-07 08:20 -------- d-----w- c:\users\pol\AppData\Local\{2D225037-C0D0-43C8-B342-97DBD5107324}
2012-08-29 16:05 . 2012-08-29 16:05 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-08-29 16:05 . 2012-08-29 16:05 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-08-29 16:05 . 2012-08-29 16:05 -------- d-----w- c:\program files (x86)\Application Updater
2012-08-29 15:57 . 2012-08-29 15:57 -------- d-----w- c:\users\pol\AppData\Roaming\QuickScan
2012-08-27 20:01 . 2012-08-27 20:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-27 20:01 . 2012-08-27 20:01 -------- d-----r- c:\program files (x86)\Skype
2012-08-25 13:09 . 2012-08-25 13:09 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-25 13:09 . 2012-08-25 13:09 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-24 14:43 . 2012-08-24 14:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 13:01 . 2012-08-24 13:01 -------- d-----w- c:\users\Invitado\AppData\Local\Diagnostics
2012-08-24 13:00 . 2012-08-24 13:00 -------- d-----w- c:\users\Invitado\AppData\Local\Mozilla
2012-08-23 10:57 . 2012-08-23 10:57 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-08-21 17:57 . 2012-08-21 17:57 -------- d-sh--w- c:\users\pol\wc
2012-08-21 17:56 . 2012-08-21 17:56 -------- d-sh--w- c:\users\pol\AppData\Roaming\wyUpdate AU
2012-08-21 17:56 . 2012-08-21 18:33 -------- d-----w- c:\users\pol\AppData\Roaming\Cyberduck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 14:50 . 2011-11-07 13:45 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-09 12:27 . 2011-11-07 12:36 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 20:06 . 2012-08-01 20:06 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-08-01 20:06 . 2012-08-01 20:06 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-01 20:06 . 2012-08-01 20:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-01 20:06 . 2012-08-01 20:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-01 20:06 . 2012-08-01 20:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-01 20:06 . 2012-08-01 20:06 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-01 20:06 . 2012-08-01 20:06 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-01 20:05 . 2012-08-01 20:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-08-01 20:05 . 2012-08-01 20:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-01 20:05 . 2012-08-01 20:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-01 20:05 . 2012-08-01 20:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-08-01 20:05 . 2012-08-01 20:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-01 20:05 . 2012-08-01 20:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-08-01 20:05 . 2012-08-01 20:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-08-01 20:05 . 2012-08-01 20:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-01 20:05 . 2012-08-01 20:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-08-01 20:04 . 2012-08-01 20:04 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-01 20:03 . 2012-08-01 20:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-01 20:03 . 2012-08-01 20:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-01 20:03 . 2012-08-01 20:03 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-01 20:03 . 2012-08-01 20:03 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 02:21 . 2012-07-26 02:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-16 10:38 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 14:14 . 2012-07-17 14:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 13:49 . 2012-07-17 13:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 13:37 . 2012-07-17 13:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-05 21:06 . 2012-08-03 22:04 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 21:06 . 2011-11-09 20:17 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-16 10:38 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 10:38 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 10:38 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 10:38 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-27 07:06 . 2012-08-16 10:38 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 07:06 . 2012-08-16 10:38 1494016 ----a-w- c:\windows\system32\urlmon.dll
2012-06-27 07:06 . 2012-08-16 10:38 134144 ----a-w- c:\windows\system32\url.dll
2012-06-27 07:03 . 2012-08-16 10:38 9059840 ----a-w- c:\windows\system32\mshtml.dll
2012-06-27 07:03 . 2012-08-16 10:38 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-27 07:03 . 2012-08-16 10:38 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-27 07:02 . 2012-08-16 10:38 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-27 07:02 . 2012-08-16 10:38 247808 ----a-w- c:\windows\system32\ieui.dll
2012-06-27 07:02 . 2012-08-16 10:38 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-06-27 07:02 . 2012-08-16 10:38 12297216 ----a-w- c:\windows\system32\ieframe.dll
2012-06-27 05:53 . 2012-08-16 10:38 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-27 04:53 . 2012-08-16 10:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 04:10 . 2012-08-16 10:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-25 246224]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2010-01-05 19504]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;WatchDog de AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-02-10 60928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2010-02-10 25648]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NETw5s64;Controlador del adaptador Intel® Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 09:05]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 09:05]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822692993-3587576798-1461896026-1000Core.job
- c:\users\pol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 21:46]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822692993-3587576798-1461896026-1000UA.job
- c:\users\pol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 21:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com/
IE: Free YouTube Download - c:\users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: gob.es\agenciatributaria
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}: NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\341637164586F6F6E656E6: NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\75C414E4F544839323: NameServer = 8.8.8.8
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
FF - ProfilePath - c:\users\pol\AppData\Roaming\Mozilla\Firefox\Profiles\7w09xhlm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.naturalmentegrancanaria.com/
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{db131c55-60c8-4adc-84dc-9e76ab06e2dc} - (no file)
WebBrowser-{DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-20 15:00:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-20 14:00
.
Pre-Run: 12.562.567.168 bytes libres
Post-Run: 12.250.103.808 bytes libres
.
- - End Of File - - B61F7D879DBECD80BAA44095412376DC




2. DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by pol at 10:45:40 on 2012-09-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4028.2366 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.3\lightroom.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Users\pol\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\pol\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Clementine\clementine.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: gob.es\agenciatributaria
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517} : NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517} : DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\341637164586F6F6E656E6 : NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\341637164586F6F6E656E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\3596475636F6D6830366436323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\75C414E4F544839323 : NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\75C414E4F544839323 : DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{9940309F-5210-458A-855C-456453726479} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pol\AppData\Roaming\Mozilla\Firefox\Profiles\7w09xhlm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.naturalmentegrancanaria.com/
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\pol\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-9-20 913792]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-7 98208]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;WatchDog de AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-7 13336]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-8-29 821592]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2012-5-20 60928]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-7 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-7 2533400]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETw5s64;Controlador del adaptador Intel® Wireless WiFi Link para Windows 7 de 64 bits;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servicio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-8 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-8-29 21384]
S3 gupdatem;Servicio de Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-8 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-8-29 33224]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-8-29 21904]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-20 13:56:20 -------- d-----w- C:\$RECYCLE.BIN
2012-09-20 11:50:52 98816 ----a-w- C:\Windows\sed.e

#4 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 21 September 2012 - 08:50 AM

Good evening polmar. :)

You have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

It promotes its toolbars on sites targeted at kids.
It promotes its toolbars through ads that appear to be part of other companies' sites.
It promotes its toolbars through other companies' spyware.
It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

IObit Malware Fighter is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following programs (if present):
Advanced System Care
AskBArDis
IObit Malware Fighter
IObit Toolbar

(or any program from IObit)

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:
http://www.t-tools.nl/bitremoveren.php
Save the program to your Desktop and double-click on the program to run it.
==========

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    DDS::
    Trusted Zone: gob.es\agenciatributaria

    Folder::
    c:\program files (x86)\Common Files\Spigot
    c:\program files (x86)\Application Updater

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SearchSettings"=-

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    Posted Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.
Please post the ComboFix.txt in your next reply.
==========

Finally, please download to the Desktop RogueKiller (by tigzy).
  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.
==========

In your reply please provide the following:
  • ComboFix.txt.
  • RogueKiller log.
What issues remain on your computer?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#5 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 21 September 2012 - 12:15 PM

Good evening to you Dark Knight,

thank so much for your help, :)

I've done the thing you suggested me, uninstalling the programms listed, exept for AskBArDis that I couldn't find anywhere. If exist some way to uninstall please tell me.

Here you can see the reports required:

Combofix:


ComboFix 12-09-20.03 - pol 21/09/2012 17:39:52.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.4028.2409 [GMT 1:00]
Running from: c:\users\pol\Desktop\ComboFix.exe
Command switches used :: c:\users\pol\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\07439fd5-7039-4014-b635-5bf088a1465b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6928cebe-dc61-4564-a488-e19724a8de68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a6735b1-c078-4648-9416-b6bb29ec3dc1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9ad10df8-6662-488d-9a0f-1fab1ee3403d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9f8591c3-5048-42f7-9553-387b30449f54.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ac96894a-064b-4c44-a457-9d5aaee7032a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\adb45b82-004f-4eed-bd54-d60d7eda1ff5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c2690c4c-81f4-4565-a861-643c7af1fa90.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e86f11dd-8b83-43cc-899e-f935ce0a1ea0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 16:47 . 2012-09-21 16:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-21 16:47 . 2012-09-21 16:47 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2012-09-21 16:47 . 2012-09-21 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\users\pol\AppData\Roaming\Malwarebytes
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 11:34 . 2012-09-20 11:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 11:34 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 11:06 . 2012-09-20 11:16 -------- d-----w- c:\programdata\225932DF000165DB004DDCA4F875F002
2012-09-12 07:56 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:56 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:56 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 07:56 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:56 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:56 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:56 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 13:04 . 2012-09-09 13:04 -------- d-----w- c:\users\pol\AppData\Local\Macromedia
2012-09-09 12:27 . 2012-09-09 12:27 -------- d-----w- c:\programdata\McAfee
2012-09-09 12:27 . 2012-09-09 12:27 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\users\pol\AppData\Roaming\Vodafone
2012-09-07 08:21 . 2010-03-25 17:09 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-09-07 08:21 . 2010-03-25 17:09 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\programdata\Vodafone
2012-09-07 08:21 . 2012-09-07 08:21 -------- d-----w- c:\programdata\FLEXnet
2012-09-07 08:20 . 2012-09-07 08:20 -------- d-----w- c:\users\pol\AppData\Local\{2D225037-C0D0-43C8-B342-97DBD5107324}
2012-08-29 15:57 . 2012-08-29 15:57 -------- d-----w- c:\users\pol\AppData\Roaming\QuickScan
2012-08-27 20:01 . 2012-08-27 20:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-27 20:01 . 2012-08-27 20:01 -------- d-----r- c:\program files (x86)\Skype
2012-08-25 13:09 . 2012-08-25 13:09 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-25 13:09 . 2012-08-25 13:09 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-24 14:43 . 2012-08-24 14:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 13:01 . 2012-08-24 13:01 -------- d-----w- c:\users\Invitado\AppData\Local\Diagnostics
2012-08-24 13:00 . 2012-08-24 13:00 -------- d-----w- c:\users\Invitado\AppData\Local\Mozilla
2012-08-23 10:57 . 2012-08-23 10:57 -------- d-----w- c:\programdata\PC-Doctor for Windows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 14:50 . 2011-11-07 13:45 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-09 12:27 . 2011-11-07 12:36 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 20:06 . 2012-08-01 20:06 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-08-01 20:06 . 2012-08-01 20:06 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-01 20:06 . 2012-08-01 20:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-01 20:06 . 2012-08-01 20:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-01 20:06 . 2012-08-01 20:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-01 20:06 . 2012-08-01 20:06 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-01 20:06 . 2012-08-01 20:06 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-01 20:05 . 2012-08-01 20:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-08-01 20:05 . 2012-08-01 20:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-01 20:05 . 2012-08-01 20:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-01 20:05 . 2012-08-01 20:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-08-01 20:05 . 2012-08-01 20:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-01 20:05 . 2012-08-01 20:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-08-01 20:05 . 2012-08-01 20:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-08-01 20:05 . 2012-08-01 20:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-01 20:05 . 2012-08-01 20:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-08-01 20:04 . 2012-08-01 20:04 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-01 20:03 . 2012-08-01 20:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-01 20:03 . 2012-08-01 20:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-01 20:03 . 2012-08-01 20:03 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-01 20:03 . 2012-08-01 20:03 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 02:21 . 2012-07-26 02:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-23 14:59 . 2011-12-03 13:49 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 18:15 . 2012-08-16 10:38 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 14:14 . 2012-07-17 14:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 13:49 . 2012-07-17 13:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 13:37 . 2012-07-17 13:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-05 21:06 . 2012-08-03 22:04 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 21:06 . 2011-11-09 20:17 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-16 10:38 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 10:38 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 10:38 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 10:38 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-27 07:06 . 2012-08-16 10:38 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 07:06 . 2012-08-16 10:38 1494016 ----a-w- c:\windows\system32\urlmon.dll
2012-06-27 07:06 . 2012-08-16 10:38 134144 ----a-w- c:\windows\system32\url.dll
2012-06-27 07:03 . 2012-08-16 10:38 9059840 ----a-w- c:\windows\system32\mshtml.dll
2012-06-27 07:03 . 2012-08-16 10:38 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-27 07:03 . 2012-08-16 10:38 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-27 07:02 . 2012-08-16 10:38 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-27 07:02 . 2012-08-16 10:38 247808 ----a-w- c:\windows\system32\ieui.dll
2012-06-27 07:02 . 2012-08-16 10:38 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-06-27 07:02 . 2012-08-16 10:38 12297216 ----a-w- c:\windows\system32\ieframe.dll
2012-06-27 05:53 . 2012-08-16 10:38 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-27 04:53 . 2012-08-16 10:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 04:10 . 2012-08-16 10:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-25 246224]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2010-01-05 19504]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;WatchDog de AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-02-10 60928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2010-02-10 25648]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NETw5s64;Controlador del adaptador Intel® Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 09:05]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-08 09:05]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822692993-3587576798-1461896026-1000Core.job
- c:\users\pol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 21:46]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822692993-3587576798-1461896026-1000UA.job
- c:\users\pol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 21:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\pol\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com/
IE: Free YouTube Download - c:\users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\pol\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}: NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\341637164586F6F6E656E6: NameServer = 8.8.8.8
TCP: Interfaces\{270A4F65-D015-44E6-8936-99D1B64C8517}\75C414E4F544839323: NameServer = 8.8.8.8
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
FF - ProfilePath - c:\users\pol\AppData\Roaming\Mozilla\Firefox\Profiles\7w09xhlm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.naturalmentegrancanaria.com/
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Game Booster_is1 - c:\program files (x86)\IObit\Game Booster\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-21 17:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 16:52
.
Pre-Run: 11.972.063.232 bytes libres
Post-Run: 11.519.807.488 bytes libres
.
- - End Of File - - BDDA3DFDA22B37D82C4EC598910B886B



RougeKiller:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : pol [Admin rights]
Mode : Scan -- Date : 09/21/2012 18:09:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 53c61da8909619e71ce1739b79998bab
[BSP] 4c376f199e3b84a8d25e422383116e25 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100839 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 206727166 | Size: 40998 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290691072 | Size: 335000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



About issues, i'm not sure, I've tried to do a scan with Kaspersky free and he found some pontential problems.
Do you think I should trust in Kaspersky?
Just one more question, how should I do in order to prevent all these attacks? Some good Av, Firewall? And what you suggest to use instead of Iobit?

Really thank you man

#6 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 21 September 2012 - 06:39 PM

Hello polmar. :)

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.
==========

About issues, i'm not sure, I've tried to do a scan with Kaspersky free and he found some pontential problems.
Do you think I should trust in Kaspersky?

It's a reasonable antivirus scan. Do you have a log file you can post?

Just one more question, how should I do in order to prevent all these attacks? Some good Av, Firewall? And what you suggest to use instead of Iobit?

Once your computer seems clean I will give you some advice on security programs. :thumbup:

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

What issues remain on your computer?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#7 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 September 2012 - 04:06 PM

Hi Dark Knight,
:)
here's the kaspersky report:
(don't know why in spanish, sorry I hope you can understand)

Informe detallado
Se han encontrado problemas
Fecha del análisis:

Fecha de actualización de la base de datos:


Versión del producto: 09/22/2012 04:19 PM

09/22/2012 09:03 AM


12.0.1.117
Protección del equipo (0)
Información sobre software antivirus y firewalls instalados en el equipo.
Malintencionado (0)
Información sobre software malicioso detectado en el equipo.
Vulnerabilidades (14)
Información sobre aplicaciones y componentes del sistema operativo en los que se han detectado vulnerabilidades.
C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\AILib.dll
C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\player\win\FlashPlayer.exe
C:\Program Files (x86)\Adobe\Adobe Flash CS5\AILib.dll
C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe
C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Debug\FlashPlayerDebugger.exe
C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Release\FlashPlayer.exe
C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\Shell\CS5\icons.dll
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Todo Backup\bin\Wizard.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
Otros problemas (12)
Información sobre vulnerabilidades asociadas con la configuración de aplicaciones instaladas y el sistema operativo.
"El tiempo de espera de terminación de procesos está fuera de valores aceptados"
"El tiempo de espera de terminación de servicios está fuera de valores aceptados"
"La ejecución automática desde unidades de disco está autorizada"
"La ejecución automática desde unidades de red está activada"
"La ejecución automática de CD/DVD está activada"
"La ejecución automática de medios extraíbles está activada"
"Microsoft Internet Explorer: desactivar la caché de datos recibidos por canales protegidos"
"Microsoft Internet Explorer: desactivar el envío de informes de error"
"Microsoft Internet Explorer: borrar la lista de dominios de confianza"
"Microsoft Internet Explorer: borrar la lista de excepciones del bloqueador de ventanas"
"Microsoft Internet Explorer: activar la limpieza automática de la caché al cerrar el navegador"
"Microsoft Internet Explorer: refrescar la página de inicio"


And this is the RougeKiller log after deleting:
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : pol [Admin rights]
Mode : Remove -- Date : 09/22/2012 16:24:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 53c61da8909619e71ce1739b79998bab
[BSP] 4c376f199e3b84a8d25e422383116e25 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100839 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 206727166 | Size: 40998 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290691072 | Size: 335000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Finally I send you logfile of Eset Online Scanner
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=39a0482fb072234a8b5d3fecac838430
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-22 09:00:48
# local_time=2012-09-22 10:00:48 (+0000, Hora de verano GMT)
# country="Spain"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 27664011 27664011 0 0
# compatibility_mode=1280 16777215 100 0 6631 6631 0 0
# compatibility_mode=5893 16776574 100 94 27538398 100793117 0 0
# compatibility_mode=8192 67108863 100 0 269 269 0 0
# scanned=321946
# found=1
# cleaned=0
# scan_time=19581
C:\Users\pol\Downloads\SoftonicDownloader_webcam.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I


Once more time I've to thank you for your help :)

Have a good evening

#8 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 22 September 2012 - 06:59 PM

Hello polmar. :)

Please delete this file (if present):

C:\Users\pol\Downloads\SoftonicDownloader_webcam.exe

What issues remain on your computer?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#9 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 September 2012 - 06:12 AM

Hi Dark Knight,

good morning. I've deleted the file.
Should I do or check something more? Apparently computer is working fine now, thanks. :thumbup:

What do you think about the Kaspersky logfile?

I generally use sopcast, torrent and I download a bit...How should I prevent all these attacks?

Well I still really glad to you

#10 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 23 September 2012 - 07:48 AM

Hello polmar. :)

Should I do or check something more?

Your logs look clean and by the sounds of it your computer is running well. By all means run a scan with your antivirus if you would like to be sure. :thumbup:

What do you think about the Kaspersky logfile?

It highlighted some programs that might be vulnerable. If you update all of the ones it mentioned you should be fine.


Please do the following updates. Your Internet Explorer is out of date and by updating to the latest Service Packs you will minimise the risk of future infections through these security patches and fixes.

Please open Internet Explorer and follow the instructions below to update Windows:

  • Go to this link: Windows Update
  • Download all the Critical updates, making sure you have selected Internet Explorer 9.
  • Once they have been installed, please revisit Windows Update and select any further Critical updates.
Note:
It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.


Next, your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:
  • Please go to the below link and download the latest Windows 7 version:
http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel >Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Posted Image
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Finally, your version of Mozilla Firefox is out of date. Please do the following to update it:

  • Go to Start>All Programs>Mozilla Firefox.
  • Click Firefox>Help>About Firefox.
  • Let it search for any updates and install them when found.
  • Please restart your computer if prompted.
==========

In your next post please let me know how the updates went. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#11 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 24 September 2012 - 03:36 AM

HI Dark Knight,

ok, all the update are done! :)thank you

I should update IE even if I never use?

Do you use some programme for cleaning registry and general trouble such as the Iobit once? Or raccomand a good alternative?

It has been really usefull receiving your help, thx thx thx

#12 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 24 September 2012 - 04:04 AM

Hello polmar. :)

I should update IE even if I never use?

Yes. If you have a vulnerability then that can be exploited, even if you aren't necessarily using IE. Better to be safe than sorry. :)

Do you use some programme for cleaning registry and general trouble such as the Iobit once? Or raccomand a good alternative?

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

The same goes for so-called "PC Cleaners" like Advanced SystemCare and TuneUp! Each program has a different definition of what is "bad", and what they say is bad may not be. Better to avoid them.
==========

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.
==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#13 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 24 September 2012 - 06:49 AM

Hi once more Dark Knight,

I understand that is better protect my computer as better and prevent attacks instead of ask for help :)
I really appreciate that and I think you're doing a great thing.

I will do all the things you suggest me in your last post..everything..

The problem is that when it seemed everything fine and clean..this morning it's appeared one more time the yeldmanager problem,
It happens when I open my Yahoo account, i send you the image of that.


mhmh..I'm gonna do what you suggest in your last post..
thanks and have a nice day

Attached Thumbnails

  • yeld.jpg

Edited by polmar, 24 September 2012 - 11:37 AM.


#14 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 24 September 2012 - 07:28 AM

Hello polmar. :)

The yieldmanager is an address of Yahoo! Could you please translate the whole message for me? :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#15 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 24 September 2012 - 07:57 AM

Hi Dark knight

yes for sure..

here it goes

You choose to open
st
which is of th type: application/octet-stream
de http://ad.yeldmanager.com

What should Firefox do with this file?

1.Open with...
2. Save file



Do you think it's something malicious?

#16 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 24 September 2012 - 08:46 PM

Hiya polmar. :)

Please do the following to block it in Firefox:

  • Please go to Firefox>Tools>Options.
  • Click Privacy in the menu..
  • Click Use custom settings for history.
  • Select Exceptions.
  • Then select Address of web sites and type in: yieldmanager.com
  • Then click Block.
  • Click OK to close the Options window.

Please let me know how that goes. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#17 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 September 2012 - 03:27 AM

Hi :)

Ok I've done it, I'll try a bit and I let you know if it's allright.

thanks thanks :)

p.s__ you think Avira works fine?

#18 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 25 September 2012 - 04:32 AM

Hello polmar. :)

Ok I've done it, I'll try a bit and I let you know if it's allright.

Sounds good.

p.s__ you think Avira works fine?

Avira is an excellent antivirus. Each antivirus program has a database, but based on each program's algorithms and methods for detecting "bad entries" obviously no database is quite the same. So, while you did get infected, your antivirus has most likely kept a lot of other malicious things away from your computer. :)

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#19 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 September 2012 - 09:12 AM

Hello Dark Knight,

well, I've to say that it seems the yeldmanager thing desappear, but...
I did a complete scan of my hd with Avira, and it founds 3 problems..

I send you the logfile..if you like to have a qiuck look..

I hope after that..to be clean :)

I put Avira as AV, Comodo as firewall and SpywareBlaster as you suggest me.

I hope to be ok and clean..

This is the logfile..
Thanks you

Avira Antivirus Premium 2012
Date of report file: martes, 25 de septiembre de 2012 10:17

Search for 4263079 viruses and unwanted programs.

The program works as a trial version with full functionality.
Online services are available.

Licensed to: pol Tues
Serial number: 2222981275-0000001-PEPWE
Platform: Windows 7 Home Premium
Windows version: (Service Pack 1) [6.1.7601]
Boot mode: booted regularly
Username: SYSTEM
Computer Name: LUDWIG

Version information:
BUILD.DAT: 12.0.0.317 42649 Bytes 07/23/2012 15:11:00
Avscan.exe: 12.3.0.33 468472 Bytes 07/02/2012 14:44:34
AVSCAN.DLL: 12.3.0.15 63952 Bytes 05/06/2012 23:48:55
LUKE.DLL: 12.3.0.15 68304 Bytes 07/02/2012 14:44:42
AVSCPLR.DLL: 12.3.0.27 97064 Bytes 07/02/2012 14:44:34
AVREG.DLL: 12.3.0.33 232232 Bytes 02/07/2012 14:44:34
VBASE000.VDF: 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF: 7.11.0.0 13342208 Bytes 12/14/2010 00:41:20
VBASE002.VDF: 7.11.19.170 14374912 Bytes 12/20/2011 00:44:10
VBASE003.VDF: 7.11.21.238 4472832 Bytes 01/02/2012 10:58:50
VBASE004.VDF: 7.11.26.44 4329472 Bytes 03/28/2012 23:48:44
VBASE005.VDF: 7.11.34.116 4034048 Bytes 29/06/2012 09:15:36
VBASE006.VDF: 7.11.41.250 4902400 Bytes 09/06/2012 14:10:39
VBASE007.VDF: 7.11.41.251 2048 Bytes 06/09/2012 14:10:39
VBASE008.VDF: 7.11.41.252 2048 Bytes 06/09/2012 14:10:40
VBASE009.VDF: 7.11.41.253 2048 Bytes 06/09/2012 14:10:40
VBASE010.VDF: 7.11.41.254 2048 Bytes 06/09/2012 14:10:40
VBASE011.VDF: 7.11.41.255 2048 Bytes 06/09/2012 14:10:40
VBASE012.VDF: 7.11.42.0 2048 Bytes 06/09/2012 14:10:40
VBASE013.VDF: 7.11.42.1 2048 Bytes 06/09/2012 14:10:40
VBASE014.VDF: 7.11.42.65 203264 Bytes 09/09/2012 14:10:41
VBASE015.VDF: 7.11.42.125 156672 Bytes 09/11/2012 14:10:42
VBASE016.VDF: 7.11.42.171 187904 Bytes 12/09/2012 14:10:44
VBASE017.VDF: 7.11.42.235 141312 Bytes 09/13/2012 14:10:45
VBASE018.VDF: 7.11.43.35 133632 Bytes 09/15/2012 14:10:46
VBASE019.VDF: 7.11.43.89 129024 Bytes 09/18/2012 14:10:46
VBASE020.VDF: 7.11.43.141 130560 Bytes 19/09/2012 14:10:47
VBASE021.VDF: 7.11.43.187 121856 Bytes 09/21/2012 14:10:48
VBASE022.VDF: 7.11.43.251 147456 Bytes 24/09/2012 14:10:49
VBASE023.VDF: 7.11.43.252 2048 Bytes 09/24/2012 14:10:49
VBASE024.VDF: 7.11.43.253 2048 Bytes 09/24/2012 14:10:50
VBASE025.VDF: 7.11.43.254 2048 Bytes 09/24/2012 14:10:50
VBASE026.VDF: 7.11.43.255 2048 Bytes 09/24/2012 14:10:50
VBASE027.VDF: 7.11.44.0 2048 Bytes 24/09/2012 14:10:50
VBASE028.VDF: 7.11.44.1 2048 Bytes 24/09/2012 14:10:50
VBASE029.VDF: 7.11.44.2 2048 Bytes 24/09/2012 14:10:50
VBASE030.VDF: 7.11.44.3 2048 Bytes 24/09/2012 14:10:50
VBASE031.VDF: 7.11.44.36 110592 Bytes 09/25/2012 08:19:45
Engine: 8.2.10.172
AEVDF.DLL: 8.1.2.10 102772 Bytes 07/23/2012 13:28:35
AESCRIPT.DLL: 8.1.4.56 459131 Bytes 24/09/2012 14:11:07
AESCN.DLL: 8.1.8.2 131444 Bytes 02/16/2012 17:11:36
AESBX.DLL: 8.2.5.12 606578 Bytes 10/07/2012 09:15:52
AERDL.DLL: 8.1.9.15 639348 Bytes 21/01/2012 00:40:39
AEPACK.DLL: 8.3.0.36 811382 Bytes 09/24/2012 14:11:06
AEOFFICE.DLL: 8.1.2.48 201082 Bytes 24/09/2012 14:11:03
AEHEUR.DLL: 8.1.4.104 5280119 Bytes 24/09/2012 14:11:03
AEHELP.DLL: 8.1.23.2 258422 Bytes 10/07/2012 09:15:52
AEGEN.DLL: 8.1.5.36 434549 Bytes 24/09/2012 14:10:54
AEEXP.DLL: 8.1.0.86 90484 Bytes 24/09/2012 14:11:07
AEEMU.DLL: 8.1.3.2 393587 Bytes 23/07/2012 13:28:35
AECORE.DLL: 8.1.27.4 201078 Bytes 09/24/2012 14:10:52
AEBB.DLL: 8.1.1.0 53618 Bytes 01/21/2012 00:40:35
AVWINLL.DLL: 12.3.0.15 27344 Bytes 07/02/2012 14:44:36
AVPREF.DLL: 12.3.0.15 51920 Bytes 02/07/2012 14:44:33
AVREP.DLL: 12.3.0.15 179208 Bytes 02/07/2012 14:44:34
AVARKT.DLL: 12.3.0.15 211408 Bytes 07/02/2012 14:44:31
AVEVTLOG.DLL: 12.3.0.15 169168 Bytes 07/02/2012 14:44:32
Sqlite3.dll: 3.7.0.1 398288 Bytes 02/07/2012 14:44:45
AVSMTP.DLL: 12.3.0.32 63992 Bytes 02/07/2012 14:44:34
NETNT.DLL: 12.3.0.15 17104 Bytes 02/07/2012 14:44:42
RCIMAGE.DLL: 12.1.0.13 4493520 Bytes 01/21/2012 00:41:40
RCTEXT.DLL: 12.3.0.31 100344 Bytes 07/02/2012 14:44:52

Configuration settings for the scan:
Job Name ................................: Full system scan
Configuration File ...................... C: \ program files (x86) \ avira \ antivir desktop \ sysscan.avp
Report ......................................: standard
Primary action .............................: interactive
Secondary action ...........................: ignore
Scan master boot ........: Enabled
Scan boot ...................: Active
Boot Record .............................: C:, E:,
Scan active programs ..............: Active
Extended process of scanning ................: Active
Scan registry ..................: Active
Search for rootkits ..............................: Active
Integrity checking of system files ..: Not active
Scan all files ..................: All files
Scan archives .....................: Active
Limit recursion depth ..........: 20
Smart extensions ...................: Active
Macro heuristic .............................: Active
File heuristic ..............................: Advanced
Categories irregular threats ..........: + APPL, + JOKE, + PFS, + SPR,

Start of the scan: martes, 25 de septiembre de 2012 10:17

Start Scan master boot sectors:
Master boot Hard Disk 0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C: \'
[INFO] No virus was found!
Boot sector 'E: \'
[INFO] No virus was found!

You started your scan to detect the presence of hidden objects.

[NOTE] The log entry is not visible.

The scan of running processes will be started:
Scan process' UNS.exe '- '61' Module (s) scanned (s)
Scan process' daemonu.exe '- '66' Module (s) scanned (s)
Scan process' LMS.exe '- '32' Module (s) scanned (s)
Scan process' IAStorDataMgrSvc.exe '- '50' Module (s) scanned (s)
Scan process' avscan.exe '- '95' Module (s) scanned (s)
Scan process' avcenter.exe '- '116' Module (s) scanned (s)
Scan process' avgnt.exe '- '108' Module (s) scanned (s)
Scan process' TrayNotify.exe '- '32' Module (s) scanned (s)
Scan process' EuWatch.exe '- '23' Module (s) scanned (s)
Scan process' AVWEBGRD.EXE '- '53' Module (s) scanned (s)
Scan process' nusb3mon.exe '- '35' Module (s) scanned (s)
Scan process' avmailc.exe '- '36' Module (s) scanned (s)
Scan process' GuardAgent.exe '- '21' Module (s) scanned (s)
Scan process' Agent.exe '- '112' Module (s) scanned (s)
Scan process' avguard.exe '- '70' Module (s) scanned (s)
Scan process' armsvc.exe '- '27' Module (s) scanned (s)
Scan process' sched.exe '- '45' Module (s) scanned (s)
Scan process' nvSCPAPISvr.exe '- '32' Module (s) scanned (s)

Starting to scan executable files (registry)
The registry was scanned (2937 files).

C: \ Users \ pol \ AppData \ LocalLow \ Sun \ Java \ Deployment \ cache \ 6.0 \ 19 \ 241c0bd3-145e7dab
[0] Archive type: ZIP
-> Jnuyvhubwltybyyvhvjt / fubjqregjdb.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Themod.AH
-> Jnuyvhubwltybyyvhvjt / gdectqdycqrsa.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Themod.AI
-> Jnuyvhubwltybyyvhvjt / lhnwmbkkcjqf.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Kara.AY
-> Jnuyvhubwltybyyvhvjt / lnkryqacytdgwchlccl.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Lamar.JC
-> Jnuyvhubwltybyyvhvjt / sluwvmqckktpsupuwf.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Karam.BG
-> Jnuyvhubwltybyyvhvjt / tmyhkpk.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Themod.AJ
-> Jnuyvhubwltybyyvhvjt / vcmffmkaq.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Karam.BH
-> Jnuyvhubwltybyyvhvjt / vetqlcgh.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Lamar.IV
-> Jnuyvhubwltybyyvhvjt / vjjvacefspvukfwknpj.class
[DETECTION] Contains detection pattern of the Java virus JAVA / Dldr.Lamar.JD
-> Jnuyvhubwltybyyvhvjt / wpklfttqtwdacgefnn.class
[DETECTION] Contains detection pattern of the exploit EXP/2012-4681.AG.2
C: \ Users \ pol \ AppData \ LocalLow \ Sun \ Java \ Deployment \ cache \ 6.0 \ 47 \ 1913157d-1fe6b2f
[0] Archive type: ZIP
-> Main.class
[DETECTION] Contains detection pattern of the exploit EXP/CVE-2012-4681
C: \ Users \ pol \ Downloads \ PC Utilities \ avira_antivirus_premium_it.exe
[WARNING] The file is password protected
Begin scan in 'E: \' <DATA>
E: \ My Documents \ Curso web designer \ Mask.Pro.v.4.1.4.rar
[0] Archive type: RAR
-> Mask.Pro.v.4.1.4 \ Keygen.rar
[1] Archive type: RAR
-> Mask Pro v.4.1.4_KeyGen.exe
[DETECTION] Is the Trojan horse TR/ADH.A.313
E: \ Torrents \ Snow_Leopard_10.6.1-10.6.2_SSE2_SSE3_Intel_AMD_by_Hazard.rar
[WARNING]

Start of disinfection:
E: \ My Documents \ Curso web designer \ Mask.Pro.v.4.1.4.rar
[DETECTION] Is the Trojan horse TR/ADH.A.313
[NOTE] The file was moved to quarantine as '575d1d9a. Qua '!
C: \ Users \ pol \ AppData \ LocalLow \ Sun \ Java \ Deployment \ cache \ 6.0 \ 47 \ 1913157d-1fe6b2f
[DETECTION] Contains detection pattern of the exploit EXP/CVE-2012-4681
[NOTE] The file was moved to quarantine under the name '4 fd83244.qua '!
C: \ Users \ pol \ AppData \ LocalLow \ Sun \ Java \ Deployment \ cache \ 6.0 \ 19 \ 241c0bd3-145e7dab
[DETECTION] Contains detection pattern of the exploit EXP/2012-4681.AG.2
[NOTE] The file was moved to quarantine as dd368e2.qua '1 '!


End of the scan: martes, 25 de septiembre de 2012 14:23
Time: 4:03:02 Hour (s)

The scan has been done completely.

62872 Scanned directories
1098219 Files were scanned
12 Viruses and / or unwanted programs
0 Files were classified as suspicious
0 files have been deleted
0 viruses or unwanted programs were repaired
3 files moved to quarantine
0 Renamed Files
0 Unable to scan files
1098207 File uninfected
7274 Archives scanned
16 Notices
4 Notes
731,406 items scanned when scanning for rootkits
1 Hidden objects were found

#20 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 25 September 2012 - 06:50 PM

Good morning polmar. :)

Fortunately the threats that Avira found can be dealt with. It removed a couple of your programs; if you these are safe feel free to restore them. For the Java threats:

Please download TFC to your Desktop.
  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#21 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 27 September 2012 - 02:47 PM

HI there Dark Knight,

ok I've done as you suggest with TFC and it's desappear the problem with Java...thanks you.

GOing back to the yeldmanager problem...I told you that I would have say you something..and after having blocked yeldmanager in Mozilla, I've no more the same probleme when I log into my yahoo, but I've had two more times going in site of p2p transmission. Anyway is not a big problem, just I'd like to be sure is not something dangerous..

Avira, Comodo is a good choice you think?
Thanks so much

#22 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 27 September 2012 - 04:32 PM

Hey polmar. :)

GOing back to the yeldmanager problem...I told you that I would have say you something..and after having blocked yeldmanager in Mozilla, I've no more the same probleme when I log into my yahoo, but I've had two more times going in site of p2p transmission. Anyway is not a big problem, just I'd like to be sure is not something dangerous..

If it doesn't appear when you normally access browse the web then that sounds good. Using p2p programs and connections can be dangerous so I wouldn't be surprised if it appears when you make those connections.

Avira, Comodo is a good choice you think?

Avira is a very good antivirus program so I recommend that you keep it. COMODO is a decent firewall however it has been known to cause issues with internet connections. I usually recommend one of these firewalls instead:


But if COMODO is functioning fine don't worry about it. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#23 polmar

polmar

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 September 2012 - 03:37 AM

Ok thanks Dark Knight,

just I want to make precise that I wanted to say streaming programs like Sopcast or others on directly on the Brose..not p2p..it was a confusion sorry :)

Well, I think can considere all the issues solved.. :)

Thank you fir everything Dark Knight

#24 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 01 October 2012 - 07:53 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button