Konishi
Posts: 149 +0
Well, it's pretty much the title says.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.03.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Konishi :: KONISHI-PC [administrador]
20/03/2013 01:50:33
mbam-log-2013-03-20 (01-50-33).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 225347
Tempo decorrido: 4 minuto(s), 31 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.17.2
Run by Konishi at 1:57:45 on 2013-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1504 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1
mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexao do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DAF52EFE-A7A6-451B-8BD2-065EBBC87845} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\45865697355656D45625F6C6C696E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\6516F6355664F646562756D6 : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_491\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\Users\Konishi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407&q=
FF - user.js: extensions.funmoods.id - 406186AF43577B5F
FF - user.js: extensions.funmoods.instlDay - 15704
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub12
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub12
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e01a7b5f0000000000000025d37e73f1&q=
FF - user.js: extensions.BabylonToolbar.id - e01a7b5f0000000000000025d37e73f1
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15706
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.217:35:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110825&tt=010113_ctrl_0113_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-20 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-20 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-20 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-20 45248]
R3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 178624]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-6 283200]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-20 1025808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2012-6-7 98104]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2012-6-7 111864]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2012-6-7 166712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-6-5 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-6-10 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-5 59392]
S3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2013-03-20 04:49:06 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Malwarebytes
2013-03-20 04:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-20 04:48:39 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-20 04:48:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:38:02 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-20 04:38:01 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-20 04:38:00 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-20 04:37:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-20 04:37:54 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-20 04:36:53 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-20 04:36:36 -------- d-----w- C:\Program Files\AVAST Software
2013-03-20 04:35:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-16 10:28:20 0 ----a-w- C:\Windows\SysWow64\sho4A4E.tmp
2013-03-15 08:19:44 -------- d-----w- C:\Users\Konishi\AppData\Roaming\DigitalCute
2013-03-14 09:41:05 0 ----a-w- C:\Windows\SysWow64\shoCDD6.tmp
2013-03-14 02:36:51 -------- d-----w- C:\Users\Konishi\dwhelper
2013-03-10 01:09:25 -------- d-----w- C:\Users\Konishi\AppData\Roaming\HpUpdate
2013-03-10 01:08:44 -------- d-----w- C:\Program Files (x86)\HP
2013-03-10 01:08:20 -------- d-----w- C:\Program Files\HP
2013-03-10 01:06:55 -------- d-----w- C:\Users\Konishi\AppData\Local\HP
2013-03-10 00:37:03 -------- d-----w- C:\Users\Konishi\.receitanet
2013-03-09 22:36:38 -------- d-----w- C:\Program Files (x86)\Programas RFB
2013-03-09 22:36:04 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2013-03-09 22:35:58 -------- d-----w- C:\Arquivos de Programas RFB
2013-03-09 22:34:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 03:46:21 -------- d-----w- C:\Windows\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\ja
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\0411
2013-02-28 03:46:10 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\ja
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\0411
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\ja-JP
2013-02-28 03:45:54 -------- d-----w- C:\Windows\System32\wbem\ja-JP
2013-02-28 03:37:59 6656 ----a-w- C:\Windows\System32\drivers\ja-JP\serial.sys.mui
.
==================== Find3M ====================
.
2013-03-15 22:59:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:59:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-09 22:34:04 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 22:34:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-13 01:58:00 2260208 ----a-w- C:\Windows\System32\btscan.exe
2013-02-06 18:31:18 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-02-06 08:52:00 111864 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
2013-01-29 07:57:31 0 ----a-w- C:\Windows\SysWow64\shoCB3E.tmp
2013-01-01 21:06:17 319488 ----a-w- C:\Windows\HideWin.exe
2012-12-29 10:34:47 9389888 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
.
============= FINISH: 1:59:13,39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05/06/2012 17:56:51
System Uptime: 19/03/2013 17:12:51 (8 hours ago)
.
Motherboard: Micro-Star International | | CR400 / CR401
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 1386/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 193,558 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Co-processador
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Manufacturer:
Name: Co-processador
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP34: 17/03/2013 22:28:22 - Ponto de Verificacao Agendado
RP35: 20/03/2013 01:36:01 - Configuracao do(a) avast! Free Antivirus
.
==== Installed Programs ======================
.
??????
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AhnLab Online Security
Assistente de Conexao do Windows Live
Atualizacoes da NVIDIA 1.11.3
avast! Free Antivirus
BYOND
CCleaner
DAEMON Tools Lite
Device Doctor v2.1
Ferramenta de Carregamento do Windows Live
Google Chrome
HP Deskjet 1050 J410 series Ajuda
HP Update
IRPF2013 - Declaracao de Ajuste Anual, Final de Espolio e Saida Definitiva do Pais
Java 7 Update 17
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware vers縊 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office com Clique para Executar 2010
Microsoft Office Starter 2010 - Portugues (Brasil)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366
MSVCRT
NeoplePlugin
NVIDIA Driver de graficos 310.90
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software do sistema PhysX 9.12.1031
NVIDIA Update Components
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Portugues (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Portugues (Brasil)
Painel de controle da NVIDIA 310.90
Pando Media Booster
Razer Game Booster
Receitanet
Revo Uninstaller Pro 2.5.8
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Software basico do dispositivo HP Deskjet 1050 J410 series
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR 4.11 (32-bit)
μTorrent
.
==== End Of File ===========================
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.03.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Konishi :: KONISHI-PC [administrador]
20/03/2013 01:50:33
mbam-log-2013-03-20 (01-50-33).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 225347
Tempo decorrido: 4 minuto(s), 31 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.17.2
Run by Konishi at 1:57:45 on 2013-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1046.18.3197.1504 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110825&tt=010113_ctrl_0113_8&babsrc=HP_ss&mntrId=e01a7b5f0000000000000025d37e73f1
mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexao do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Konishi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DAF52EFE-A7A6-451B-8BD2-065EBBC87845} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\45865697355656D45625F6C6C696E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4538117-7748-4255-984D-62C44B59DEA3}\6516F6355664F646562756D6 : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://br.hao123.com/?tn=brosoft_hp_hao123_br
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_491\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\Users\Konishi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-13 23:25; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\qwm5xdex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyC0A0FyEtAyDyByB0ByD0FtN0D0Tzu0CtAyCyDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=926495407&q=
FF - user.js: extensions.funmoods.id - 406186AF43577B5F
FF - user.js: extensions.funmoods.instlDay - 15704
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub12
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub12
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e01a7b5f0000000000000025d37e73f1&q=
FF - user.js: extensions.BabylonToolbar.id - e01a7b5f0000000000000025d37e73f1
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15706
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.217:35:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110825&tt=010113_ctrl_0113_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-20 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-20 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-20 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-20 45248]
R3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 178624]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-6 283200]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-20 1025808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2012-6-7 98104]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2012-6-7 111864]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2012-6-7 166712]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-6-5 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-6-10 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-5 59392]
S3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2013-03-20 04:49:06 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Malwarebytes
2013-03-20 04:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-20 04:48:39 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-20 04:48:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 04:38:02 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-20 04:38:01 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-20 04:38:00 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-20 04:37:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-20 04:37:54 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-20 04:36:53 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-20 04:36:36 -------- d-----w- C:\Program Files\AVAST Software
2013-03-20 04:35:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-16 10:28:20 0 ----a-w- C:\Windows\SysWow64\sho4A4E.tmp
2013-03-15 08:19:44 -------- d-----w- C:\Users\Konishi\AppData\Roaming\DigitalCute
2013-03-14 09:41:05 0 ----a-w- C:\Windows\SysWow64\shoCDD6.tmp
2013-03-14 02:36:51 -------- d-----w- C:\Users\Konishi\dwhelper
2013-03-10 01:09:25 -------- d-----w- C:\Users\Konishi\AppData\Roaming\HpUpdate
2013-03-10 01:08:44 -------- d-----w- C:\Program Files (x86)\HP
2013-03-10 01:08:20 -------- d-----w- C:\Program Files\HP
2013-03-10 01:06:55 -------- d-----w- C:\Users\Konishi\AppData\Local\HP
2013-03-10 00:37:03 -------- d-----w- C:\Users\Konishi\.receitanet
2013-03-09 22:36:38 -------- d-----w- C:\Program Files (x86)\Programas RFB
2013-03-09 22:36:04 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2013-03-09 22:35:58 -------- d-----w- C:\Arquivos de Programas RFB
2013-03-09 22:34:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 03:46:21 -------- d-----w- C:\Windows\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\ja
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
2013-02-28 03:46:11 -------- d-----w- C:\Windows\SysWow64\0411
2013-02-28 03:46:10 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\ja
2013-02-28 03:46:00 -------- d-----w- C:\Windows\System32\0411
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2013-02-28 03:45:57 -------- d-----w- C:\Windows\System32\drivers\ja-JP
2013-02-28 03:45:54 -------- d-----w- C:\Windows\System32\wbem\ja-JP
2013-02-28 03:37:59 6656 ----a-w- C:\Windows\System32\drivers\ja-JP\serial.sys.mui
.
==================== Find3M ====================
.
2013-03-15 22:59:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:59:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-09 22:34:04 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 22:34:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-13 01:58:00 2260208 ----a-w- C:\Windows\System32\btscan.exe
2013-02-06 18:31:18 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-02-06 08:52:00 111864 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
2013-01-29 07:57:31 0 ----a-w- C:\Windows\SysWow64\shoCB3E.tmp
2013-01-01 21:06:17 319488 ----a-w- C:\Windows\HideWin.exe
2012-12-29 10:34:47 9389888 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
.
============= FINISH: 1:59:13,39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05/06/2012 17:56:51
System Uptime: 19/03/2013 17:12:51 (8 hours ago)
.
Motherboard: Micro-Star International | | CR400 / CR401
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 1386/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 193,558 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Co-processador
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Manufacturer:
Name: Co-processador
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_101A1462&REV_B1\3&267A616A&0&1D
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP34: 17/03/2013 22:28:22 - Ponto de Verificacao Agendado
RP35: 20/03/2013 01:36:01 - Configuracao do(a) avast! Free Antivirus
.
==== Installed Programs ======================
.
??????
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AhnLab Online Security
Assistente de Conexao do Windows Live
Atualizacoes da NVIDIA 1.11.3
avast! Free Antivirus
BYOND
CCleaner
DAEMON Tools Lite
Device Doctor v2.1
Ferramenta de Carregamento do Windows Live
Google Chrome
HP Deskjet 1050 J410 series Ajuda
HP Update
IRPF2013 - Declaracao de Ajuste Anual, Final de Espolio e Saida Definitiva do Pais
Java 7 Update 17
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware vers縊 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office com Clique para Executar 2010
Microsoft Office Starter 2010 - Portugues (Brasil)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366
MSVCRT
NeoplePlugin
NVIDIA Driver de graficos 310.90
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software do sistema PhysX 9.12.1031
NVIDIA Update Components
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Portugues (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Portugues (Brasil)
Painel de controle da NVIDIA 310.90
Pando Media Booster
Razer Game Booster
Receitanet
Revo Uninstaller Pro 2.5.8
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Software basico do dispositivo HP Deskjet 1050 J410 series
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR 4.11 (32-bit)
μTorrent
.
==== End Of File ===========================