Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

'TR\ATRAPS.Gen2' Please, help me with removal [Solved]

Started by raquel90 , Oct 25 2013 04:36 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 raquel90

raquel90

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 25 October 2013 - 04:36 PM

Hello.

An avira pop up comes up every minute or so telling me that access to the file 'C:\Program Files\Google\Desktop\...\80000032@' containing the virus 'TR\ATRAPS.Gen2' was denied. There are two options buttons and if I press the one that says Remove then it launches a scanner.
But it cannot remove the virus. Can you help me remove it, please?

Thank you very very much.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:44, on 25/10/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\USBScan\USBScan.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Raquel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Raquel\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Raquel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
d:\Meus Documentos\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...024d6174d3e4d3e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O2 - BHO: Updater For FaceSmooch Toolbar - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files\facesmoochtb\auxi\facesmoochAu.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O4 - HKLM\..\Run: [USBScan.exe] C:\Program Files\USBScan\USBScan.exe -Hide
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [FaceSmooch Toolbar Antiphishing] "C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Raquel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Raquel\AppData\Local\Google\Desktop\Install\{0df14fe4-f29d-d29f-e9c2-c469f7c4e912}\???\???\???\{0df14fe4-f29d-d29f-e9c2-c469f7c4e912}\GoogleUpdate.exe" >
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = Raquel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualizaçăo Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 13376 bytes

    Advertisements

Register to Remove

#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 October 2013 - 06:06 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Posted Image Let's get going!!
----------

Posted Image FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Posted Image
 
 

#3 raquel90

raquel90

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 October 2013 - 06:28 PM

Hi Jeff! Thank you very very much! In fact, I cannot thank you enough!!

After reading your instructions, here are the logs.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
Ran by Raquel (administrator) on RAQUEL-PC on 27-10-2013 22:16:40
Running from D:\Meus Documentos\Desktop
Microsoft Windows 7 Home Basic (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(GAS Tecnologia) C:\PROGRA~1\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Program Files\USBScan\USBScan.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Raquel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Huawei Technologies Co., Ltd.) C:\Users\Raquel\AppData\Roaming\VIVO INTERNET\ouc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Raquel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [USBScan.exe] - C:\Program Files\USBScan\USBScan.exe [1358848 2009-08-14] ()
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [FaceSmooch Toolbar Antiphishing] - C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe [231592 2011-06-14] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096 2012-10-03] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-15] (APN)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2013-10-10] (Apple Computer, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKCU\...\Run: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [1077584 2013-01-11] (BitTorrent Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [Software Informer] - C:\Program Files\Software Informer\softinfo.exe [2859077 2011-03-22] (Informer Technologies, Inc.)
HKCU\...\Run: [fsm] - [x]
HKCU\...\Run: [SkyDrive] - C:\Users\Raquel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-17] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {b0ea7ced-38aa-11e3-bf9a-00242cae63ec} - E:\AutoRun.exe
MountPoints2: {b0ea7d18-38aa-11e3-bf9a-00242cae63ec} - E:\AutoRun.exe
Startup: C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Raquel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=150.164.255.201:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...024d6174d3e4d3e
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF976EA4283CDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...024d6174d3e4d3e
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll ()
BHO: Updater For FaceSmooch Toolbar - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files\facesmoochtb\auxi\facesmoochAu.dll (Visicom Media)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258616] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258616] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258616] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258616] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258616] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1

Chrome:
=======
CHR Extension: (MP3Rocket Toolbar) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajekbgnfkmmhjfpiialeeeepmpojj\25.60850_0
CHR Extension: (Google Docs) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Skype Click to Call) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.4.0_1
CHR Extension: (Gmail) - C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [aaaajekbgnfkmmhjfpiialeeeepmpojj] - C:\ProgramData\AskPartnerNetwork\Toolbar\MP3RV7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84536 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815672 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-15] (APN LLC.)
R2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [452136 2013-10-08] (GAS Tecnologia)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72224 2009-01-08] (O2Micro International)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{0df14fe4-f29d-d29f-e9c2-c469f7c4e912}\ \...\???\{0df14fe4-f29d-d29f-e9c2-c469f7c4e912}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-07-30] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-07-30] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-30] (Avira Operations GmbH & Co. KG)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-27] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-27] (GbPlugin NDIS Device Driver)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [51616 2009-01-08] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41760 2009-01-08] (O2Micro )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-30] (Avira GmbH)
S1 bdblpnqr; \??\C:\Windows\system32\drivers\bdblpnqr.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
S1 fbpyjbzt; \??\C:\Windows\system32\drivers\fbpyjbzt.sys [x]
S1 fvccqtwo; \??\C:\Windows\system32\drivers\fvccqtwo.sys [x]
S1 hjkfactf; \??\C:\Windows\system32\drivers\hjkfactf.sys [x]
S1 jbevlulk; \??\C:\Windows\system32\drivers\jbevlulk.sys [x]
S1 lcllbnxc; \??\C:\Windows\system32\drivers\lcllbnxc.sys [x]
S1 nttgumhl; \??\C:\Windows\system32\drivers\nttgumhl.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S1 vusdflze; \??\C:\Windows\system32\drivers\vusdflze.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 22:13 - 2013-10-27 22:13 - 00000000 ____D C:\FRST
2013-10-27 10:50 - 2013-10-27 14:50 - 103533600 _____ C:\Windows\system32\ᖉ㍃ᵌf
2013-10-27 08:49 - 2013-10-27 08:49 - 00868256 _____ C:\Windows\Minidump\102713-19203-01.dmp
2013-10-26 15:17 - 2013-10-26 17:17 - 103214166 _____ C:\Windows\system32\伅鮢ᵌl
2013-10-26 11:17 - 2013-10-26 11:17 - 103108672 _____ C:\Windows\system32\᠂ꒊᵌp
2013-10-26 09:43 - 2013-10-26 09:43 - 01034656 _____ C:\Windows\Minidump\102613-21668-01.dmp
2013-10-26 07:18 - 2013-10-26 09:17 - 103108672 _____ C:\Windows\system32\딂䙃ᵌt
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-10-25 05:45 - 2013-10-25 05:45 - 00810408 _____ C:\Windows\Minidump\102513-24492-01.dmp
2013-10-24 20:19 - 2013-10-27 21:30 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 20:19 - 2013-10-27 20:30 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 18:36 - 2013-10-24 18:36 - 00000000 ____D C:\Users\Raquel\AppData\Local\{2BA24163-BB87-43A0-8426-D08367278427}
2013-10-23 17:53 - 2013-10-23 17:53 - 102674996 _____ C:\Windows\system32\าಓᵌg
2013-10-23 17:51 - 2013-10-23 17:52 - 00000000 ____D C:\Users\Raquel\AppData\Local\{E69837EE-4CEB-49D9-9EAA-65CBCCC09CFC}
2013-10-21 08:06 - 2013-10-21 08:07 - 00000000 ____D C:\Users\Raquel\AppData\Local\{24E85A35-DE57-45A5-A0D6-055D4F96DB31}
2013-10-20 12:53 - 2013-10-20 16:53 - 102068998 _____ C:\Windows\system32\�묎ᵌi
2013-10-19 19:47 - 2013-10-19 19:47 - 00000000 ____D C:\Users\Raquel\AppData\Local\{81358D3B-B841-40E5-9508-EA751231A045}
2013-10-19 10:41 - 2013-10-19 12:40 - 101983560 _____ C:\Windows\system32\◽舢ᵌn
2013-10-19 08:45 - 2013-10-19 08:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-10-19 08:45 - 2013-10-19 08:45 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\VIVO INTERNET
2013-10-19 08:44 - 2013-10-19 08:44 - 00001032 _____ C:\Users\Public\Desktop\VIVO INTERNET.lnk
2013-10-19 08:44 - 2013-10-19 08:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-19 08:44 - 2011-01-30 19:19 - 00181760 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-19 08:44 - 2011-01-30 19:19 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-19 08:44 - 2011-01-30 19:19 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-19 08:44 - 2011-01-30 19:19 - 00064384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-19 08:44 - 2011-01-30 19:19 - 00026624 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-19 08:44 - 2010-12-24 12:48 - 00193792 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-19 08:44 - 2010-12-23 10:46 - 00353280 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-10-19 08:44 - 2010-10-08 17:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-19 08:44 - 2010-09-26 19:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-10-19 08:44 - 2010-08-06 08:42 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-19 08:44 - 2010-07-27 10:52 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-19 08:44 - 2010-03-20 13:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-19 08:44 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-10-19 08:44 - 2008-03-27 17:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-19 08:42 - 2013-10-19 08:45 - 00000000 ____D C:\Users\Todos os Usuários\DatacardService
2013-10-19 08:42 - 2013-10-19 08:45 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-19 08:42 - 2013-10-19 08:45 - 00000000 ____D C:\Program Files\VIVO INTERNET
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Raquel\AppData\Local\{4C891056-E676-4A09-B6AC-544C3817E739}
2013-10-17 16:45 - 2013-10-27 08:50 - 00000000 ___RD C:\Users\Raquel\SkyDrive
2013-10-17 16:45 - 2013-10-17 16:45 - 00002174 _____ C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Usuário Padrăo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft SkyDrive
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-17 10:53 - 2013-10-17 10:53 - 00000000 ____D C:\Users\Raquel\AppData\Local\{5CDA985C-291A-4AEE-B6EB-B6EE1B2AB516}
2013-10-17 08:03 - 2013-10-18 16:20 - 101813202 _____ C:\Windows\system32\䔙�ᵌb
2013-10-16 22:52 - 2013-10-16 22:52 - 00000000 ____D C:\Users\Raquel\AppData\Local\{3914766B-EB51-4AC3-9CC8-3AD499DF6B49}
2013-10-15 19:59 - 2013-10-15 19:59 - 00001998 _____ C:\Users\Raquel\Desktop\Cambridge TOEFL® Prep.lnk
2013-10-15 17:14 - 2013-10-15 17:14 - 00145687 _____ C:\Windows\raquel.xml
2013-10-15 16:19 - 2013-10-15 16:19 - 00000077 _____ C:\Windows\userList.xml
2013-10-15 14:40 - 2013-10-15 14:41 - 00000000 ____D C:\Users\Raquel\AppData\Local\{C13FC481-3677-486B-94C5-755EEC22DE2E}
2013-10-15 14:38 - 2013-10-15 14:38 - 00791608 _____ C:\Windows\Minidump\101513-21762-01.dmp
2013-10-15 08:14 - 2013-10-15 12:14 - 101148298 _____ C:\Windows\system32\�馟ᵌa
2013-10-12 08:35 - 2013-10-12 08:36 - 00000000 ____D C:\Users\Raquel\AppData\Local\{40BB7DD1-444F-4A51-B130-446F25CA858A}
2013-10-11 18:12 - 2013-10-11 20:12 - 100595853 _____ C:\Windows\system32\�ᵌ[
2013-10-11 18:11 - 2013-10-11 18:12 - 00000000 ____D C:\Users\Raquel\AppData\Local\{8303B2DA-EDDC-4629-A3CB-55F7C6E143E6}
2013-10-10 23:22 - 2013-10-27 08:49 - 00054156 ____H C:\Windows\QTFont.qfn
2013-10-10 23:22 - 2013-10-10 23:23 - 00001409 _____ C:\Windows\QTFont.for
2013-10-10 23:22 - 2013-10-10 23:22 - 00002601 _____ C:\Windows\system32\qtplugin.log
2013-10-10 23:22 - 1999-12-17 11:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2013-10-10 23:22 - 1999-11-10 12:05 - 00086016 _____ (MindVision) C:\Windows\unvise32qt.exe
2013-10-10 23:20 - 2013-10-23 22:27 - 00000000 ____D C:\Program Files\Longman iBT
2013-10-10 23:20 - 2013-10-17 15:39 - 00001008 _____ C:\Users\Raquel\Desktop\Longman iBT.lnk
2013-10-10 23:20 - 2013-10-10 23:23 - 00000000 ____D C:\Users\Todos os Usuários\QuickTime
2013-10-10 23:20 - 2013-10-10 23:23 - 00000000 ____D C:\ProgramData\QuickTime
2013-10-10 23:20 - 2013-10-10 23:22 - 00000000 ____D C:\Windows\system32\QuickTime
2013-10-10 23:20 - 2013-10-10 23:22 - 00000000 ____D C:\Program Files\QuickTime
2013-10-10 15:02 - 2013-10-10 21:18 - 100413408 _____ C:\Windows\system32\偬᱄n
2013-10-09 07:44 - 2013-10-09 07:44 - 00000000 ____D C:\Users\Raquel\AppData\Local\{9F829566-DB42-4987-A14E-D1E9DA39797E}
2013-10-08 18:29 - 2013-10-08 18:28 - 00720082 _____ C:\Users\Raquel\AppData\Roaming\unins000.exe
2013-10-08 10:20 - 2013-10-08 10:20 - 00000000 ____D C:\Users\Raquel\AppData\Local\{B1095421-BC65-412B-B6D0-1E3D05E2AB54}
2013-10-07 20:33 - 2013-10-08 08:41 - 99859239 _____ C:\Windows\system32\쬈ન᱄a
2013-10-07 20:32 - 2013-10-07 20:32 - 00000000 ____D C:\Users\Raquel\AppData\Local\{11C885CC-A8ED-468B-AF02-4EAF4FD5925F}
2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ____D C:\Users\Raquel\AppData\Local\{C22D7B8F-D88A-4D22-96F8-E2F29614D9B9}
2013-10-03 18:56 - 2013-10-06 10:52 - 99463930 _____ C:\Windows\system32\Ậꨬ᱄W
2013-10-03 18:54 - 2013-10-03 18:56 - 00000000 ____D C:\Users\Raquel\AppData\Local\{9D9434B1-F539-471B-8250-0F7D45F740EF}
2013-10-02 07:50 - 2013-10-02 19:50 - 98878632 _____ C:\Windows\system32\嵠逎᱄h
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Raquel\AppData\Local\{33B8E2CC-4135-446D-A368-7A909ACCF950}
2013-09-30 19:52 - 2013-10-01 19:20 - 98689490 _____ C:\Windows\system32\檐╯᱄b
2013-09-30 17:51 - 2013-09-30 17:51 - 00000000 ____D C:\Users\Raquel\AppData\Local\{0F69D033-687F-4539-AA94-19A83CE570E4}

==================== One Month Modified Files and Folders =======

2013-10-27 22:16 - 2013-01-13 11:46 - 08922042 _____ C:\Users\Raquel\AppData\Local\av.log
2013-10-27 22:16 - 2011-03-17 22:11 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\uTorrent
2013-10-27 22:13 - 2013-10-27 22:13 - 00000000 ____D C:\FRST
2013-10-27 21:38 - 2013-05-05 15:49 - 01314094 _____ C:\Windows\WindowsUpdate.log
2013-10-27 21:30 - 2013-10-24 20:19 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 21:30 - 2013-02-27 14:23 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 20:30 - 2013-10-24 20:19 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 19:04 - 2013-07-29 22:30 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-27 19:04 - 2013-07-29 22:30 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-27 18:55 - 2011-03-31 20:26 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\Software Informer
2013-10-27 16:36 - 2011-08-16 10:15 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\Dropbox
2013-10-27 14:50 - 2013-10-27 10:50 - 103533600 _____ C:\Windows\system32\ᖉ㍃ᵌf
2013-10-27 08:58 - 2009-07-14 02:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 08:58 - 2009-07-14 02:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 08:54 - 2011-02-16 04:41 - 00659474 _____ C:\Windows\system32\prfh0416.dat
2013-10-27 08:54 - 2011-02-16 04:41 - 00126766 _____ C:\Windows\system32\prfc0416.dat
2013-10-27 08:54 - 2011-02-15 23:51 - 01505924 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 08:50 - 2013-10-17 16:45 - 00000000 ___RD C:\Users\Raquel\SkyDrive
2013-10-27 08:50 - 2011-08-16 10:17 - 00000000 ___RD C:\Users\Raquel\Dropbox
2013-10-27 08:49 - 2013-10-27 08:49 - 00868256 _____ C:\Windows\Minidump\102713-19203-01.dmp
2013-10-27 08:49 - 2013-10-10 23:22 - 00054156 ____H C:\Windows\QTFont.qfn
2013-10-27 08:49 - 2013-07-29 22:32 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-27 08:49 - 2013-05-06 07:33 - 00018998 _____ C:\Windows\setupact.log
2013-10-27 08:49 - 2011-06-30 13:36 - 00000000 ____D C:\Windows\Minidump
2013-10-27 08:49 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 17:17 - 2013-10-26 15:17 - 103214166 _____ C:\Windows\system32\伅鮢ᵌl
2013-10-26 15:07 - 2011-02-16 00:12 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\PrimoPDF
2013-10-26 11:17 - 2013-10-26 11:17 - 103108672 _____ C:\Windows\system32\᠂ꒊᵌp
2013-10-26 09:43 - 2013-10-26 09:43 - 01034656 _____ C:\Windows\Minidump\102613-21668-01.dmp
2013-10-26 09:17 - 2013-10-26 07:18 - 103108672 _____ C:\Windows\system32\딂䙃ᵌt
2013-10-25 17:01 - 2013-10-25 17:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-10-25 05:45 - 2013-10-25 05:45 - 00810408 _____ C:\Windows\Minidump\102513-24492-01.dmp
2013-10-25 05:45 - 2013-05-06 07:33 - 00011894 _____ C:\Windows\PFRO.log
2013-10-24 22:30 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-24 20:20 - 2011-02-28 15:50 - 00000000 ____D C:\Program Files\Google
2013-10-24 20:19 - 2011-02-16 00:58 - 00000000 ____D C:\Users\Raquel\AppData\Local\Deployment
2013-10-24 20:13 - 2013-07-29 22:31 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-24 20:13 - 2013-07-29 22:31 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-24 20:12 - 2013-07-29 22:31 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 20:07 - 2011-02-15 23:49 - 00001396 _____ C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-24 20:01 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-24 19:58 - 2011-05-09 15:32 - 00000000 ____D C:\Program Files\SPSS
2013-10-24 19:53 - 2011-02-28 15:50 - 00000000 ____D C:\Users\Todos os Usuários\Google
2013-10-24 19:53 - 2011-02-28 15:50 - 00000000 ____D C:\ProgramData\Google
2013-10-24 19:53 - 2011-02-16 00:05 - 00000000 ____D C:\Users\Raquel\AppData\Local\Google
2013-10-24 18:36 - 2013-10-24 18:36 - 00000000 ____D C:\Users\Raquel\AppData\Local\{2BA24163-BB87-43A0-8426-D08367278427}
2013-10-24 18:35 - 2011-02-16 00:45 - 00000000 ____D C:\Users\Raquel\Tracing
2013-10-23 22:27 - 2013-10-10 23:20 - 00000000 ____D C:\Program Files\Longman iBT
2013-10-23 17:55 - 2011-08-12 01:13 - 00002019 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-23 17:55 - 2011-08-08 23:47 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-23 17:53 - 2013-10-23 17:53 - 102674996 _____ C:\Windows\system32\าಓᵌg
2013-10-23 17:52 - 2013-10-23 17:51 - 00000000 ____D C:\Users\Raquel\AppData\Local\{E69837EE-4CEB-49D9-9EAA-65CBCCC09CFC}
2013-10-21 08:07 - 2013-10-21 08:06 - 00000000 ____D C:\Users\Raquel\AppData\Local\{24E85A35-DE57-45A5-A0D6-055D4F96DB31}
2013-10-20 16:53 - 2013-10-20 12:53 - 102068998 _____ C:\Windows\system32\�묎ᵌi
2013-10-19 19:47 - 2013-10-19 19:47 - 00000000 ____D C:\Users\Raquel\AppData\Local\{81358D3B-B841-40E5-9508-EA751231A045}
2013-10-19 12:40 - 2013-10-19 10:41 - 101983560 _____ C:\Windows\system32\◽舢ᵌn
2013-10-19 08:45 - 2013-10-19 08:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-10-19 08:45 - 2013-10-19 08:45 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\VIVO INTERNET
2013-10-19 08:45 - 2013-10-19 08:42 - 00000000 ____D C:\Users\Todos os Usuários\DatacardService
2013-10-19 08:45 - 2013-10-19 08:42 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-19 08:45 - 2013-10-19 08:42 - 00000000 ____D C:\Program Files\VIVO INTERNET
2013-10-19 08:44 - 2013-10-19 08:44 - 00001032 _____ C:\Users\Public\Desktop\VIVO INTERNET.lnk
2013-10-19 08:44 - 2013-10-19 08:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-19 08:40 - 2013-10-19 08:40 - 00000000 ____D C:\Users\Raquel\AppData\Local\{4C891056-E676-4A09-B6AC-544C3817E739}
2013-10-18 18:56 - 2013-09-23 23:49 - 00001055 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-18 16:20 - 2013-10-17 08:03 - 101813202 _____ C:\Windows\system32\䔙�ᵌb
2013-10-17 23:24 - 2011-02-16 00:23 - 00000000 ____D C:\Users\Raquel\AppData\Local\Adobe
2013-10-17 23:20 - 2013-02-27 14:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-17 23:20 - 2011-05-22 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-17 22:59 - 2011-06-02 20:31 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\MP3Rocket
2013-10-17 16:45 - 2013-10-17 16:45 - 00002174 _____ C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Usuário Padrăo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00002071 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft SkyDrive
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-17 16:45 - 2013-10-17 16:45 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-17 16:45 - 2011-02-15 23:49 - 00000000 ____D C:\Users\Raquel
2013-10-17 15:39 - 2013-10-10 23:20 - 00001008 _____ C:\Users\Raquel\Desktop\Longman iBT.lnk
2013-10-17 10:53 - 2013-10-17 10:53 - 00000000 ____D C:\Users\Raquel\AppData\Local\{5CDA985C-291A-4AEE-B6EB-B6EE1B2AB516}
2013-10-16 22:52 - 2013-10-16 22:52 - 00000000 ____D C:\Users\Raquel\AppData\Local\{3914766B-EB51-4AC3-9CC8-3AD499DF6B49}
2013-10-15 19:59 - 2013-10-15 19:59 - 00001998 _____ C:\Users\Raquel\Desktop\Cambridge TOEFL® Prep.lnk
2013-10-15 17:14 - 2013-10-15 17:14 - 00145687 _____ C:\Windows\raquel.xml
2013-10-15 16:19 - 2013-10-15 16:19 - 00000077 _____ C:\Windows\userList.xml
2013-10-15 14:41 - 2013-10-15 14:40 - 00000000 ____D C:\Users\Raquel\AppData\Local\{C13FC481-3677-486B-94C5-755EEC22DE2E}
2013-10-15 14:38 - 2013-10-15 14:38 - 00791608 _____ C:\Windows\Minidump\101513-21762-01.dmp
2013-10-15 12:14 - 2013-10-15 08:14 - 101148298 _____ C:\Windows\system32\�馟ᵌa
2013-10-14 12:29 - 2011-02-16 00:06 - 00113352 _____ C:\Users\Raquel\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-13 20:49 - 2011-02-16 00:06 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\Skype
2013-10-13 00:40 - 2011-08-16 10:16 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-12 08:36 - 2013-10-12 08:35 - 00000000 ____D C:\Users\Raquel\AppData\Local\{40BB7DD1-444F-4A51-B130-446F25CA858A}
2013-10-11 20:12 - 2013-10-11 18:12 - 100595853 _____ C:\Windows\system32\�ᵌ[
2013-10-11 18:30 - 2011-03-09 14:44 - 00000000 ____D C:\Users\Raquel\AppData\Roaming\vlc
2013-10-11 18:12 - 2013-10-11 18:11 - 00000000 ____D C:\Users\Raquel\AppData\Local\{8303B2DA-EDDC-4629-A3CB-55F7C6E143E6}
2013-10-11 18:10 - 2009-07-14 02:33 - 00502872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 23:23 - 2013-10-10 23:22 - 00001409 _____ C:\Windows\QTFont.for
2013-10-10 23:23 - 2013-10-10 23:20 - 00000000 ____D C:\Users\Todos os Usuários\QuickTime
2013-10-10 23:23 - 2013-10-10 23:20 - 00000000 ____D C:\ProgramData\QuickTime
2013-10-10 23:22 - 2013-10-10 23:22 - 00002601 _____ C:\Windows\system32\qtplugin.log
2013-10-10 23:22 - 2013-10-10 23:20 - 00000000 ____D C:\Windows\system32\QuickTime
2013-10-10 23:22 - 2013-10-10 23:20 - 00000000 ____D C:\Program Files\QuickTime
2013-10-10 21:18 - 2013-10-10 15:02 - 100413408 _____ C:\Windows\system32\偬᱄n
2013-10-09 07:44 - 2013-10-09 07:44 - 00000000 ____D C:\Users\Raquel\AppData\Local\{9F829566-DB42-4987-A14E-D1E9DA39797E}
2013-10-08 18:35 - 2012-06-03 16:49 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-08 18:35 - 2012-06-03 16:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-08 18:29 - 2013-07-29 22:30 - 00027078 _____ C:\Users\Raquel\AppData\Roaming\unins000.dat
2013-10-08 18:28 - 2013-10-08 18:29 - 00720082 _____ C:\Users\Raquel\AppData\Roaming\unins000.exe
2013-10-08 10:20 - 2013-10-08 10:20 - 00000000 ____D C:\Users\Raquel\AppData\Local\{B1095421-BC65-412B-B6D0-1E3D05E2AB54}
2013-10-08 08:41 - 2013-10-07 20:33 - 99859239 _____ C:\Windows\system32\쬈ન᱄a
2013-10-07 20:32 - 2013-10-07 20:32 - 00000000 ____D C:\Users\Raquel\AppData\Local\{11C885CC-A8ED-468B-AF02-4EAF4FD5925F}
2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ____D C:\Users\Raquel\AppData\Local\{C22D7B8F-D88A-4D22-96F8-E2F29614D9B9}
2013-10-06 10:52 - 2013-10-03 18:56 - 99463930 _____ C:\Windows\system32\Ậꨬ᱄W
2013-10-03 18:56 - 2013-10-03 18:54 - 00000000 ____D C:\Users\Raquel\AppData\Local\{9D9434B1-F539-471B-8250-0F7D45F740EF}
2013-10-02 19:50 - 2013-10-02 07:50 - 98878632 _____ C:\Windows\system32\嵠逎᱄h
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Raquel\AppData\Local\{33B8E2CC-4135-446D-A368-7A909ACCF950}
2013-10-01 21:23 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-01 19:20 - 2013-09-30 19:52 - 98689490 _____ C:\Windows\system32\檐╯᱄b
2013-09-30 17:51 - 2013-09-30 17:51 - 00000000 ____D C:\Users\Raquel\AppData\Local\{0F69D033-687F-4539-AA94-19A83CE570E4}

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Raquel\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Raquel\AppData\Local\Temp\.gbas.dll
C:\Users\Raquel\AppData\Local\Temp\KERNEL.DLL
C:\Users\Raquel\AppData\Local\Temp\utt1DEA.tmp.exe
C:\Users\Raquel\AppData\Local\Temp\utt4E8B.tmp.exe
C:\Users\Raquel\AppData\Local\Temp\utt4EE8.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-10-11 21:04

==================== End Of Log ============================

#4 raquel90

raquel90

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 October 2013 - 06:31 PM

I forgot to attach the Addition.txt, sorry. Here it is.

Attached Files


#5 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 October 2013 - 06:01 AM

Hi,

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#6 raquel90

raquel90

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 28 October 2013 - 10:13 AM

Jeff, I see. Well, that's kind of a hard decision.. I've been thinking about it, and given that I have this computer for years now, maybe it is a good idea to format my Operating System, that way not only can I really get rid of the virus but I can clean my computer from old things that I do not use anymore. My brother downloaded an tutorial installation of the Operating System from the Dell Support. and we are going to do it. Can I ask you if you have any idea of how I got the virus? I know that formating and restalling is only part of the solution because I still need to be carefull, right? I cannot thank you enough for all your help!

#7 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 October 2013 - 11:15 AM

Hi,

I think that you are making the right decision with this. Even though the infection could be cleared, the ability for me to say that your system will ever be safe again would not be possible. The best course of action for this is exactly what you are doing. :)

As for how you got infected, it is really hard to say with any real certainty. There are so many ways that a system can get infected.


Here is some good info to try and help you stay safer in the future. :) I hope it helps.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.
Posted Image
 
 

#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 October 2013 - 07:15 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·