leonel

thank you very much!

sorry duplicate posts it seems that the file that identifies pro malwarebytes was not sent. HGWC.zip

malwarebytes identifies as a trojan file is legitimate. link scan: https://www.virustotal.com/pt/file/1893e3f5c13e750246b9f0db8526afb679cbdc82cd45038127d7a498e5765778/analysis/1381247820/

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:48:12, on 25/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Comodo\Dragon\dragon_updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Shadow Defender\DefenderDaemon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Process Hacker 2\ProcessHacker.exe C:\Users\AVERTCOM\Downloads\Compressed\CCE\KillSwitch.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\AVERTCOM\Desktop\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /Auto O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6678 bytes =================================================================== Internet Explorer 9.0.8112.16421 AVERTCOM :: AVERTCOM-PC [administrador] Proteção: Não permitir 25/03/2012 18:46:31 mbam-log-2012-03-25 (18-46-31).txt Tipo de Verificação: Verificação Completa Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 276767 Tempo decorrido: 59 minuto(s), 23 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) ===================================================================== Norman Malware Cleaner v2.05.04 Copyright © 1990 - 2012, Norman ASA. Norman Scanner Engine Version: 6.08.03 nvcbin.def: Version: 6.08.00, Date: 2012/03/25 05:03:19, Variants: 14901583 nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 08:20:35, Variants: 20465 Operating System: Windows 7 Service Pack 1 Switches: /iagree /verbose /noclean /cleanrootkit Scan started: 2012/03/25 18:03:09 Running pre-scan cleanup routine... Number of malicious objects found: 0 Number of malicious objects cleaned: 0 Scanning time: 1s Scanning system for active rootkit activity... Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Number of malicious objects found: 17 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 2s Scanning running processes and process memory... Number of objects found: 971 Number of objects scanned: 971 Number of objects not scanned: 0 Number of malicious memory objects found: 0 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 1m 59s Scan aborted by user Results: Total number of files found: 0 Total number of archives unpacked: 0 Total number of objects found: 971 Total number of objects scanned: 971 Total number of objects not scanned: 0 Total number of malicious objects found: 17 Total number of malicious objects cleaned: 0 Total number of malicious files found: 0 Total number of malicious files cleaned: 0 Total number of objects quarantined: 0 Total scanning time: 2m 2s OBS:longer scan times for 5 with 4 NORMAN malware cleaner to clean them but when you restart or shut down your PC malware back Attach.txtDDS.txt

sorry is error

log hijackthis: http://pastebin.com/SLRt4dPU log Norman_Malware_Cleaner:http://pastebin.com/S6FgTCzN log combofix: http://pastebin.com/5m8Z6mce