Jump to content

(Whistler / Black Internet)!


Recommended Posts

I have this prob...

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Enterprise Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: P5K SE/EPU

Logical Drives Mask: 0x0200007c

Kernel Drivers (total 189):

0x02A65000 \SystemRoot\system32\ntoskrnl.exe

0x02A1C000 \SystemRoot\system32\hal.dll

0x00BBA000 \SystemRoot\system32\kdcom.dll

0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D3D000 \SystemRoot\system32\PSHED.dll

0x00D51000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00E41000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EE5000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x0101B000 \SystemRoot\System32\Drivers\spmk.sys

0x01141000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x0114A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x01179000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x011D0000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x011DA000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00EF4000 \SystemRoot\system32\DRIVERS\pci.sys

0x011E7000 \SystemRoot\System32\drivers\partmgr.sys

0x01000000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00F27000 \SystemRoot\System32\drivers\volmgrx.sys

0x00F83000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00F8A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00F9A000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FB4000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00FBD000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00FE7000 \SystemRoot\system32\drivers\amdxata.sys

0x00DAF000 \SystemRoot\system32\drivers\fltmgr.sys

0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys

0x01232000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01491000 \SystemRoot\System32\Drivers\msrpc.sys

0x014EF000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0150A000 \SystemRoot\System32\Drivers\cng.sys

0x0157D000 \SystemRoot\System32\drivers\pcw.sys

0x0158E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0169F000 \SystemRoot\system32\drivers\ndis.sys

0x01791000 \SystemRoot\system32\drivers\NETIO.SYS

0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01803000 \SystemRoot\System32\drivers\tcpip.sys

0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01598000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01685000 \SystemRoot\System32\Drivers\spldr.sys

0x01400000 \SystemRoot\System32\drivers\rdyboost.sys

0x0168D000 \SystemRoot\System32\Drivers\mup.sys

0x017F1000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01474000 \SystemRoot\system32\DRIVERS\disk.sys

0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x00E14000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02C2F000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x02CC7000 \SystemRoot\System32\Drivers\Null.SYS

0x02CD0000 \SystemRoot\System32\Drivers\Beep.SYS

0x02CD7000 \SystemRoot\System32\drivers\vga.sys

0x02CE5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02D0A000 \SystemRoot\System32\drivers\watchdog.sys

0x02D1A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02D23000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02D2C000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02D35000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02D40000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02D51000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02D6F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02D7C000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x03A9C000 \SystemRoot\system32\drivers\afd.sys

0x03B25000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x03B2F000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03B74000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03B7D000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03BA3000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03BB2000 \SystemRoot\system32\DRIVERS\serial.sys

0x03BCF000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03BEA000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03A00000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x03A0A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x03A14000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03A65000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03A71000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03A7C000 \SystemRoot\System32\drivers\discache.sys

0x03C8E000 \SystemRoot\system32\drivers\csc.sys

0x03D11000 \SystemRoot\System32\Drivers\dfsc.sys

0x03D2F000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03D40000 \SystemRoot\System32\Drivers\aswSP.SYS

0x03D8D000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03DB3000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0488B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0420A000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x042FE000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04344000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04351000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x043A7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x043B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x043DC000 \SystemRoot\system32\DRIVERS\l160x64.sys

0x043EE000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x05393000 \SystemRoot\system32\DRIVERS\serenum.sys

0x0539F000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x053BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04800000 \SystemRoot\System32\Drivers\ab0wrktn.SYS

0x04845000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x043F6000 \SystemRoot\system32\DRIVERS\bbcap.sys

0x04855000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x053CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x053F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03DC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0486B000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03C00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03C21000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03C3B000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x03C46000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x043FD000 \SystemRoot\system32\DRIVERS\swenum.sys

0x02D8A000 \SystemRoot\system32\DRIVERS\ks.sys

0x03C55000 \SystemRoot\system32\DRIVERS\umbus.sys

0x056B5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0570F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05724000 \SystemRoot\system32\drivers\HdAudio.sys

0x05780000 \SystemRoot\system32\drivers\portcls.sys

0x057BD000 \SystemRoot\system32\drivers\drmk.sys

0x057DF000 \SystemRoot\system32\drivers\ksthunk.sys

0x05600000 \SystemRoot\system32\DRIVERS\udfs.sys

0x00080000 \SystemRoot\System32\win32k.sys

0x05655000 \SystemRoot\System32\drivers\Dxapi.sys

0x05661000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0566F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05688000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05691000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x05693000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x056A0000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004B0000 \SystemRoot\System32\TSDDD.dll

0x00770000 \SystemRoot\System32\cdd.dll

0x057E5000 \SystemRoot\System32\Drivers\crashdmp.sys

0x057F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04200000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x03C67000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x02DCD000 \SystemRoot\system32\drivers\luafv.sys

0x07425000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x0745F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x07468000 \SystemRoot\system32\drivers\WudfPf.sys

0x07489000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0749E000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x074B6000 \SystemRoot\system32\drivers\HTTP.sys

0x0757D000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0759B000 \SystemRoot\System32\drivers\mpsdrv.sys

0x075B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x08885000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x088D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x088F7000 \SystemRoot\system32\drivers\peauth.sys

0x0899D000 \SystemRoot\System32\Drivers\secdrv.SYS

0x089A8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x089D5000 \SystemRoot\System32\drivers\tcpipreg.sys

0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys

0x098DB000 \SystemRoot\System32\DRIVERS\srv.sys

0x09970000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77090000 \Windows\System32\ntdll.dll

0x47FB0000 \Windows\System32\smss.exe

0xFF3B0000 \Windows\System32\apisetschema.dll

0xFF4A0000 \Windows\System32\autochk.exe

0xFF320000 \Windows\System32\shlwapi.dll

0xFF310000 \Windows\System32\nsi.dll

0x76E80000 \Windows\System32\iertutil.dll

0xFF130000 \Windows\System32\setupapi.dll

0xFE3A0000 \Windows\System32\shell32.dll

0xFE380000 \Windows\System32\sechost.dll

0xFE360000 \Windows\System32\imagehlp.dll

0xFE2F0000 \Windows\System32\gdi32.dll

0xFE2A0000 \Windows\System32\ws2_32.dll

0x77260000 \Windows\System32\normaliz.dll

0x76D20000 \Windows\System32\wininet.dll

0xFE1C0000 \Windows\System32\oleaut32.dll

0xFE1B0000 \Windows\System32\lpk.dll

0x76C20000 \Windows\System32\user32.dll

0xFE110000 \Windows\System32\clbcatq.dll

0x77250000 \Windows\System32\psapi.dll

0x76AD0000 \Windows\System32\urlmon.dll

0xFE0C0000 \Windows\System32\Wldap32.dll

0xFDFF0000 \Windows\System32\usp10.dll

0x769B0000 \Windows\System32\kernel32.dll

0xFDDE0000 \Windows\System32\ole32.dll

0xFDD40000 \Windows\System32\msvcrt.dll

0xFDC10000 \Windows\System32\rpcrt4.dll

0xFDB00000 \Windows\System32\msctf.dll

0xFDA60000 \Windows\System32\comdlg32.dll

0xFD980000 \Windows\System32\advapi32.dll

0xFD900000 \Windows\System32\difxapi.dll

0xFD8D0000 \Windows\System32\imm32.dll

0xFD760000 \Windows\System32\crypt32.dll

0xFD740000 \Windows\System32\devobj.dll

0xFD700000 \Windows\System32\cfgmgr32.dll

0xFD690000 \Windows\System32\KernelBase.dll

0xFD650000 \Windows\System32\wintrust.dll

0xFD5B0000 \Windows\System32\comctl32.dll

0xFD5A0000 \Windows\System32\msasn1.dll

Processes (total 55):

0 System Idle Process

4 System

340 C:\Windows\System32\smss.exe

436 csrss.exe

496 C:\Windows\System32\wininit.exe

520 csrss.exe

556 C:\Windows\System32\services.exe

584 C:\Windows\System32\lsass.exe

592 C:\Windows\System32\lsm.exe

628 C:\Windows\System32\winlogon.exe

728 C:\Windows\System32\svchost.exe

836 C:\Windows\System32\svchost.exe

932 C:\Windows\System32\svchost.exe

964 C:\Windows\System32\svchost.exe

1004 C:\Windows\System32\svchost.exe

992 C:\Windows\System32\svchost.exe

1120 C:\Windows\System32\svchost.exe

1184 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1352 C:\Windows\System32\dwm.exe

1376 C:\Windows\explorer.exe

1660 C:\Windows\System32\spoolsv.exe

1692 C:\Windows\System32\taskhost.exe

1744 C:\Windows\System32\svchost.exe

1860 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1900 C:\Windows\System32\svchost.exe

1952 C:\Windows\SysWOW64\PnkBstrA.exe

1196 C:\Windows\System32\svchost.exe

1368 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

1332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2104 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2552 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

2728 C:\Windows\System32\svchost.exe

2204 C:\Windows\WindowsMobile\wmdc.exe

2816 C:\Windows\System32\svchost.exe

2776 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

3324 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

3348 C:\Program Files\Windows Sidebar\sidebar.exe

3408 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

3448 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

3596 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

3784 C:\Windows\System32\SearchIndexer.exe

4584 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

4880 C:\Windows\System32\svchost.exe

4368 C:\Program Files\Windows Media Player\wmpnetwk.exe

2764 C:\Windows\System32\wuauclt.exe

4148 C:\Windows\System32\audiodg.exe

3108 C:\Windows\System32\notepad.exe

1084 C:\Windows\System32\SearchFilterHost.exe

3016 C:\Windows\System32\SearchProtocolHost.exe

3232 MpCmdRun.exe

2664 C:\Program Files (x86)\Internet Explorer\iexplore.exe

3284 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2572 C:\Users\Miguel Silva\Downloads\MBRCheck.exe

2056 C:\Windows\System32\conhost.exe

4796 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\Z: --> \\.\PhysicalDrive2 at offset 0x00000060`4989cc00 (NTFS)

PhysicalDrive2 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

PhysicalDrive0 Model Number: MAXTORSTM3320820A, Rev: 3.AAE

PhysicalDrive1 Model Number: Maxtor6L250R0, Rev: BAJ41G20

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

298 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

SHA1: EDF98C43E151E4C218A67A4D172BACF36FE25E4F

233 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!

SHA1: EDF98C43E151E4C218A67A4D172BACF36FE25E4F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 0

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Miguel Silva at 0:14:26 on 2011-07-05

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.351.2070.18.4095.2122 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~3\MICROS~1\Office14\GROOVEEX.DLL

BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~3\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\MIGUEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &HTPE - C:\Program Files (x86)\hattriX\HTPE.htm

IE: E&nviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\Miguel Silva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{5DF92321-689F-4140-A912-27E54012C065} : DhcpNameServer = 192.168.1.254 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~3\MICROS~1\Office14\GROOVEEX.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Miguel Silva\AppData\Roaming\Mozilla\Firefox\Profiles\y9inbbd8.default\

FF - plugin: C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Users\MIGUEL~1\AppData\LocalLow\POWERC~1\nppowerloader.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-7-4 42184]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]

R3 AtcL001;Controlador de Miniporta NDIS para o Controlador Atheros L1 Gigabit Ethernet;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?]

R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-04 23:01:33 -------- d-----w- C:\Program Files (x86)\ESET

2011-07-04 22:24:05 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{AE223EBC-B351-4B96-A754-00B09257307E}

2011-07-04 22:03:47 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-04 21:28:29 98816 ----a-w- C:\Windows\sed.exe

2011-07-04 21:28:29 518144 ----a-w- C:\Windows\SWREG.exe

2011-07-04 21:28:29 256000 ----a-w- C:\Windows\PEV.exe

2011-07-04 21:28:29 208896 ----a-w- C:\Windows\MBR.exe

2011-07-04 21:21:41 -------- d-----w- C:\Users\Miguel Silva\AppData\Roaming\SUPERAntiSpyware.com

2011-07-04 21:21:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-07-04 21:21:38 -------- d-----w- C:\ProgramData\!SASCORE

2011-07-04 21:21:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-07-04 10:21:51 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{62139171-8524-4397-9BE4-F894D81CE32C}

2011-07-03 22:21:17 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{DE1E44A7-3C15-430C-BA5A-56A581ABD0BA}

2011-07-03 10:20:52 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{5CF61539-C254-459E-B1D6-465AFD4D649B}

2011-07-02 12:23:19 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{44B72E67-3A8B-42DD-880E-85DF5C3A1DFD}

2011-07-01 18:25:50 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{02D300F3-BBA7-48C7-B4E4-D66857B5BDC4}

2011-07-01 06:29:23 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FC4AB3C-DE66-4AFB-A1CB-D137E40C8FA1}\mpengine.dll

2011-07-01 06:25:26 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{2B4AB433-2BFB-4C30-9FD7-651D9A25D526}

2011-06-30 20:15:58 -------- d-----w- C:\Program Files (x86)\CDRFMSOFT

2011-06-30 12:27:04 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{926BF8EA-DD04-4F4E-95BC-B39A5E0B0128}

2011-06-29 12:25:53 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{997868DD-8590-442F-BD3F-44173AFF6830}

2011-06-28 12:23:59 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{41C97552-614B-4819-ACE5-460402127913}

2011-06-27 17:14:50 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{EA916703-9C88-4910-A6A7-45F7DC8F0F08}

2011-06-23 15:46:06 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{02151CAD-F499-4C66-BC51-667B06E7A45F}

2011-06-22 17:15:29 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{24C5DB78-86E0-4FC8-AFCF-0050BAD23A95}

2011-06-21 20:19:18 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{189F4B29-EB16-4579-BE4E-D2200B574825}

2011-06-20 12:28:06 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{8DFEF537-F555-4678-99C4-131CFFAD9AA9}

2011-06-19 10:18:19 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{ECF3B896-342E-4A99-9A4F-284D397A6487}

2011-06-18 13:52:11 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{E8D4A0C4-F200-4BAC-9A6E-9C8490BC1E76}

2011-06-17 16:46:27 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{EF1EDAE3-9F6B-4119-BC13-E03338671B39}

2011-06-16 16:51:18 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2011-06-16 16:51:11 1893248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-16 16:51:10 499712 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-06-16 16:51:10 288128 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2011-06-16 16:51:05 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-16 16:51:05 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-06-16 16:51:05 128512 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-06-16 16:51:02 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-16 16:50:59 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-06-16 16:50:59 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-06-16 16:50:59 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-06-16 16:50:59 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-06-16 16:50:56 460800 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-16 16:50:56 399360 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-16 16:50:56 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-16 16:50:53 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-16 16:50:53 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-16 16:50:50 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-16 16:50:50 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-16 16:44:25 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{0AF2115D-1CC3-44A5-A206-45F79F43CF1B}

2011-06-15 20:54:51 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{694C2B72-2B45-4E07-AA23-4D5D39849C5F}

2011-06-14 21:45:17 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{E0F391C5-15EC-4175-9B66-093F5FEA168A}

2011-06-13 16:27:27 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{EFA0A1B5-1018-4474-BDE8-FE0A59528438}

2011-06-12 21:51:14 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{A06F3348-0ABD-4A46-886F-466D5C4A3AAC}

2011-06-09 16:34:40 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{8B254378-697E-4F9F-84E9-D80222BAAD2F}

2011-06-07 20:11:10 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{E762A7BE-04CC-498F-BA07-F7377ECFD18C}

2011-06-06 17:51:01 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{E8A927B2-2B76-466D-99F0-FED729AE051A}

2011-06-05 21:44:45 -------- d-----w- C:\Users\Miguel Silva\AppData\Local\{0B8FF030-FF25-492A-86D8-4E14728CB3FD}

.

==================== Find3M ====================

.

2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-06-21 20:47:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-19 16:32:50 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 20:17:25 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-09 17:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-04-09 17:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-04-09 06:54:07 5475712 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:21:36 3967360 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:21:32 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

.

============= FINISH: 0:16:20,92 ===============

ComboFix 11-07-03.04 - Miguel Silva 04-07-2011 22:30:28.1.4 - x64

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.351.2070.18.4095.2629 [GMT 1:00]

Executando de: c:\users\Miguel Silva\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Miguel Silva\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1422EE04-2BCD-4129-8070-1934DA2E401F}.xps

c:\users\Miguel Silva\AppData\Local\Microsoft\Windows\Temporary Internet Files\{38AB2E6D-05BC-4233-AD9C-850DC97CF8E4}.xps

c:\users\Miguel Silva\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DED5E372-875C-4F4B-9361-151F338832CC}.xps

c:\users\Miguel Silva\AppData\Roaming\GrabIt

c:\users\Miguel Silva\AppData\Roaming\GrabIt\Batch.gba

.

A cópia de c:\windows\SysWow64\hid.dll foi encontrada e desinfectada

Cópia restaurada de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!hid.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))

.

.

2011-07-04 21:41 . 2011-07-04 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-04 21:41 . 2011-07-04 21:41 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2011-07-04 21:21 . 2011-07-04 21:21 -------- d-----w- c:\users\Miguel Silva\AppData\Roaming\SUPERAntiSpyware.com

2011-07-04 21:21 . 2011-07-04 21:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-04 21:21 . 2011-07-04 21:21 -------- d-----w- c:\programdata\!SASCORE

2011-07-04 21:21 . 2011-07-04 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-04 10:21 . 2011-07-04 10:22 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{62139171-8524-4397-9BE4-F894D81CE32C}

2011-07-03 22:21 . 2011-07-03 22:21 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{DE1E44A7-3C15-430C-BA5A-56A581ABD0BA}

2011-07-03 10:20 . 2011-07-03 10:21 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{5CF61539-C254-459E-B1D6-465AFD4D649B}

2011-07-02 12:23 . 2011-07-02 12:23 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{44B72E67-3A8B-42DD-880E-85DF5C3A1DFD}

2011-07-01 18:25 . 2011-07-01 18:26 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{02D300F3-BBA7-48C7-B4E4-D66857B5BDC4}

2011-07-01 06:29 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FC4AB3C-DE66-4AFB-A1CB-D137E40C8FA1}\mpengine.dll

2011-07-01 06:25 . 2011-07-01 06:25 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{2B4AB433-2BFB-4C30-9FD7-651D9A25D526}

2011-06-30 20:15 . 2011-06-30 20:15 -------- d-----w- c:\program files (x86)\CDRFMSOFT

2011-06-30 12:27 . 2011-06-30 12:27 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{926BF8EA-DD04-4F4E-95BC-B39A5E0B0128}

2011-06-29 12:25 . 2011-06-30 00:26 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{997868DD-8590-442F-BD3F-44173AFF6830}

2011-06-28 12:23 . 2011-06-28 12:24 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{41C97552-614B-4819-ACE5-460402127913}

2011-06-27 17:14 . 2011-06-27 17:15 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{EA916703-9C88-4910-A6A7-45F7DC8F0F08}

2011-06-23 15:46 . 2011-06-23 15:46 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{02151CAD-F499-4C66-BC51-667B06E7A45F}

2011-06-22 17:15 . 2011-06-22 17:15 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{24C5DB78-86E0-4FC8-AFCF-0050BAD23A95}

2011-06-21 20:19 . 2011-06-21 20:19 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{189F4B29-EB16-4579-BE4E-D2200B574825}

2011-06-20 12:28 . 2011-06-21 00:28 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{8DFEF537-F555-4678-99C4-131CFFAD9AA9}

2011-06-19 16:32 . 2011-06-19 16:32 -------- d-----w- c:\program files\Java

2011-06-19 10:18 . 2011-06-19 22:19 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{ECF3B896-342E-4A99-9A4F-284D397A6487}

2011-06-18 13:52 . 2011-06-18 13:52 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{E8D4A0C4-F200-4BAC-9A6E-9C8490BC1E76}

2011-06-17 16:46 . 2011-06-17 16:46 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{EF1EDAE3-9F6B-4119-BC13-E03338671B39}

2011-06-16 16:51 . 2011-04-27 02:45 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 16:51 . 2011-04-25 05:28 1893248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 16:51 . 2011-04-25 05:28 288128 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-06-16 16:51 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 16:51 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 16:51 . 2011-05-04 02:41 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 16:51 . 2011-05-04 02:41 128512 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 16:51 . 2011-05-28 03:06 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-16 16:50 . 2011-01-17 06:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-16 16:50 . 2011-01-17 06:12 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-16 16:50 . 2011-01-17 05:30 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-06-16 16:50 . 2011-01-17 05:30 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-06-16 16:50 . 2011-04-29 03:06 460800 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 16:50 . 2011-04-29 03:06 399360 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 16:50 . 2011-04-29 03:06 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 16:50 . 2010-12-18 06:09 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 16:50 . 2010-12-18 05:30 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-16 16:50 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 16:50 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-16 16:44 . 2011-06-16 16:44 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{0AF2115D-1CC3-44A5-A206-45F79F43CF1B}

2011-06-15 20:54 . 2011-06-15 20:55 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{694C2B72-2B45-4E07-AA23-4D5D39849C5F}

2011-06-14 21:45 . 2011-06-14 21:45 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{E0F391C5-15EC-4175-9B66-093F5FEA168A}

2011-06-13 16:27 . 2011-06-13 16:27 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{EFA0A1B5-1018-4474-BDE8-FE0A59528438}

2011-06-12 21:51 . 2011-06-12 21:51 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{A06F3348-0ABD-4A46-886F-466D5C4A3AAC}

2011-06-09 16:34 . 2011-06-09 16:34 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{8B254378-697E-4F9F-84E9-D80222BAAD2F}

2011-06-07 20:11 . 2011-06-07 20:11 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{E762A7BE-04CC-498F-BA07-F7377ECFD18C}

2011-06-06 17:51 . 2011-06-06 17:51 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{E8A927B2-2B76-466D-99F0-FED729AE051A}

2011-06-05 21:44 . 2011-06-05 21:44 -------- d-----w- c:\users\Miguel Silva\AppData\Local\{0B8FF030-FF25-492A-86D8-4E14728CB3FD}

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-21 20:47 . 2011-05-23 17:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-19 16:32 . 2010-07-22 17:24 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-24 20:43 . 2011-05-24 20:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-24 20:43 . 2011-05-24 20:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-24 20:43 . 2011-05-24 20:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-24 20:43 . 2011-05-24 20:43 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-24 20:43 . 2011-05-24 20:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-24 20:43 . 2011-05-24 20:43 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-24 20:43 . 2011-05-24 20:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-05-24 20:43 . 2011-05-24 20:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-24 20:43 . 2011-05-24 20:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-24 20:43 . 2011-05-24 20:43 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-24 20:43 . 2011-05-24 20:43 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-24 20:43 . 2011-05-24 20:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-24 20:43 . 2011-05-24 20:43 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-24 20:43 . 2011-05-24 20:43 448512 ----a-w- c:\windows\system32\html.iec

2011-05-24 20:43 . 2011-05-24 20:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-24 20:43 . 2011-05-24 20:43 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-24 20:43 . 2011-05-24 20:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-24 20:43 . 2011-05-24 20:43 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-24 20:43 . 2011-05-24 20:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-24 20:43 . 2011-05-24 20:43 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-24 20:43 . 2011-05-24 20:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-24 20:43 . 2011-05-24 20:43 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-24 20:43 . 2011-05-24 20:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-24 20:43 . 2011-05-24 20:43 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-24 20:43 . 2011-05-24 20:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-24 20:43 . 2011-05-24 20:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-24 20:43 . 2011-05-24 20:43 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-24 20:43 . 2011-05-24 20:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-24 20:43 . 2011-05-24 20:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-24 20:43 . 2011-05-24 20:43 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-24 20:43 . 2011-05-24 20:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-24 20:43 . 2011-05-24 20:43 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-24 20:43 . 2011-05-24 20:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-24 20:43 . 2011-05-24 20:43 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-24 20:43 . 2011-05-24 20:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-24 20:43 . 2011-05-24 20:43 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-24 20:43 . 2011-05-24 20:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-24 20:43 . 2011-05-24 20:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-24 18:14 . 2010-07-19 21:10 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-04-22 20:17 . 2011-05-25 11:52 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-20 12:39 . 2011-04-20 12:39 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-04-18 17:25 . 2010-07-19 21:24 40112 ----a-w- c:\windows\avastSS.scr

2011-04-18 17:25 . 2010-07-19 21:24 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-04-18 17:25 . 2011-01-21 22:29 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-18 17:18 . 2010-07-19 21:25 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-04-18 17:17 . 2011-04-21 21:43 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-04-18 17:16 . 2010-07-19 21:25 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-04-18 17:13 . 2010-07-19 21:25 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-04-18 17:13 . 2010-07-19 21:25 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-04-18 17:13 . 2010-07-19 21:25 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-09 17:55 . 2011-04-09 17:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll

2011-04-09 17:55 . 2011-04-09 17:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-04-09 06:58 . 2011-05-19 06:40 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:54 . 2011-05-11 10:45 5475712 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:21 . 2011-05-11 10:45 3967360 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:21 . 2011-05-11 10:45 3911552 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 06:40 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-06-22 1475072]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

c:\users\Miguel Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recortes de EcrÆ e Iniciador do OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]

S3 AtcL001;Controlador de Miniporta NDIS para o Controlador Atheros L1 Gigabit Ethernet;c:\windows\system32\DRIVERS\l160x64.sys [x]

S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"EPSON Stylus Photo RX520 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIAGE.EXE" [2005-04-07 98304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.pt/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &HTPE - c:\program files (x86)\hattriX\HTPE.htm

IE: E&nviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Miguel Silva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab

FF - ProfilePath - c:\users\Miguel Silva\AppData\Roaming\Mozilla\Firefox\Profiles\y9inbbd8.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-Convert XLS_is1 - c:\program files (x86)\Softinterface

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-3203881219-4116173260-2652464718-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]

"GameDir"="c:\\Users\\Miguel Silva\\Documents\\Sports Interactive\\Football Manager 2011\\games"

"ShortlistDir"=""

"FMPath"=""

"ScreenshotsDir"="c:\\Users\\Miguel Silva\\Documents\\Sports Interactive\\Football Manager 2011"

"SaveDir"="c:\\Users\\Miguel Silva\\Documents\\Sports Interactive\\Football Manager 2011\\"

"HistoryDir"="c:\\FM Genie Scout 11\\History Points"

"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"

"LastSaveGame"="c:\\Users\\Miguel Silva\\Documents\\Sports Interactive\\Football Manager 2011\\games\\mundo.fm"

"Language"="Portuguese"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000036

"GraphStep"=dword:00000000

"SkinName"="PSV Eindhoven"

"LastUpdateCheck"=dword:00009e90

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000080

"UniqueID"="25-E780-E47F"

"Currency"=dword:00000056

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:0000000c

"StaffSearchFeatureNum"=dword:00000004

"ClubSearchFeatureNum"=dword:00000005

"FilterByClubFeatureNum"=dword:00000004

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000007

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:0000000c

"HintsFeatureNum"=dword:00000002

"GenieReportFeatureNum"=dword:00000002

"TopFormationFeatureNum"=dword:00000003

"ScreenshotFeatureNum"=dword:00000000

.

[HKEY_USERS\S-1-5-21-3203881219-4116173260-2652464718-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11g]

"PicturesNumber"=dword:00016878

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-07-04 22:59:41 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-07-04 21:59

.

Pré-execução: 197.538.631.680 bytes livres

Pós execução: 209.140.682.752 bytes livres

.

- - End Of File - - 88D6EDB7764E9AEA42A4BADF38DE414C

Some one can help me!?

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Enterprise Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: P5K SE/EPU

Logical Drives Mask: 0x0200007c

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\Z: --> \\.\PhysicalDrive2 at offset 0x00000060`4989cc00 (NTFS)

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

298 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

233 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Press ENTER to exit...

Tnks for help... Many TNKS

Link to post
Share on other sites

2011/07/06 00:32:55.0706 5100 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/06 00:32:56.0018 5100 ================================================================================

2011/07/06 00:32:56.0018 5100 SystemInfo:

2011/07/06 00:32:56.0018 5100

2011/07/06 00:32:56.0018 5100 OS Version: 6.1.7600 ServicePack: 0.0

2011/07/06 00:32:56.0018 5100 Product type: Workstation

2011/07/06 00:32:56.0018 5100 ComputerName: MIGUELSILVA-PC

2011/07/06 00:32:56.0018 5100 UserName: Miguel Silva

2011/07/06 00:32:56.0018 5100 Windows directory: C:\Windows

2011/07/06 00:32:56.0018 5100 System windows directory: C:\Windows

2011/07/06 00:32:56.0018 5100 Running under WOW64

2011/07/06 00:32:56.0018 5100 Processor architecture: Intel x64

2011/07/06 00:32:56.0018 5100 Number of processors: 4

2011/07/06 00:32:56.0018 5100 Page size: 0x1000

2011/07/06 00:32:56.0018 5100 Boot type: Normal boot

2011/07/06 00:32:56.0018 5100 ================================================================================

2011/07/06 00:32:56.0798 5100 Initialize success

2011/07/06 00:32:58.0390 4696 ================================================================================

2011/07/06 00:32:58.0390 4696 Scan started

2011/07/06 00:32:58.0390 4696 Mode: Manual;

2011/07/06 00:32:58.0390 4696 ================================================================================

2011/07/06 00:32:59.0341 4696 1394ohci (3035fc49271d75304eebaa957dc0a302) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/07/06 00:32:59.0404 4696 ACPI (a65c2611bc652db25f56e28ae1cf417d) C:\Windows\system32\DRIVERS\ACPI.sys

2011/07/06 00:32:59.0435 4696 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/07/06 00:32:59.0466 4696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/06 00:32:59.0497 4696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/06 00:32:59.0513 4696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/06 00:32:59.0575 4696 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

2011/07/06 00:32:59.0606 4696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/07/06 00:32:59.0638 4696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/07/06 00:32:59.0653 4696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/07/06 00:32:59.0669 4696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/06 00:32:59.0700 4696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/06 00:32:59.0731 4696 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

2011/07/06 00:32:59.0762 4696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/06 00:32:59.0794 4696 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

2011/07/06 00:32:59.0840 4696 AppID (fc35d671bdc91f8cfdfe3fc356bd53f0) C:\Windows\system32\drivers\appid.sys

2011/07/06 00:32:59.0872 4696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/06 00:32:59.0887 4696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/06 00:32:59.0934 4696 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/06 00:32:59.0965 4696 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/06 00:32:59.0981 4696 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys

2011/07/06 00:33:00.0059 4696 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

2011/07/06 00:33:00.0090 4696 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys

2011/07/06 00:33:00.0106 4696 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys

2011/07/06 00:33:00.0137 4696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/06 00:33:00.0137 4696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/07/06 00:33:00.0184 4696 AtcL001 (e32f41de9c204f020da5141a03e81601) C:\Windows\system32\DRIVERS\l160x64.sys

2011/07/06 00:33:00.0230 4696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/06 00:33:00.0277 4696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/06 00:33:00.0324 4696 bbcap (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys

2011/07/06 00:33:00.0340 4696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/06 00:33:00.0402 4696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/06 00:33:00.0449 4696 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/06 00:33:00.0464 4696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/06 00:33:00.0480 4696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/06 00:33:00.0511 4696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/06 00:33:00.0542 4696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/06 00:33:00.0558 4696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/06 00:33:00.0574 4696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/06 00:33:00.0589 4696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/06 00:33:00.0652 4696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/06 00:33:00.0667 4696 cdrom (d31f9b6c218f64c15d10ffe71c2ef842) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/06 00:33:00.0683 4696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/06 00:33:00.0730 4696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/06 00:33:00.0808 4696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/06 00:33:00.0823 4696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/07/06 00:33:00.0854 4696 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/07/06 00:33:00.0886 4696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/06 00:33:00.0917 4696 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/07/06 00:33:00.0948 4696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/06 00:33:00.0995 4696 CSC (b6b6905cb45336d477c2aec8713d59b8) C:\Windows\system32\drivers\csc.sys

2011/07/06 00:33:01.0088 4696 DfsC (59e1c75e5ddbb70bf5a9c6a34d31b4ac) C:\Windows\system32\Drivers\dfsc.sys

2011/07/06 00:33:01.0104 4696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/06 00:33:01.0151 4696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/06 00:33:01.0213 4696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/06 00:33:01.0291 4696 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/06 00:33:01.0463 4696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/06 00:33:01.0556 4696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/06 00:33:01.0588 4696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/07/06 00:33:01.0634 4696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/06 00:33:01.0666 4696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/06 00:33:01.0697 4696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/06 00:33:01.0744 4696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/06 00:33:01.0775 4696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/06 00:33:01.0790 4696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/06 00:33:01.0853 4696 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/07/06 00:33:01.0884 4696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/06 00:33:01.0915 4696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/06 00:33:01.0962 4696 fvevol (9196807c67756655b8b0621012c99957) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/06 00:33:01.0993 4696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/06 00:33:02.0009 4696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/06 00:33:02.0056 4696 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/07/06 00:33:02.0087 4696 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/06 00:33:02.0102 4696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/06 00:33:02.0134 4696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/06 00:33:02.0149 4696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/06 00:33:02.0212 4696 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/06 00:33:02.0274 4696 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/07/06 00:33:02.0321 4696 HTTP (63cc664db619b05e13a7608ffc2b3a81) C:\Windows\system32\drivers\HTTP.sys

2011/07/06 00:33:02.0336 4696 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/06 00:33:02.0368 4696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/06 00:33:02.0414 4696 iaStorV (bfdc9d75698800cfe4d1698bf2750ea2) C:\Windows\system32\drivers\iaStorV.sys

2011/07/06 00:33:02.0446 4696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/06 00:33:02.0477 4696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/07/06 00:33:02.0508 4696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/06 00:33:02.0539 4696 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/06 00:33:02.0555 4696 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/07/06 00:33:02.0570 4696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/06 00:33:02.0602 4696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/06 00:33:02.0617 4696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/07/06 00:33:02.0648 4696 iScsiPrt (d6eac63155ee311ca0608063838f41fb) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/06 00:33:02.0680 4696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/06 00:33:02.0711 4696 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/06 00:33:02.0726 4696 KSecDD (871315d20fca48404df037175b625607) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/06 00:33:02.0742 4696 KSecPkg (3283b66744a086d8fe8865a283b25e47) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/06 00:33:02.0773 4696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/06 00:33:02.0820 4696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/06 00:33:02.0867 4696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/06 00:33:02.0882 4696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/06 00:33:02.0898 4696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/06 00:33:02.0929 4696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/06 00:33:02.0960 4696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/06 00:33:03.0023 4696 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys

2011/07/06 00:33:03.0070 4696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/06 00:33:03.0101 4696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/06 00:33:03.0132 4696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/06 00:33:03.0194 4696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/06 00:33:03.0226 4696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/06 00:33:03.0241 4696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/06 00:33:03.0288 4696 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/07/06 00:33:03.0304 4696 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/07/06 00:33:03.0335 4696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/06 00:33:03.0350 4696 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/06 00:33:03.0397 4696 mrxsmb (629086cabfdfbe0af7253cb6a494e35a) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/06 00:33:03.0413 4696 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/06 00:33:03.0460 4696 mrxsmb20 (a2b72ce0e5a6f639f6caebb2fc8e7070) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/06 00:33:03.0475 4696 msahci (d1318d7b87b71003a5c6c7c31ec80288) C:\Windows\system32\DRIVERS\msahci.sys

2011/07/06 00:33:03.0491 4696 msdsm (9c69f0c2926805e3f2754220a0aa342f) C:\Windows\system32\DRIVERS\msdsm.sys

2011/07/06 00:33:03.0522 4696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/06 00:33:03.0538 4696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/06 00:33:03.0569 4696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/07/06 00:33:03.0616 4696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/06 00:33:03.0631 4696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/06 00:33:03.0647 4696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/06 00:33:03.0678 4696 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/07/06 00:33:03.0709 4696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/06 00:33:03.0725 4696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/06 00:33:03.0756 4696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/06 00:33:03.0803 4696 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/07/06 00:33:03.0850 4696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/06 00:33:03.0881 4696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/06 00:33:03.0912 4696 NDIS (1a1fb615aa7345304f950e1a63b44e09) C:\Windows\system32\drivers\ndis.sys

2011/07/06 00:33:03.0959 4696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/06 00:33:04.0006 4696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/06 00:33:04.0021 4696 Ndisuio (b8d7f5a7e5970635888f451058f152ac) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/06 00:33:04.0068 4696 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/06 00:33:04.0084 4696 NDProxy (2c8be980bd3c94e631cefaadcb58eba9) C:\Windows\system32\drivers\NDProxy.sys

2011/07/06 00:33:04.0099 4696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/06 00:33:04.0115 4696 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/06 00:33:04.0177 4696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/06 00:33:04.0224 4696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/06 00:33:04.0240 4696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/06 00:33:04.0318 4696 Ntfs (867c1395f0100cbe9acd73b1c2741149) C:\Windows\system32\drivers\Ntfs.sys

2011/07/06 00:33:04.0349 4696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/06 00:33:04.0583 4696 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/06 00:33:04.0770 4696 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

2011/07/06 00:33:04.0848 4696 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

2011/07/06 00:33:04.0910 4696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/07/06 00:33:04.0942 4696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/06 00:33:05.0020 4696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/06 00:33:05.0066 4696 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/07/06 00:33:05.0082 4696 pci (2ef89ef0557bb354f140a963111e7e43) C:\Windows\system32\DRIVERS\pci.sys

2011/07/06 00:33:05.0113 4696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/07/06 00:33:05.0144 4696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/06 00:33:05.0176 4696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/06 00:33:05.0207 4696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/06 00:33:05.0300 4696 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/06 00:33:05.0347 4696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/06 00:33:05.0394 4696 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/06 00:33:05.0441 4696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/06 00:33:05.0488 4696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/06 00:33:05.0519 4696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/06 00:33:05.0550 4696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/06 00:33:05.0597 4696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/06 00:33:05.0628 4696 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/06 00:33:05.0659 4696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/06 00:33:05.0675 4696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/06 00:33:05.0706 4696 rdbss (fe08c9e2a0df9357e386f6c6c976a303) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/06 00:33:05.0737 4696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/06 00:33:05.0753 4696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/06 00:33:05.0784 4696 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2011/07/06 00:33:05.0815 4696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/06 00:33:05.0831 4696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/06 00:33:05.0862 4696 RDPWD (e06247e078010689f930c573dbb1f713) C:\Windows\system32\drivers\RDPWD.sys

2011/07/06 00:33:05.0893 4696 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/07/06 00:33:05.0940 4696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/06 00:33:05.0971 4696 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/07/06 00:33:06.0065 4696 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/07/06 00:33:06.0127 4696 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/07/06 00:33:06.0158 4696 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/07/06 00:33:06.0190 4696 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/06 00:33:06.0221 4696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/06 00:33:06.0252 4696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/06 00:33:06.0299 4696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/06 00:33:06.0314 4696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/06 00:33:06.0346 4696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/07/06 00:33:06.0377 4696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/07/06 00:33:06.0392 4696 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/07/06 00:33:06.0439 4696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/06 00:33:06.0486 4696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/06 00:33:06.0502 4696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/06 00:33:06.0548 4696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/06 00:33:06.0580 4696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/06 00:33:06.0673 4696 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2011/07/06 00:33:06.0673 4696 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2011/07/06 00:33:06.0673 4696 sptd - detected LockedFile.Multi.Generic (1)

2011/07/06 00:33:06.0720 4696 srv (cf6efaeb9eb9823a0d27ede6d1af662d) C:\Windows\system32\DRIVERS\srv.sys

2011/07/06 00:33:06.0751 4696 srv2 (930113266636c1889b56470a84d8756f) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/06 00:33:06.0782 4696 srvnet (19e0b9883ee4db831cd5dd781cbd6498) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/06 00:33:06.0845 4696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/06 00:33:06.0892 4696 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/07/06 00:33:06.0907 4696 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2011/07/06 00:33:06.0938 4696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/06 00:33:07.0032 4696 Tcpip (1f748d5439b65e0bebd92f65048f030d) C:\Windows\system32\drivers\tcpip.sys

2011/07/06 00:33:07.0110 4696 TCPIP6 (1f748d5439b65e0bebd92f65048f030d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/06 00:33:07.0141 4696 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/06 00:33:07.0172 4696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/06 00:33:07.0204 4696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/06 00:33:07.0235 4696 tdx (c0fb0498842e1af3f4b7fd7108e17fce) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/06 00:33:07.0266 4696 TermDD (e6aa5fc33c5b4b1c5d414318d60c9d84) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/06 00:33:07.0328 4696 tssecsrv (e089825d9f264f4910955040a72f9571) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/06 00:33:07.0344 4696 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/06 00:33:07.0406 4696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/06 00:33:07.0453 4696 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/06 00:33:07.0516 4696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/07/06 00:33:07.0547 4696 umbus (66d3a0c00a2b5e173d3ee8707b9983eb) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/06 00:33:07.0578 4696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/06 00:33:07.0625 4696 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys

2011/07/06 00:33:07.0640 4696 usbcir (c3d1d402fd39ee517e2ceee0a937fcba) C:\Windows\system32\DRIVERS\usbcir.sys

2011/07/06 00:33:07.0703 4696 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/06 00:33:07.0750 4696 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/06 00:33:07.0796 4696 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

2011/07/06 00:33:07.0843 4696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/06 00:33:07.0890 4696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/06 00:33:07.0921 4696 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/06 00:33:07.0952 4696 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/06 00:33:07.0999 4696 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/06 00:33:08.0046 4696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/07/06 00:33:08.0077 4696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/06 00:33:08.0093 4696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/06 00:33:08.0124 4696 vhdmp (e43de92903a870cc9a02ad37f2cce175) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/07/06 00:33:08.0155 4696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/07/06 00:33:08.0186 4696 vmbus (ce268c7161b0efcbd667911cd63306b2) C:\Windows\system32\DRIVERS\vmbus.sys

2011/07/06 00:33:08.0218 4696 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/07/06 00:33:08.0233 4696 volmgr (9b3882611979eff7fa6f51bdb6f7d572) C:\Windows\system32\DRIVERS\volmgr.sys

2011/07/06 00:33:08.0264 4696 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/07/06 00:33:08.0296 4696 volsnap (6ec17795fd21fe1e5c112f1d91c87bc4) C:\Windows\system32\DRIVERS\volsnap.sys

2011/07/06 00:33:08.0327 4696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/06 00:33:08.0389 4696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/07/06 00:33:08.0420 4696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/06 00:33:08.0452 4696 WANARP (fe08e74ddb7c390751dfaa22e7d07953) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/06 00:33:08.0467 4696 Wanarpv6 (fe08e74ddb7c390751dfaa22e7d07953) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/06 00:33:08.0514 4696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/06 00:33:08.0561 4696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/06 00:33:08.0623 4696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/06 00:33:08.0654 4696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/06 00:33:08.0732 4696 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/06 00:33:08.0764 4696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/06 00:33:08.0810 4696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/06 00:33:08.0842 4696 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

2011/07/06 00:33:08.0888 4696 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/06 00:33:08.0920 4696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/06 00:33:08.0935 4696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/07/06 00:33:08.0982 4696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

2011/07/06 00:33:09.0013 4696 Boot (0x1200) (5f3fa132fc08bdc63c40c0553f626422) \Device\Harddisk0\DR0\Partition0

2011/07/06 00:33:09.0044 4696 Boot (0x1200) (c1c9069ca15676c0409e6d794713160b) \Device\Harddisk1\DR1\Partition0

2011/07/06 00:33:09.0044 4696 Boot (0x1200) (484df645377bd05cc42266a3be3dba81) \Device\Harddisk2\DR2\Partition0

2011/07/06 00:33:09.0060 4696 Boot (0x1200) (7a19e73ff4a278c555a8234bb4e5e821) \Device\Harddisk2\DR2\Partition1

2011/07/06 00:33:09.0060 4696 ================================================================================

2011/07/06 00:33:09.0060 4696 Scan finished

2011/07/06 00:33:09.0060 4696 ================================================================================

2011/07/06 00:33:09.0076 0396 Detected object count: 1

2011/07/06 00:33:09.0076 0396 Actual detected object count: 1

2011/07/06 00:33:13.0537 0396 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/07/06 00:33:21.0540 3820 Deinitialize success

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.