Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AttachedDevice | fastfat


  • This topic is locked This topic is locked
61 replies to this topic

#1 Subjuntivo

Subjuntivo

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 12 December 2011 - 12:11 AM

Hey guys!

Well my pc had been running slow for quite a while, but nothing was detected by MSEssentials or Spybot.
I was recently told by a webpage (www.cuevana.tv), a site that I trust, that my machine was a zombie.

I do not intend to have anything "suspicious" in my PC, so whatever sounds weird to you in the logs, just let me know, I am willing to delete anything that may be causing trouble (apart of course from whatever is actually dangerous or harmful)

Here are the logs, let me know if you need anything else.

DDS


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sergio at 0:30:01 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.1534.285 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\KMService.exe
C:\Archivos de programa\VIA\RAID\vialogsv.exe
C:\Programas\Utiles\Everything\Everything.exe
C:\Archivos de programa\Microsoft Security Client\msseces.exe
C:\Archivos de programa\SugarSync\SugarSyncManager.exe
G:\PortableApps\PortableApps\RocketDock\RocketDock.exe
C:\Programas\Ofis\PhraseExpress\phraseexpress.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Microsoft Office\Office14\ONENOTEM.EXE
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Virtual Magnifying Glass\magnifier.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\AIMP3\AIMP3.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
uRun: [SugarSync] "c:\archivos de programa\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [RocketDock] "g:\portableapps\portableapps\rocketdock\RocketDock.exe"
mRun: [Everything] "c:\programas\utiles\everything\Everything.exe" -startup
mRun: [MSC] "c:\archivos de programa\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\archivos de programa\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sergio\menini~1\progra~1\inicio\FORTIS~1.LNK -
StartupFolder: c:\docume~1\sergio\menini~1\progra~1\inicio\onenot~1.lnk - c:\archivos de programa\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\phrase~1.lnk - c:\programas\ofis\phraseexpress\phraseexpress.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
mPolicies-explorer: NoFavoritesMenu = 1 (0x1)
mPolicies-explorer: NoLogOff = 01
mPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
mPolicies-explorer: NoSMHelp = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70BA80CC-3F3E-463E-B687-0D03F41A5563} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\archivos de programa\archivos comunes\microsoft shared\office14\MSOXMLMF.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-10-15 146904]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl104a516f;MpKsl104a516f;c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{22a8175a-407d-44b9-94b6-a1b412e48814}\MpKsl104a516f.sys [2011-12-12 29904]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-17 238952]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-6 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-29 2255464]
R2 VRAID Log Service;VRAID Log Service;c:\archivos de programa\via\raid\vialogsv.exe [2009-12-27 52888]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-17 36608]
R3 hercspud;Hercules ® WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys [2010-2-14 153216]
R3 hercwdm;Hercules ® WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys [2009-12-27 497152]
S1 MpKsl059329ae;MpKsl059329ae;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{3a74b7ce-6669-4fae-bab5-9c67ff29a851}\mpksl059329ae.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{3a74b7ce-6669-4fae-bab5-9c67ff29a851}\MpKsl059329ae.sys [?]
S1 MpKsl06fcae2a;MpKsl06fcae2a;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49eab6a1-6946-46d6-983e-46242cf54040}\mpksl06fcae2a.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49eab6a1-6946-46d6-983e-46242cf54040}\MpKsl06fcae2a.sys [?]
S1 MpKsl0a03ac49;MpKsl0a03ac49;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{04052841-c86a-42e1-a842-0a37221c6daf}\mpksl0a03ac49.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{04052841-c86a-42e1-a842-0a37221c6daf}\MpKsl0a03ac49.sys [?]
S1 MpKsl0d7f1a29;MpKsl0d7f1a29;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{64e6175d-d7ac-4593-becf-82c3ecaf56f6}\mpksl0d7f1a29.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{64e6175d-d7ac-4593-becf-82c3ecaf56f6}\MpKsl0d7f1a29.sys [?]
S1 MpKsl17f1b975;MpKsl17f1b975;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{b6c8f7b9-7a93-45de-b2aa-5ec4771aab02}\mpksl17f1b975.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{b6c8f7b9-7a93-45de-b2aa-5ec4771aab02}\MpKsl17f1b975.sys [?]
S1 MpKsl18ac9722;MpKsl18ac9722;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{847352e1-ca50-404e-af38-49cee6598fb6}\mpksl18ac9722.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{847352e1-ca50-404e-af38-49cee6598fb6}\MpKsl18ac9722.sys [?]
S1 MpKsl1dd325ea;MpKsl1dd325ea;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{9c2b0b72-186b-4bb4-ac6d-ec9ae28ccd07}\mpksl1dd325ea.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{9c2b0b72-186b-4bb4-ac6d-ec9ae28ccd07}\MpKsl1dd325ea.sys [?]
S1 MpKsl2929f743;MpKsl2929f743;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{7272630c-c7c2-4cd3-9353-62704c6d5cfd}\mpksl2929f743.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{7272630c-c7c2-4cd3-9353-62704c6d5cfd}\MpKsl2929f743.sys [?]
S1 MpKsl2c66db3b;MpKsl2c66db3b;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{caf56812-a6f4-4693-acb5-afbc3a90ebe7}\mpksl2c66db3b.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{caf56812-a6f4-4693-acb5-afbc3a90ebe7}\MpKsl2c66db3b.sys [?]
S1 MpKsl33a78a19;MpKsl33a78a19;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{5d96bb22-3400-49b4-9c08-01ba2acb1648}\mpksl33a78a19.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{5d96bb22-3400-49b4-9c08-01ba2acb1648}\MpKsl33a78a19.sys [?]
S1 MpKsl473e4ca5;MpKsl473e4ca5;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{56de9872-1df8-4cd8-b997-a7fdc24ce52a}\mpksl473e4ca5.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{56de9872-1df8-4cd8-b997-a7fdc24ce52a}\MpKsl473e4ca5.sys [?]
S1 MpKsl49de2ea0;MpKsl49de2ea0;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{734d4383-79bb-424a-9166-c1dbae80aa26}\mpksl49de2ea0.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{734d4383-79bb-424a-9166-c1dbae80aa26}\MpKsl49de2ea0.sys [?]
S1 MpKsl4a597746;MpKsl4a597746;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{db7a1cd9-7248-4bd3-b9c5-aceda7de364a}\mpksl4a597746.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{db7a1cd9-7248-4bd3-b9c5-aceda7de364a}\MpKsl4a597746.sys [?]
S1 MpKsl4f1aa1ae;MpKsl4f1aa1ae;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{72798f2c-bf69-4924-bdd7-82bf8d20f2b6}\mpksl4f1aa1ae.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{72798f2c-bf69-4924-bdd7-82bf8d20f2b6}\MpKsl4f1aa1ae.sys [?]
S1 MpKsl5faefc4f;MpKsl5faefc4f;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{19cfba84-34f9-40f3-ae34-eb77ff618287}\mpksl5faefc4f.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{19cfba84-34f9-40f3-ae34-eb77ff618287}\MpKsl5faefc4f.sys [?]
S1 MpKsl69fba904;MpKsl69fba904;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49bfcb52-2c53-4c41-9f26-ea77230ca983}\mpksl69fba904.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49bfcb52-2c53-4c41-9f26-ea77230ca983}\MpKsl69fba904.sys [?]
S1 MpKsl6a513f7d;MpKsl6a513f7d;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{b8aa6a33-70af-4f01-a4e5-6856550505cf}\mpksl6a513f7d.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{b8aa6a33-70af-4f01-a4e5-6856550505cf}\MpKsl6a513f7d.sys [?]
S1 MpKsl6b3048a2;MpKsl6b3048a2;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c4c31f23-9a5a-473f-9092-5a3cca73d52e}\mpksl6b3048a2.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c4c31f23-9a5a-473f-9092-5a3cca73d52e}\MpKsl6b3048a2.sys [?]
S1 MpKsl6dc469be;MpKsl6dc469be;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{78b5ab70-00b3-4274-b116-cf251c3c8489}\mpksl6dc469be.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{78b5ab70-00b3-4274-b116-cf251c3c8489}\MpKsl6dc469be.sys [?]
S1 MpKsl72c5eba2;MpKsl72c5eba2;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{04052841-c86a-42e1-a842-0a37221c6daf}\mpksl72c5eba2.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{04052841-c86a-42e1-a842-0a37221c6daf}\MpKsl72c5eba2.sys [?]
S1 MpKsl7955b256;MpKsl7955b256;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{872c9df0-ee3e-460c-937b-fc17db7f9da5}\mpksl7955b256.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{872c9df0-ee3e-460c-937b-fc17db7f9da5}\MpKsl7955b256.sys [?]
S1 MpKsl8be250ca;MpKsl8be250ca;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49bfcb52-2c53-4c41-9f26-ea77230ca983}\mpksl8be250ca.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{49bfcb52-2c53-4c41-9f26-ea77230ca983}\MpKsl8be250ca.sys [?]
S1 MpKsl8fed91f9;MpKsl8fed91f9;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\mpksl8fed91f9.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\MpKsl8fed91f9.sys [?]
S1 MpKsl90a6cb42;MpKsl90a6cb42;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c5f10956-3803-4b1e-91d4-8621eeecdd2f}\mpksl90a6cb42.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c5f10956-3803-4b1e-91d4-8621eeecdd2f}\MpKsl90a6cb42.sys [?]
S1 MpKsl946dd778;MpKsl946dd778;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\mpksl946dd778.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\MpKsl946dd778.sys [?]
S1 MpKsl9f07faf1;MpKsl9f07faf1;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{1f803ad0-82b4-4931-9d94-728198990d6e}\mpksl9f07faf1.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{1f803ad0-82b4-4931-9d94-728198990d6e}\MpKsl9f07faf1.sys [?]
S1 MpKslaa0c0ad6;MpKslaa0c0ad6;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{fd88344b-e1e2-4603-920e-3fc6cec2efed}\mpkslaa0c0ad6.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{fd88344b-e1e2-4603-920e-3fc6cec2efed}\MpKslaa0c0ad6.sys [?]
S1 MpKslc088ba21;MpKslc088ba21;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{9bda5771-cc97-4a9f-9392-b6070175120e}\mpkslc088ba21.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{9bda5771-cc97-4a9f-9392-b6070175120e}\MpKslc088ba21.sys [?]
S1 MpKslc12142b2;MpKslc12142b2;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{31b2d4b5-b4ef-4836-afa4-c4d04c930ac8}\mpkslc12142b2.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{31b2d4b5-b4ef-4836-afa4-c4d04c930ac8}\MpKslc12142b2.sys [?]
S1 MpKslc45b5c45;MpKslc45b5c45;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{e3ae83de-9a6f-4efe-a15b-fe98129beed4}\mpkslc45b5c45.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{e3ae83de-9a6f-4efe-a15b-fe98129beed4}\MpKslc45b5c45.sys [?]
S1 MpKslc56ea9db;MpKslc56ea9db;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d64e06d2-7633-474b-99ce-d4f79ac38ed6}\mpkslc56ea9db.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d64e06d2-7633-474b-99ce-d4f79ac38ed6}\MpKslc56ea9db.sys [?]
S1 MpKsld3000824;MpKsld3000824;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{46ac1ffb-2b09-4bc4-922a-3cd1da1c8453}\mpksld3000824.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{46ac1ffb-2b09-4bc4-922a-3cd1da1c8453}\MpKsld3000824.sys [?]
S1 MpKsld5f986a2;MpKsld5f986a2;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{cb19cab6-e718-44bc-ac68-b49f5f580512}\mpksld5f986a2.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{cb19cab6-e718-44bc-ac68-b49f5f580512}\MpKsld5f986a2.sys [?]
S1 MpKsle4fdc99b;MpKsle4fdc99b;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{a4f034be-e8a6-4df0-bffa-f96b7b8104e6}\mpksle4fdc99b.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{a4f034be-e8a6-4df0-bffa-f96b7b8104e6}\MpKsle4fdc99b.sys [?]
S1 MpKsle64386f3;MpKsle64386f3;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c4c31f23-9a5a-473f-9092-5a3cca73d52e}\mpksle64386f3.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{c4c31f23-9a5a-473f-9092-5a3cca73d52e}\MpKsle64386f3.sys [?]
S1 MpKsle7a6a128;MpKsle7a6a128;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\mpksle7a6a128.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{d79fb6af-f999-41d0-9c4f-3fbd9b6fc93e}\MpKsle7a6a128.sys [?]
S1 MpKsled57d0fd;MpKsled57d0fd;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{e345cd4d-7ccc-4a3e-a86b-2be1645df700}\mpksled57d0fd.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{e345cd4d-7ccc-4a3e-a86b-2be1645df700}\MpKsled57d0fd.sys [?]
S1 MpKslefab8d43;MpKslefab8d43;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{64e6175d-d7ac-4593-becf-82c3ecaf56f6}\mpkslefab8d43.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{64e6175d-d7ac-4593-becf-82c3ecaf56f6}\MpKslefab8d43.sys [?]
S1 MpKslf9016498;MpKslf9016498;\??\c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{4de8644b-2f7e-462e-a744-4df3567985e4}\mpkslf9016498.sys --> c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{4de8644b-2f7e-462e-a744-4df3567985e4}\MpKslf9016498.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\ghidpnp.sys --> c:\windows\system32\drivers\gHidPnp.Sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gmoups2.sys --> c:\windows\system32\drivers\gMouPS2.sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gmouusb.sys --> c:\windows\system32\drivers\gMouUsb.sys [?]
S3 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programas\internet\logmein\x86\rainfo.sys --> c:\programas\internet\logmein\x86\RaInfo.sys [?]
S3 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-16 47640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\archivos de programa\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\archivos de programa\archivos comunes\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 23064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2010-10-2 9728]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-12-12 03:11:28 29904 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{22a8175a-407d-44b9-94b6-a1b412e48814}\MpKsl104a516f.sys
2011-12-12 03:11:21 56200 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{22a8175a-407d-44b9-94b6-a1b412e48814}\offreg.dll
2011-12-11 21:36:44 6823496 ----a-w- c:\documents and settings\all users\datos de programa\microsoft\microsoft antimalware\definition updates\{22a8175a-407d-44b9-94b6-a1b412e48814}\mpengine.dll
2011-12-06 21:58:09 151552 ----a-w- c:\windows\KMService.exe
2011-12-06 21:58:08 8192 ----a-w- c:\windows\system32\srvany.exe
2011-11-28 17:58:01 -------- d-----w- c:\archivos de programa\archivos comunes\Adobe AIR
2011-11-25 21:29:38 -------- d-----w- c:\documents and settings\sergio\configuración local\datos de programa\Opera
2011-11-15 02:43:20 -------- d-----w- c:\documents and settings\sergio\configuración local\datos de programa\Nero_AG
2011-11-13 02:11:24 -------- d-----w- c:\documents and settings\all users\datos de programa\DivX
.
==================== Find3M ====================
.
2011-11-22 13:13:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-30 01:30:42 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-30 01:30:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-30 01:30:39 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-09-28 07:06:41 605184 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 14:41:46 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 14:41:46 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 14:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-19 15:26:12 571216 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2011-05-05 03:50:22 71512 --sh--w- c:\windows\dlmclient.exe
2011-05-04 01:28:28 71508 --sh--w- c:\windows\dphostw.exe
2011-05-04 01:41:34 71513 --sh--w- c:\windows\fgccsrt.exe
.
============= FINISH: 0:31:33,39 ===============


GMER: (run as iwxplre.exe.exe and in safe mode, otherwise the computer would go to blue screen immediately)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 01:49:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 QUANTUM_FIREBALLP_AS40.0 rev.A1Y.1500
Running: iexplore.exe.exe; Driver: C:\DOCUME~1\Sergio\CONFIG~1\Temp\pxtcapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7F09A84-1A89-F614-D2DF-3183214A7F08}

---- EOF - GMER 1.0.15 ----


And
GMER AutoStart, just in case:


GMER 1.0.15.15641 - http://www.gmer.net
Autostart scan 2011-12-12 01:50:08
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
LMIinit@DLLName = LMIinit.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ALG@ = %SystemRoot%\System32\alg.exe
FontCache3.0.0.0@ = C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
FsUsbExService@ = C:\WINDOWS\system32\FsUsbExService.Exe
ImapiService@ = %systemroot%\system32\imapi.exe
KMService@ = C:\WINDOWS\system32\srvany.exe
MsMpSvc@ = "C:\Archivos de programa\Microsoft Security Client\Antimalware\MsMpEng.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
nvUpdatusService@ = C:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
VRAID Log Service@ = C:\Archivos de programa\VIA\RAID\vialogsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Everything"C:\Programas\Utiles\Everything\Everything.exe" -startup = "C:\Programas\Utiles\Everything\Everything.exe" -startup
@MSC"C:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey = "C:\Archivos de programa\Microsoft Security Client\msseces.exe" -hide -runkey
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwizC:\Archivos de programa\NVIDIA Corporation\nView\nwiz.exe /installquiet /*file not found*/ = C:\Archivos de programa\NVIDIA Corporation\nView\nwiz.exe /installquiet /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SugarSync"C:\Archivos de programa\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true = "C:\Archivos de programa\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
@RocketDock"G:\PortableApps\PortableApps\RocketDock\RocketDock.exe" = "G:\PortableApps\PortableApps\RocketDock\RocketDock.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Extensiones de interfaz para uso compartido*/ /*file not found*/ = /*file not found*/
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extensión de paneo de pantalla del Panel de control*/(null) =
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Extensión de copia de discos*/ /*file not found*/ = /*file not found*/
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Extensión del shell de impresora en Web*/ /*file not found*/ = /*file not found*/
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Extensiones de interfaz para uso compartido*/ /*file not found*/ = /*file not found*/
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Extensión PKO cifrada*/ /*file not found*/ = /*file not found*/
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Extensión de firma cifrada*/ /*file not found*/ = /*file not found*/
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/ /*file not found*/ = /*file not found*/
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Buscar*/ /*file not found*/ = /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/ /*file not found*/ = /*file not found*/
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/ /*file not found*/ = /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/%WINDIR%\system32\ieframe.dll = %WINDIR%\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Pantalla de bienvenida de IE4 Suite*/ /*file not found*/ = /*file not found*/
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/ /*file not found*/ = /*file not found*/
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/ /*file not found*/ = /*file not found*/
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/ /*file not found*/ = /*file not found*/
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/ /*file not found*/ = /*file not found*/
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/ /*file not found*/ = /*file not found*/
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/ /*file not found*/ = /*file not found*/
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/(null) =
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/(null) =
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/ /*file not found*/ = /*file not found*/
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} /*AIMP ShellExt Unit*/C:\Archivos de programa\AIMP3\Modules\aimp_menu32.dll = C:\Archivos de programa\AIMP3\Modules\aimp_menu32.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} /*PDF-XChange PDF Preview Provider*/C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll = C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll
@{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} /*PDF-XChange PDF Property Handler*/C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll = C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll
@{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} /*PDF-XChange PDF Thumbnail Provider*/C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll = C:\Archivos de programa\Tracker Software\Shell Extensions\XCShInfo.dll
@XCShInfo /*{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}*/(null) =
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Archivos de programa\Microsoft Office\Office14\msohevi.dll = C:\Archivos de programa\Microsoft Office\Office14\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\msoshext.dll = C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\msoshext.dll = C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\msoshext.dll
@{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} /*Groove Namespace Extension*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} /*Microsoft OneNote Namespace Extension for Windows Desktop Search*/C:\Archivos de programa\Microsoft Office\Office14\ONFILTER.DLL = C:\Archivos de programa\Microsoft Office\Office14\ONFILTER.DLL
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Archivos de programa\Microsoft Office\Office14\VISSHE.DLL = C:\Archivos de programa\Microsoft Office\Office14\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Archivos de programa\Microsoft Office\Office14\VISSHE.DLL = C:\Archivos de programa\Microsoft Office\Office14\VISSHE.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Outlook Desktop Icon Handler*/C:\ARCHIV~1\MICROS~3\Office14\MLSHEXT.DLL = C:\ARCHIV~1\MICROS~3\Office14\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Archivos de programa\Microsoft Office\Office14\OLKFSTUB.DLL = C:\Archivos de programa\Microsoft Office\Office14\OLKFSTUB.DLL
@{09A47860-11B0-4DA5-AFA5-26D86198A780} /*EPP*/C:\ARCHIV~1\MI239C~1\shellext.dll = C:\ARCHIV~1\MI239C~1\shellext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{5B043439-4F53-436E-8CFE-28F80934DBE6} /*PDF-XChange PDF Preview Provider (XP)*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll = C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll = C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll = C:\Archivos de programa\NVIDIA Corporation\nView\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Archivos de programa\WinRAR\rarext.dll = C:\Archivos de programa\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AIMP@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} = C:\Archivos de programa\AIMP3\Modules\aimp_menu32.dll
EPP@{09A47860-11B0-4DA5-AFA5-26D86198A780} = C:\ARCHIV~1\MI239C~1\shellext.dll
SugarSync@{305BC11B-5175-492B-B569-866547FCDA40} = C:\Archivos de programa\SugarSync\SugarSyncShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AIMP@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} = C:\Archivos de programa\AIMP3\Modules\aimp_menu32.dll
EPP@{09A47860-11B0-4DA5-AFA5-26D86198A780} = C:\ARCHIV~1\MI239C~1\shellext.dll
LivedriveContextMenu@{FE586301-FDF9-40F4-AD3A-9DB11C40FF27} = C:\Archivos de programa\Livedrive\LivedriveExtensions.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
SugarSync@{305BC11B-5175-492B-B569-866547FCDA40} = C:\Archivos de programa\SugarSync\SugarSyncShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Archivos de programa\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\GPhotos.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = about:blank

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Sergio\Menú Inicio\Programas\Inicio >>>
Fortissimo II.lnk = Fortissimo II.lnk
OneNote 2010 Screen Clipper and Launcher.lnk = OneNote 2010 Screen Clipper and Launcher.lnk

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio = PhraseExpress.lnk

---- EOF - GMER 1.0.15 ----




Thanks a lot guys,
Hope you can help.

Bestest,
S.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 18 December 2011 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431998 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 18 December 2011 - 04:59 PM

Hey guys, thanks for helping.

I still have the problem, and I think I have provided you with all the info you may need, let me know if you need anything else.
I do not have my WinDVD at hand.

Thanks again,
S.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 18 December 2011 - 09:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Gmer bluescreening means we need to run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 19 December 2011 - 03:59 PM

Hey, thanks for yout help!
Here is the scan:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 17:32:11
-----------------------------
17:32:11.062 OS Version: Windows 5.1.2600 Service Pack 3
17:32:11.062 Number of processors: 1 586 0x2F02
17:32:11.062 ComputerName: SUBJUNCENTER UserName: Sergio
17:32:14.140 Initialize success
17:36:32.796 AVAST engine defs: 11121900
17:36:58.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:36:58.734 Disk 0 Vendor: QUANTUM_FIREBALLP_AS40.0 A1Y.1500 Size: 38172MB BusType: 3
17:36:58.734 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
17:36:58.734 Disk 1 Vendor: HDT72251 V43O Size: 157066MB BusType: 8
17:37:00.765 Disk 0 MBR read successfully
17:37:00.765 Disk 0 MBR scan
17:37:00.906 Disk 0 Windows XP default MBR code
17:37:00.921 Disk 0 scanning sectors +78156225
17:37:01.000 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:30.015 Service scanning
17:37:30.718 Service MpKsla0eb5b01 C:\Documents and Settings\All Users\Datos de programa\Microsoft\Microsoft Antimalware\Definition Updates\{4E3AD97B-67CC-4926-B1FE-B92F52359602}\MpKsla0eb5b01.sys **LOCKED** 32
17:37:31.546 Modules scanning
17:37:59.734 Disk 0 trace - called modules:
17:37:59.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
17:37:59.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a6aab8]
17:37:59.750 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000090[0x89ad0178]
17:37:59.750 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ad4940]
17:37:59.890 AVAST engine scan C:\WINDOWS
17:38:13.125 AVAST engine scan C:\WINDOWS\system32
17:44:14.500 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:39.203 AVAST engine scan C:\Documents and Settings\Sergio
17:55:50.453 AVAST engine scan C:\Documents and Settings\All Users
17:56:35.265 Scan finished successfully
17:57:20.484 Disk 0 MBR has been saved successfully to "F:\Chrome\MBR.dat"
17:57:20.500 The log file has been saved successfully to "F:\Chrome\aswMBR.txt"



Thanks again,
S.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 19 December 2011 - 09:02 PM

Now, we can run a couple of good removal tools

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#7 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 20 December 2011 - 05:28 AM

Well, here you have the logs:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/12/2011 06:56:27 a.m.
mbam-log-2011-12-20 (06-56-27).txt

Tipos de Análisis: Análisis Completo (C:\|F:\|G:\|H:\|)
Objetos examinados: 300391
Tiempo transcurrido: 2 hora(s), 7 minuto(s), 19 segundo(s)

Procesos en Memoria Infectados: 1
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 0
Archivos Infectados: 10

Procesos en Memoria Infectados:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 992 -> Unloaded process successfully.

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> Delete on reboot.
c:\Qoobox\quarantine\C\WINDOWS\drwebcom.exe.vir (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\dlmclient.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\dphostw.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\fgccsrt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
f:\system volume information\_restore{391d41bb-d04f-4e47-9d13-e98b58d0a19f}\RP135\A0039033.exe (Trojan.Agent.ck) -> Quarantined and deleted successfully.
g:\portableapps\portableapps\picaloader 1.6.6\portablevv07.ucoz.ru\Stubs\bd463112f4e05944f6f1601f11c13db43f7e3c\svchost.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
g:\system volume information\_restore{391d41bb-d04f-4e47-9d13-e98b58d0a19f}\RP126\A0034902.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{391d41bb-d04f-4e47-9d13-e98b58d0a19f}\RP126\A0034906.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
h:\portableapps\portableapps\picaloader 1.6.6\portablevv07.ucoz.ru\Stubs\bd463112f4e05944f6f1601f11c13db43f7e3c\svchost.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.



and



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2011 at 07:24 AM

Application Version : 5.0.1142

Core Rules Database Version : 8070
Trace Rules Database Version: 5882

Scan type : Quick Scan
Total Scan Time : 00:11:09

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 33658
Registry threats detected : 0
File items scanned : 6587
File threats detected : 43

Adware.Tracking Cookie
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ds.clickexperts.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.eu [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oracle.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.archant.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ds.clickexperts.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\SHHH\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\SHHH\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\SHHH\COOKIES ]
media01.linkedin.com [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\SHHH\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SERGIO\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\GOOGLE\CHROME\USER DATA\SHHH\COOKIES ]


Thanks,
S.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 20 December 2011 - 06:46 PM

Please scan online with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#9 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 21 December 2011 - 05:23 AM

_Here you have:


C:\Documents and Settings\Sergio\Datos de programa\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1\Local Store\Spaz-Newest.air JS/TrojanDownloader.Iframe.EY trojan deleted - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20101227-005835.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211341.backup Win32/Qhost trojan cleaned by deleting - quarantined
H:\Varios\Activar Office - mini-KMS_Activator_v1.053.rar a variant of Win32/HackKMS.A application deleted - quarantined


Thanks,
S.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 21 December 2011 - 08:17 PM

What is your H drive?

Also, please rerun MBAM and post the log. I want to check the riskware has been deleted and the processes have been killed.
Posted Image
m0le is a proud member of UNITE

#11 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 22 December 2011 - 06:00 PM

The H drive is a Verbatim Ext HD that I use for backups, and is not normally used in other computers. Is it problematic, would you say?

Here is the log:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 911122204

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/12/2011 06:01:21 p.m.
mbam-log-2011-12-22 (18-01-21).txt

Tipos de Análisis: Análisis Completo (C:\|F:\|G:\|H:\|)
Objetos examinados: 301909
Tiempo transcurrido: 1 hora(s), 44 minuto(s), 11 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)



I'd to know, when we finish, what of the software I installed I can uninstall safely, and what free antispyware I can use, if you happen to have a favourite.

Thanks again,
S.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 22 December 2011 - 09:00 PM

The H drive is a Verbatim Ext HD that I use for backups, and is not normally used in other computers. Is it problematic, would you say?


No, but there was an infection on the drive which probably came from the main PC.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


I'd to know, when we finish, what of the software I installed I can uninstall safely, and what free antispyware I can use, if you happen to have a favourite.


Don't worry about that, I'll clear up and gen you up before I go. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 23 December 2011 - 09:16 AM

Ok, Flash Disinfector run.
Nothing found, no log, just a Done msg.

:D

S.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 23 December 2011 - 08:58 PM

Looks good. How's the machine going?
Posted Image
m0le is a proud member of UNITE

#15 Subjuntivo

Subjuntivo
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 24 December 2011 - 11:08 AM

I'd say ut is going ok, but on the other hand, with all the stuff we instaled and is running all the time, I reaaly can't tell (this is an oldie, you know...)

By the way:
This is a log of what Malwarebytes seems to be blocking: is this normal?!


00:23:03 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:23:05 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
00:23:06 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:23:08 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:23:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:23:12 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:23:12 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:23:14 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
00:23:14 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:23:17 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:23:21 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:24:03 (null) IP-BLOCK 109.86.183.42 (Type: outgoing)
00:24:08 (null) IP-BLOCK 89.28.7.132 (Type: outgoing)
00:31:54 (null) IP-BLOCK 213.163.65.50 (Type: outgoing)
00:34:42 (null) IP-BLOCK 109.86.183.42 (Type: outgoing)
00:35:37 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:35:40 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:35:58 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:37:10 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:37:28 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:37:34 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:37:46 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:38:10 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:39:16 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:39:19 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:39:25 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:39:57 (null) IP-BLOCK 77.247.181.163 (Type: outgoing)
00:40:01 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:40:49 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:41:27 (null) IP-BLOCK 89.28.61.103 (Type: outgoing)
00:42:03 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:42:09 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:42:45 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:43:33 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:49:46 (null) IP-BLOCK 94.102.57.90 (Type: outgoing)
00:50:13 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:50:19 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:50:55 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:51:43 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:51:52 (null) IP-BLOCK 77.247.181.162 (Type: outgoing)
00:53:18 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
00:53:19 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:21 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
00:53:22 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:26 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:53:27 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
00:53:27 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:28 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:30 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:36 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
00:53:38 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:53:39 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:53:42 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:53:48 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
00:54:02 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
00:56:43 (null) IP-BLOCK 89.28.0.251 (Type: outgoing)
01:14:06 (null) IP-BLOCK 109.235.55.138 (Type: outgoing)
01:23:22 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:23:25 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:23:31 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:23:55 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:23:58 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:24:04 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:24:08 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
01:24:21 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:24:24 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:24:30 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:28:18 (null) IP-BLOCK 93.190.109.253 (Type: outgoing)
01:28:24 (null) IP-BLOCK 195.161.25.65 (Type: outgoing)
01:28:54 (null) IP-BLOCK 58.240.212.13 (Type: outgoing)
01:31:21 (null) IP-BLOCK 58.241.146.218 (Type: outgoing)
01:32:06 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:32:09 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:32:15 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:32:27 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:32:51 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:33:39 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:35:53 (null) IP-BLOCK 219.146.143.210 (Type: incoming)
01:43:15 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:43:20 (null) IP-BLOCK 222.65.111.55 (Type: incoming)
01:43:20 (null) IP-BLOCK 222.65.111.55 (Type: incoming)
01:43:21 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:43:33 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
01:47:57 (null) IP-BLOCK 219.146.143.210 (Type: incoming)
01:48:04 (null) IP-BLOCK 219.146.143.210 (Type: incoming)
01:53:45 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:53:48 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:53:54 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:53:59 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:54:02 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:54:08 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
01:54:45 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:54:48 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:54:54 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
01:59:35 (null) IP-BLOCK 219.146.143.210 (Type: incoming)
02:00:28 (null) IP-BLOCK 222.186.74.129 (Type: outgoing)
02:00:42 (null) IP-BLOCK 218.8.103.180 (Type: outgoing)
02:01:10 (null) IP-BLOCK 222.68.173.50 (Type: outgoing)
02:01:14 (null) IP-BLOCK 94.100.17.31 (Type: outgoing)
02:12:48 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:12:51 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:19:05 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:19:08 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:24:00 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:24:03 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:24:09 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:24:10 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:24:13 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
02:24:25 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:24:28 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:24:34 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:25:44 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:25:47 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:25:53 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:30:38 (null) IP-BLOCK 219.146.143.210 (Type: outgoing)
02:37:30 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:38:06 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:38:54 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:39:12 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:39:13 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:39:16 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:39:22 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:39:58 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:40:46 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:44:19 (null) IP-BLOCK 91.223.82.151 (Type: outgoing)
02:44:29 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:44:32 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:44:38 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:44:50 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:45:14 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:46:02 (null) IP-BLOCK 84.22.123.117 (Type: incoming)
02:47:12 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:47:15 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:47:16 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:47:19 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:47:22 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:47:25 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:12 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:15 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:22 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:25 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:32 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:50:35 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
02:54:23 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:54:24 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:54:26 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:54:27 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:54:32 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
02:54:33 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:55:07 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
02:55:10 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
02:55:16 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
02:55:29 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:55:32 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
02:55:38 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:00:00 (null) IP-BLOCK 222.70.229.15 (Type: outgoing)
03:08:34 (null) IP-BLOCK 77.247.181.163 (Type: incoming)
03:08:37 (null) IP-BLOCK 77.247.181.163 (Type: incoming)
03:15:23 (null) IP-BLOCK 219.146.143.210 (Type: outgoing)
03:24:25 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:24:28 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:24:34 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:24:42 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:24:45 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:24:51 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:25:11 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:25:14 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:25:20 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:25:53 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:25:56 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:26:02 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:31:55 (null) IP-BLOCK 195.161.25.7 (Type: outgoing)
03:32:04 (null) IP-BLOCK 222.71.137.123 (Type: outgoing)
03:45:38 (null) IP-BLOCK 58.240.74.236 (Type: incoming)
03:47:08 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:47:41 (null) IP-BLOCK 219.159.248.177 (Type: outgoing)
03:49:22 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:49:25 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:50:58 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:51:01 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:54:29 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:54:32 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:54:38 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:55:04 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:55:07 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:55:13 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
03:55:16 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:55:19 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:55:21 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:55:24 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
03:55:25 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
03:55:52 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:55:55 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
03:56:00 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:00:56 (null) IP-BLOCK 178.238.233.85 (Type: outgoing)
04:02:25 (null) IP-BLOCK 195.161.25.7 (Type: incoming)
04:05:05 (null) IP-BLOCK 109.86.183.42 (Type: outgoing)
04:05:58 (null) IP-BLOCK 109.86.183.42 (Type: outgoing)
04:06:01 (null) IP-BLOCK 109.86.183.42 (Type: outgoing)
04:09:22 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
04:09:25 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
04:12:12 (null) MESSAGE IP Protection stopped
04:12:13 (null) MESSAGE Scheduled update executed successfully
04:12:19 (null) MESSAGE Database updated successfully
04:12:26 (null) MESSAGE IP Protection started successfully
04:15:50 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:16:04 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:16:07 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:17:43 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:17:46 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:18:36 (null) IP-BLOCK 89.28.106.158 (Type: incoming)
04:22:24 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:22:27 (null) IP-BLOCK 84.22.123.117 (Type: outgoing)
04:22:47 (null) IP-BLOCK 89.28.89.60 (Type: incoming)
04:24:33 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:24:36 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:24:42 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:25:24 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:25:26 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:25:27 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:25:29 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:25:33 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:25:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:26:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:26:10 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:26:16 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:30:16 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
04:30:19 (null) IP-BLOCK 61.158.219.113 (Type: outgoing)
04:30:51 (null) IP-BLOCK 121.10.120.182 (Type: incoming)
04:30:56 (null) IP-BLOCK 121.10.120.182 (Type: incoming)
04:31:03 (null) IP-BLOCK 121.10.120.182 (Type: incoming)
04:45:18 (null) IP-BLOCK 195.161.7.7 (Type: outgoing)
04:48:17 (null) IP-BLOCK 195.161.25.7 (Type: incoming)
04:52:23 (null) IP-BLOCK 83.128.62.250 (Type: outgoing)
04:54:56 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:54:59 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:55:05 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:55:29 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:55:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:55:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
04:55:41 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:55:44 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:55:50 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
04:56:23 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:56:26 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
04:56:33 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:00:35 (null) IP-BLOCK 94.102.51.164 (Type: outgoing)
05:15:40 (null) IP-BLOCK 83.128.62.250 (Type: outgoing)
05:25:04 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:25:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:25:13 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:25:33 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:25:36 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:25:42 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:25:48 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:25:51 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:25:57 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:26:56 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:26:59 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:27:05 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:32:08 (null) IP-BLOCK 195.161.7.7 (Type: outgoing)
05:36:55 (null) IP-BLOCK 222.70.145.130 (Type: incoming)
05:36:56 (null) IP-BLOCK 222.70.145.130 (Type: incoming)
05:38:51 (null) IP-BLOCK 91.188.63.215 (Type: incoming)
05:42:28 (null) IP-BLOCK 222.69.159.250 (Type: incoming)
05:46:47 (null) IP-BLOCK 218.9.105.238 (Type: outgoing)
05:55:17 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:55:20 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:55:26 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:55:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:55:41 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:55:47 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
05:55:49 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:55:52 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:55:58 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
05:57:09 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:57:12 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:57:18 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
05:59:44 (null) IP-BLOCK 77.78.216.194 (Type: outgoing)
06:00:39 (null) IP-BLOCK 195.78.123.26 (Type: outgoing)
06:02:20 (null) IP-BLOCK 222.65.111.55 (Type: incoming)
06:08:41 (null) IP-BLOCK 79.115.178.184 (Type: incoming)
06:13:40 (null) IP-BLOCK 93.103.86.128 (Type: outgoing)
06:25:37 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:25:38 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:25:40 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:25:41 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:25:46 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:25:47 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:25:54 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:25:57 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:26:03 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:27:32 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:27:35 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:27:41 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:47:15 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:47:18 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:48:40 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:48:55 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:48:58 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:52:36 (null) IP-BLOCK 58.241.131.198 (Type: outgoing)
06:53:30 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:53:33 (null) IP-BLOCK 222.71.129.247 (Type: outgoing)
06:55:38 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:55:41 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:55:47 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:55:53 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:55:55 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:55:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:55:58 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:56:02 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
06:56:04 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
06:57:30 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
06:57:40 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
06:57:51 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:57:54 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
06:58:00 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:00:00 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:00:03 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:00:13 (null) IP-BLOCK 195.161.7.7 (Type: outgoing)
07:01:21 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:01:27 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:02:15 (null) IP-BLOCK 212.113.34.52 (Type: outgoing)
07:03:00 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:03:09 (null) IP-BLOCK 212.113.34.52 (Type: incoming)
07:25:55 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:25:58 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:25:58 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:26:01 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:26:04 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:26:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:26:14 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:26:17 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:26:23 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:28:04 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:28:06 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:28:12 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:35:44 (null) IP-BLOCK 46.19.32.159 (Type: outgoing)
07:39:03 (null) IP-BLOCK 222.76.189.165 (Type: outgoing)
07:56:04 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:56:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:56:12 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:56:13 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:56:15 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:56:18 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:56:21 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:56:21 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
07:56:27 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
07:58:18 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:58:21 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
07:58:27 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:08:12 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:08:15 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:09:43 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:09:46 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:09:49 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:13:59 (null) IP-BLOCK 58.240.252.235 (Type: outgoing)
08:14:24 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:14:27 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:14:28 (null) IP-BLOCK 89.28.31.78 (Type: outgoing)
08:18:41 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:18:44 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:22:43 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:22:46 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:22:52 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:25:41 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:25:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:25:48 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:25:50 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:25:51 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:25:55 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:25:57 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:25:58 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:26:04 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:26:16 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:26:19 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:26:25 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:26:31 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:26:34 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:26:34 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:37 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:40 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:26:43 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:26:56 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:26:59 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:27:05 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:27:22 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:27:25 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:27:27 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:27:30 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:27:36 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:28:28 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:28:31 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:28:37 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:32:05 (null) IP-BLOCK 94.102.52.228 (Type: incoming)
08:32:56 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:32:58 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:32:59 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:33:01 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:33:05 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:33:07 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:33:18 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:33:21 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:33:27 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:35:30 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:35:33 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:45:04 (null) IP-BLOCK 89.28.18.106 (Type: outgoing)
08:45:46 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:45:48 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:45:49 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:45:51 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:45:55 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:45:57 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:46:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:46:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:46:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:47:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:47:10 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:47:16 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:47:27 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:47:30 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:47:36 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:48:25 (null) IP-BLOCK 46.19.32.159 (Type: outgoing)
08:48:33 (null) IP-BLOCK 219.146.155.85 (Type: outgoing)
08:49:35 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:49:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:49:44 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:49:58 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:50:01 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:50:07 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:50:36 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:50:39 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:50:45 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:52:50 (null) IP-BLOCK 77.247.181.164 (Type: outgoing)
08:53:47 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:53:50 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:53:56 (null) IP-BLOCK 77.247.181.165 (Type: outgoing)
08:54:40 (null) IP-BLOCK 77.247.181.162 (Type: outgoing)
08:55:25 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:55:28 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:55:29 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:55:32 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:55:34 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:55:38 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:56:21 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:56:24 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:56:30 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:56:56 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:56:59 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:57:05 (null) IP-BLOCK 109.235.55.11 (Type: outgoing)
08:57:19 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:57:22 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:57:28 (null) IP-BLOCK 194.54.80.150 (Type: outgoing)
08:58:00 (null) IP-BLOCK 94.102.52.228 (Type: outgoing)
08:58:02 (null) IP-BLOCK 219.153.105.99 (Type: incoming)
08:58:03 (null) IP-BLOCK 219.153.105.99 (Type: incoming)
08:58:33 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:58:36 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:58:42 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:59:47 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:59:50 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
08:59:56 (null) IP-BLOCK 193.107.16.156 (Type: outgoing)
09:05:50 (null) IP-BLOCK 94.102.52.228 (Type: incoming)



Oh, and the file Malware has quarantined, should they be deleted (from MWB) or should they remain tehere?

Thanks,
S.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users