Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detected Win64/Patched.A and LuheSirefef.A


  • This topic is locked This topic is locked
25 replies to this topic

#1 Drak_k

Drak_k

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 December 2012 - 04:08 PM

Hello,

I have created a post in the wrong forum and, as instructed there, I am doing a new one here.

To reiterate: I have a windows 7 64bits and AVG notified me that services.exe was infected with Win64/Patched.A (TDSSKiller call it Virus.Win64.ZAccess.A though). Upon running full scan, it detected LuheSirefef.A infection on chrome.exe as well. And the program can't remove both trojan/malwares.

It seems that the virus disabled my firewall. I also can't access google (and any other app from google), facebook and a lot of other sites and login pages. The error given to me (using Chrome) is
01 (net::ERR_CONNECTION_RESET):

I did a run with DDS, TDSSKiller, Avast MBR (it crashes though), ESET Online Scanvirus and FRST64 to produce the logs necessary for conference. They are below. I also ran Malwarebytes Anti-Malware and it remove a lot of malwares (I will post the log as well).


DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Sno_opy at 21:55:12 on 2012-12-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.902 [GMT -2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\explorer.exe
C:\Users\Sno_opy\Desktop\solution\mbam-setup-1.65.1.1000.exe
C:\Users\Sno_opy\AppData\Local\Temp\is-80QO2.tmp\mbam-setup-1.65.1.1000.tmp
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AF-HSS Toolbar: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
uRun: [EPSON T24 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU"
uRun: [AdobeBridge] <no file>
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0416-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Sno_opy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sno_opy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sno_opy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Baixar com Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEDB2575-1CA6-4818-A113-462AB6532359} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\
FF - component: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\djx1p025.Sno_opy\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\NPSWF32.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Sno_opy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sno_opy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\plugins\npgbfnc_abn.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sno_opy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npdsplay.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npJoostPlugin.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\nppl3260.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\nprpjplug.dll
FF - plugin: F:\Arquivos de programas\Opera\program\plugins\npwmsdrm.dll
FF - plugin: F:\Arquivos de programas\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: F:\Arquivos de programas\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: F:\Arquivos de programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-24 56208]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-23 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-9-25 131912]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-4-23 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-4-23 9096]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
S3 PGR1394b;PGR IEEE 1394 Bus host controllers;C:\Windows\System32\drivers\PGR1394.sys [2012-4-23 88064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-12 117040]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-10 23:45:04 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 23:44:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-10 23:44:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 23:44:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 22:59:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-08 15:21:31 -------- d-----w- C:\Program Files (x86)\coverXP
2012-11-22 23:51:28 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-22 23:51:28 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-16 14:40:50 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-11-16 13:04:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 13:04:48 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 13:04:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 13:04:48 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui
2012-11-16 12:53:08 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 12:53:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 12:53:08 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 12:53:08 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 12:53:08 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 12:53:08 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 12:53:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 11:24:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 11:24:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-16 11:24:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-16 11:24:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-16 11:24:04 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 02:52:05 -------- d-----w- C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 22:58:04 -------- d-----w- C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 13:44:41 -------- d-----w- C:\Program Files (x86)\Resource Hacker
2012-11-11 21:57:39 -------- d-----w- C:\Program Files (x86)\GameSave Manager v3
2012-11-11 21:56:34 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 21:54:11 -------- d-----w- C:\Program Files\LinkShellExtension
2012-11-11 21:44:44 -------- d-----w- C:\Program Files (x86)\Tiggit
2012-11-11 21:06:42 -------- d-----w- C:\Users\Sno_opy\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-11-08 16:26:43 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-08 16:26:43 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-07 19:22:10 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-28 20:45:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-10 23:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-10 23:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-10 23:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-10 23:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-10 23:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-10 23:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-10 23:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-10 23:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 15:08:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 15:08:41 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 15:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-01 19:44:17 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 01:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:00:38,39 ===============



TDSS Killer log

21:09:35.0420 1492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:09:35.0569 1492 ============================================================
21:09:35.0569 1492 Current date / time: 2012/12/10 21:09:35.0569
21:09:35.0569 1492 SystemInfo:
21:09:35.0569 1492
21:09:35.0569 1492 OS Version: 6.1.7601 ServicePack: 1.0
21:09:35.0569 1492 Product type: Workstation
21:09:35.0569 1492 ComputerName: NATARAJA
21:09:35.0570 1492 UserName: Sno_opy
21:09:35.0570 1492 Windows directory: C:\Windows
21:09:35.0570 1492 System windows directory: C:\Windows
21:09:35.0570 1492 Running under WOW64
21:09:35.0570 1492 Processor architecture: Intel x64
21:09:35.0570 1492 Number of processors: 2
21:09:35.0570 1492 Page size: 0x1000
21:09:35.0570 1492 Boot type: Safe boot
21:09:35.0570 1492 ============================================================
21:09:42.0493 1492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:09:42.0509 1492 ============================================================
21:09:42.0509 1492 \Device\Harddisk0\DR0:
21:09:42.0571 1492 MBR partitions:
21:09:42.0571 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:42.0571 1492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1913A800
21:09:42.0618 1492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1916D800, BlocksNum 0x23050000
21:09:42.0649 1492 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3C1BE000, BlocksNum 0x38547800
21:09:42.0649 1492 ============================================================
21:09:42.0852 1492 F: <-> \Device\Harddisk0\DR0\Partition4
21:09:43.0039 1492 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:43.0164 1492 E: <-> \Device\Harddisk0\DR0\Partition3
21:09:43.0164 1492 ============================================================
21:09:43.0164 1492 Initialize success
21:09:43.0164 1492 ============================================================
21:09:49.0616 1612 ============================================================
21:09:49.0616 1612 Scan started
21:09:49.0616 1612 Mode: Manual;
21:09:49.0616 1612 ============================================================
21:10:03.0125 1612 ================ Scan system memory ========================
21:10:03.0125 1612 System memory - ok
21:10:03.0125 1612 ================ Scan services =============================
21:10:05.0153 1612 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:10:05.0168 1612 1394ohci - ok
21:10:05.0231 1612 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:10:05.0231 1612 ACPI - ok
21:10:05.0277 1612 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:10:05.0293 1612 AcpiPmi - ok
21:10:05.0371 1612 [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:10:05.0371 1612 ADIHdAudAddService - ok
21:10:05.0667 1612 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:05.0667 1612 AdobeARMservice - ok
21:10:06.0463 1612 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:06.0479 1612 AdobeFlashPlayerUpdateSvc - ok
21:10:06.0806 1612 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:10:06.0822 1612 adp94xx - ok
21:10:07.0321 1612 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:10:07.0337 1612 adpahci - ok
21:10:07.0664 1612 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:10:07.0664 1612 adpu320 - ok
21:10:07.0961 1612 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
21:10:07.0961 1612 AEADIFilters - ok
21:10:08.0117 1612 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:10:08.0117 1612 AeLookupSvc - ok
21:10:08.0507 1612 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:10:08.0507 1612 AFD - ok
21:10:08.0647 1612 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:10:08.0678 1612 agp440 - ok
21:10:09.0006 1612 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:10:09.0021 1612 ALG - ok
21:10:09.0193 1612 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:10:09.0209 1612 aliide - ok
21:10:09.0396 1612 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:10:09.0396 1612 amdide - ok
21:10:09.0864 1612 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:10:09.0864 1612 AmdK8 - ok
21:10:09.0895 1612 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:10:10.0145 1612 AmdPPM - ok
21:10:10.0324 1612 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:10:10.0337 1612 amdsata - ok
21:10:10.0671 1612 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:10:10.0687 1612 amdsbs - ok
21:10:10.0983 1612 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:10:10.0983 1612 amdxata - ok
21:10:11.0311 1612 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
21:10:11.0499 1612 androidusb - ok
21:10:11.0793 1612 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:10:11.0808 1612 AppID - ok
21:10:11.0949 1612 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:10:11.0964 1612 AppIDSvc - ok
21:10:12.0105 1612 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:10:12.0136 1612 Appinfo - ok
21:10:12.0557 1612 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:10:12.0587 1612 AppMgmt - ok
21:10:12.0732 1612 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:10:12.0740 1612 arc - ok
21:10:12.0884 1612 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:10:12.0884 1612 arcsas - ok
21:10:13.0258 1612 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:10:13.0258 1612 AsIO - ok
21:10:14.0285 1612 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:10:14.0740 1612 aspnet_state - ok
21:10:14.0935 1612 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:14.0936 1612 AsyncMac - ok
21:10:15.0098 1612 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:10:15.0099 1612 atapi - ok
21:10:15.0419 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:15.0425 1612 AudioEndpointBuilder - ok
21:10:15.0437 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:10:15.0441 1612 AudioSrv - ok
21:10:17.0471 1612 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:10:17.0677 1612 AVGIDSAgent - ok
21:10:17.0854 1612 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:10:17.0855 1612 AVGIDSDriver - ok
21:10:18.0173 1612 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:10:18.0173 1612 AVGIDSFilter - ok
21:10:18.0345 1612 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:10:18.0345 1612 AVGIDSHA - ok
21:10:18.0813 1612 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:10:18.0813 1612 Avgldx64 - ok
21:10:19.0113 1612 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:10:19.0114 1612 Avgmfx64 - ok
21:10:19.0546 1612 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:10:19.0546 1612 Avgrkx64 - ok
21:10:19.0984 1612 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:10:19.0984 1612 Avgtdia - ok
21:10:20.0062 1612 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:10:20.0062 1612 avgwd - ok
21:10:20.0140 1612 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:10:20.0156 1612 AxInstSV - ok
21:10:20.0265 1612 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:10:20.0327 1612 b06bdrv - ok
21:10:20.0436 1612 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:20.0436 1612 b57nd60a - ok
21:10:20.0640 1612 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:10:20.0656 1612 BDESVC - ok
21:10:20.0831 1612 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:10:20.0831 1612 Beep - ok
21:10:21.0434 1612 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:10:21.0590 1612 BFE - ok
[size="2"]21:10:21.0777 1612 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys[/size]
[size="2"]21:10:21.0777 1612 blbdrive - ok[/size]
[size="2"]21:10:21.0948 1612 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys[/size]
[size="2"]21:10:21.0948 1612 bowser - ok[/size]
[size="2"]21:10:22.0112 1612 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys[/size]
[size="2"]21:10:22.0121 1612 BrFiltLo - ok[/size]
[size="2"]21:10:22.0137 1612 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys[/size]
[size="2"]21:10:22.0144 1612 BrFiltUp - ok[/size]
[size="2"]21:10:22.0305 1612 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll[/size]
[size="2"]21:10:22.0306 1612 Browser - ok[/size]
[size="2"]21:10:22.0481 1612 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys[/size]
[size="2"]21:10:22.0617 1612 Brserid - ok[/size]
[size="2"]21:10:22.0753 1612 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys[/size]
[size="2"]21:10:22.0764 1612 BrSerWdm - ok[/size]
[size="2"]21:10:22.0916 1612 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys[/size]
[size="2"]21:10:22.0924 1612 BrUsbMdm - ok[/size]
[size="2"]21:10:23.0081 1612 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys[/size]
[size="2"]21:10:23.0094 1612 BrUsbSer - ok[/size]
[size="2"]21:10:23.0137 1612 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys[/size]
[size="2"]21:10:23.0145 1612 BTHMODEM - ok[/size]
[size="2"]21:10:23.0337 1612 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll[/size]
[size="2"]21:10:23.0339 1612 bthserv - ok[/size]
[size="2"]21:10:23.0545 1612 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys[/size]
[size="2"]21:10:23.0548 1612 cdfs - ok[/size]
[size="2"]21:10:23.0589 1612 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys[/size]
[size="2"]21:10:23.0591 1612 cdrom - ok[/size]
[size="2"]21:10:23.0633 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll[/size]
[size="2"]21:10:23.0643 1612 CertPropSvc - ok[/size]
[size="2"]21:10:23.0671 1612 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys[/size]
[size="2"]21:10:23.0673 1612 circlass - ok[/size]
[size="2"]21:10:23.0838 1612 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys[/size]
[size="2"]21:10:23.0842 1612 CLFS - ok[/size]
[size="2"]21:10:24.0185 1612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[/size]
[size="2"]21:10:24.0383 1612 clr_optimization_v2.0.50727_32 - ok[/size]
[size="2"]21:10:24.0585 1612 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe[/size]
[size="2"]21:10:24.0785 1612 clr_optimization_v2.0.50727_64 - ok[/size]
[size="2"]21:10:25.0210 1612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[/size]
[size="2"]21:10:27.0535 1612 clr_optimization_v4.0.30319_32 - ok[/size]
[size="2"]21:10:27.0847 1612 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[/size]
[size="2"]21:10:28.0299 1612 clr_optimization_v4.0.30319_64 - ok[/size]
[size="2"]21:10:28.0439 1612 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys[/size]
[size="2"]21:10:28.0455 1612 CmBatt - ok[/size]
[size="2"]21:10:28.0490 1612 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys[/size]
[size="2"]21:10:28.0491 1612 cmdide - ok[/size]
[size="2"]21:10:28.0781 1612 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys[/size]
[size="2"]21:10:28.0781 1612 CNG - ok[/size]
[size="2"]21:10:29.0077 1612 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys[/size]
[size="2"]21:10:29.0077 1612 Compbatt - ok[/size]
[size="2"]21:10:29.0218 1612 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys[/size]
[size="2"]21:10:29.0218 1612 CompositeBus - ok[/size]
[size="2"]21:10:29.0576 1612 COMSysApp - ok[/size]
[size="2"]21:10:29.0748 1612 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys[/size]
[size="2"]21:10:29.0764 1612 crcdisk - ok[/size]
[size="2"]21:10:29.0921 1612 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll[/size]
[size="2"]21:10:29.0922 1612 CryptSvc - ok[/size]
[size="2"]21:10:30.0232 1612 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys[/size]
[size="2"]21:10:30.0232 1612 CSC - ok[/size]
[size="2"]21:10:30.0715 1612 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll[/size]
[size="2"]21:10:30.0715 1612 CscService - ok[/size]
[size="2"]21:10:31.0027 1612 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys[/size]
[size="2"]21:10:31.0027 1612 dc3d - ok[/size]
[size="2"]21:10:31.0355 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll[/size]
[size="2"]21:10:31.0511 1612 DcomLaunch - ok[/size]
[size="2"]21:10:31.0854 1612 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll[/size]
[size="2"]21:10:32.0010 1612 defragsvc - ok[/size]
[size="2"]21:10:32.0525 1612 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe[/size]
[size="2"]21:10:32.0541 1612 Desura Install Service - ok[/size]
[size="2"]21:10:32.0681 1612 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys[/size]
[size="2"]21:10:32.0681 1612 DfsC - ok[/size]
[size="2"]21:10:32.0962 1612 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll[/size]
[size="2"]21:10:32.0977 1612 Dhcp - ok[/size]
[size="2"]21:10:33.0118 1612 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys[/size]
[size="2"]21:10:33.0118 1612 discache - ok[/size]
[size="2"]21:10:33.0274 1612 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys[/size]
[size="2"]21:10:33.0274 1612 Disk - ok[/size]
[size="2"]21:10:33.0430 1612 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys[/size]
[size="2"]21:10:33.0445 1612 dmvsc - ok[/size]
[size="2"]21:10:33.0617 1612 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll[/size]
[size="2"]21:10:33.0617 1612 Dnscache - ok[/size]
[size="2"]21:10:34.0063 1612 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll[/size]
[size="2"]21:10:34.0077 1612 dot3svc - ok[/size]
[size="2"]21:10:34.0224 1612 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll[/size]
[size="2"]21:10:34.0225 1612 DPS - ok[/size]
[size="2"]21:10:34.0508 1612 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys[/size]
[size="2"]21:10:34.0508 1612 drmkaud - ok[/size]
[size="2"]21:10:34.0836 1612 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys[/size]
[size="2"]21:10:34.0836 1612 DXGKrnl - ok[/size]
[size="2"]21:10:34.0992 1612 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll[/size]
[size="2"]21:10:34.0992 1612 EapHost - ok[/size]
[size="2"]21:10:36.0053 1612 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys[/size]
[size="2"]21:10:36.0349 1612 ebdrv - ok[/size]
[size="2"]21:10:36.0536 1612 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe[/size]
[size="2"]21:10:36.0536 1612 EFS - ok[/size]
[size="2"]21:10:37.0129 1612 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe[/size]
[size="2"]21:10:37.0129 1612 ehRecvr - ok[/size]
[size="2"]21:10:37.0160 1612 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe[/size]
[size="2"]21:10:37.0160 1612 ehSched - ok[/size]
[size="2"]21:10:37.0192 1612 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys[/size]
[size="2"]21:10:37.0192 1612 elxstor - ok[/size]
[size="2"]21:10:37.0223 1612 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys[/size]
[size="2"]21:10:37.0223 1612 epmntdrv - ok[/size]
[size="2"]21:10:37.0316 1612 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE[/size]
[size="2"]21:10:37.0332 1612 EPSON_EB_RPCV4_01 - ok[/size]
[size="2"]21:10:37.0348 1612 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE[/size]
[size="2"]21:10:37.0363 1612 EPSON_PM_RPCV4_01 - ok[/size]
[size="2"]21:10:37.0363 1612 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys[/size]
[size="2"]21:10:37.0363 1612 ErrDev - ok[/size]
[size="2"]21:10:37.0379 1612 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys[/size]
[size="2"]21:10:37.0379 1612 EuGdiDrv - ok[/size]
[size="2"]21:10:37.0410 1612 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll[/size]
[size="2"]21:10:37.0426 1612 EventSystem - ok[/size]
[size="2"]21:10:37.0441 1612 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys[/size]
[size="2"]21:10:37.0441 1612 exfat - ok[/size]
[size="2"]21:10:37.0472 1612 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys[/size]
[size="2"]21:10:37.0472 1612 fastfat - ok[/size]
[size="2"]21:10:37.0519 1612 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe[/size]
[size="2"]21:10:37.0519 1612 Fax - ok[/size]
[size="2"]21:10:37.0550 1612 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys[/size]
[size="2"]21:10:37.0550 1612 fdc - ok[/size]
[size="2"]21:10:37.0566 1612 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll[/size]
[size="2"]21:10:37.0566 1612 fdPHost - ok[/size]
[size="2"]21:10:37.0582 1612 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll[/size]
[size="2"]21:10:37.0582 1612 FDResPub - ok[/size]
[size="2"]21:10:37.0582 1612 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys[/size]
[size="2"]21:10:37.0582 1612 FileInfo - ok[/size]
[size="2"]21:10:37.0597 1612 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys[/size]
[size="2"]21:10:37.0597 1612 Filetrace - ok[/size]
[size="2"]21:10:37.0613 1612 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys[/size]
[size="2"]21:10:37.0613 1612 flpydisk - ok[/size]
[size="2"]21:10:37.0644 1612 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys[/size]
[size="2"]21:10:37.0644 1612 FltMgr - ok[/size]
[size="2"]21:10:37.0675 1612 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll[/size]
[size="2"]21:10:37.0691 1612 FontCache - ok[/size]
[size="2"]21:10:37.0738 1612 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[/size]
[size="2"]21:10:37.0738 1612 FontCache3.0.0.0 - ok[/size]
[size="2"]21:10:37.0769 1612 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys[/size]
[size="2"]21:10:37.0769 1612 FsDepends - ok[/size]
[size="2"]21:10:37.0784 1612 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys[/size]
[size="2"]21:10:37.0784 1612 Fs_Rec - ok[/size]
[size="2"]21:10:37.0800 1612 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys[/size]
[size="2"]21:10:37.0800 1612 fvevol - ok[/size]
[size="2"]21:10:37.0816 1612 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys[/size]
[size="2"]21:10:37.0816 1612 gagp30kx - ok[/size]
[size="2"]21:10:37.0847 1612 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll[/size]
[size="2"]21:10:37.0847 1612 gpsvc - ok[/size]
[size="2"]21:10:37.0878 1612 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe[/size]
[size="2"]21:10:37.0878 1612 gusvc - ok[/size]
[size="2"]21:10:37.0925 1612 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys[/size]
[size="2"]21:10:37.0925 1612 hamachi - ok[/size]
[size="2"]21:10:37.0956 1612 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys[/size]
[size="2"]21:10:37.0956 1612 hcw85cir - ok[/size]
[size="2"]21:10:38.0003 1612 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys[/size]
[size="2"]21:10:38.0003 1612 HdAudAddService - ok[/size]
[size="2"]21:10:38.0018 1612 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys[/size]
[size="2"]21:10:38.0018 1612 HDAudBus - ok[/size]
[size="2"]21:10:38.0034 1612 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys[/size]
[size="2"]21:10:38.0034 1612 HidBatt - ok[/size]
[size="2"]21:10:38.0034 1612 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys[/size]
[size="2"]21:10:38.0034 1612 HidBth - ok[/size]
[size="2"]21:10:38.0050 1612 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys[/size]
[size="2"]21:10:38.0050 1612 HidIr - ok[/size]
[size="2"]21:10:38.0065 1612 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll[/size]
[size="2"]21:10:38.0065 1612 hidserv - ok[/size]
[size="2"]21:10:38.0096 1612 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys[/size]
[size="2"]21:10:38.0096 1612 HidUsb - ok[/size]
[size="2"]21:10:38.0112 1612 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll[/size]
[size="2"]21:10:38.0112 1612 hkmsvc - ok[/size]
[size="2"]21:10:38.0128 1612 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll[/size]
[size="2"]21:10:38.0128 1612 HomeGroupListener - ok[/size]
[size="2"]21:10:38.0143 1612 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll[/size]
[size="2"]21:10:38.0143 1612 HomeGroupProvider - ok[/size]
[size="2"]21:10:38.0159 1612 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys[/size]
[size="2"]21:10:38.0159 1612 HpSAMD - ok[/size]
[size="2"]21:10:38.0221 1612 [ B7CFE93627E7796624004687125A729F ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[/size]
[size="2"]21:10:38.0237 1612 hshld - ok[/size]
[size="2"]21:10:38.0268 1612 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys[/size]
[size="2"]21:10:38.0284 1612 HssDrv - ok[/size]
[size="2"]21:10:38.0299 1612 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[/size]
[size="2"]21:10:38.0299 1612 HssSrv - ok[/size]
[size="2"]21:10:38.0346 1612 [ B3C6EEEFF5C5EA3235B7D84317C1FB3F ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE[/size]
[size="2"]21:10:38.0346 1612 HssTrayService - ok[/size]
[size="2"]21:10:38.0346 1612 HssWd - ok[/size]
[size="2"]21:10:38.0393 1612 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys[/size]
[size="2"]21:10:38.0408 1612 HTTP - ok[/size]
[size="2"]21:10:38.0424 1612 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys[/size]
[size="2"]21:10:38.0424 1612 hwpolicy - ok[/size]
[size="2"]21:10:38.0440 1612 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys[/size]
[size="2"]21:10:38.0440 1612 i8042prt - ok[/size]
[size="2"]21:10:38.0486 1612 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys[/size]
[size="2"]21:10:38.0486 1612 iaStorV - ok[/size]
[size="2"]21:10:38.0549 1612 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[/size]
[size="2"]21:10:38.0564 1612 idsvc - ok[/size]
[size="2"]21:10:38.0596 1612 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys[/size]
[size="2"]21:10:38.0596 1612 iirsp - ok[/size]
[size="2"]21:10:38.0611 1612 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll[/size]
[size="2"]21:10:38.0627 1612 IKEEXT - ok[/size]
[size="2"]21:10:38.0642 1612 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys[/size]
[size="2"]21:10:38.0642 1612 intelide - ok[/size]
[size="2"]21:10:38.0658 1612 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys[/size]
[size="2"]21:10:38.0658 1612 intelppm - ok[/size]
[size="2"]21:10:38.0689 1612 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll[/size]
[size="2"]21:10:38.0689 1612 IPBusEnum - ok[/size]
[size="2"]21:10:38.0705 1612 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys[/size]
[size="2"]21:10:38.0705 1612 IpFilterDriver - ok[/size]
[size="2"]21:10:38.0736 1612 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll[/size]
[size="2"]21:10:38.0752 1612 iphlpsvc - ok[/size]
[size="2"]21:10:38.0752 1612 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys[/size]
[size="2"]21:10:38.0752 1612 IPMIDRV - ok[/size]
[size="2"]21:10:38.0767 1612 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys[/size]
[size="2"]21:10:38.0767 1612 IPNAT - ok[/size]
[size="2"]21:10:38.0783 1612 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys[/size]
[size="2"]21:10:38.0783 1612 IRENUM - ok[/size]
[size="2"]21:10:38.0798 1612 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys[/size]
[size="2"]21:10:38.0798 1612 isapnp - ok[/size]
[size="2"]21:10:38.0830 1612 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys[/size]
[size="2"]21:10:38.0830 1612 iScsiPrt - ok[/size]
[size="2"]21:10:38.0845 1612 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys[/size]
[size="2"]21:10:38.0845 1612 kbdclass - ok[/size]
[size="2"]21:10:38.0861 1612 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys[/size]
[size="2"]21:10:38.0861 1612 kbdhid - ok[/size]
[size="2"]21:10:38.0876 1612 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe[/size]
[size="2"]21:10:38.0876 1612 KeyIso - ok[/size]
[size="2"]21:10:38.0908 1612 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys[/size]
[size="2"]21:10:38.0908 1612 KSecDD - ok[/size]
[size="2"]21:10:38.0923 1612 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys[/size]
[size="2"]21:10:38.0923 1612 KSecPkg - ok[/size]
[size="2"]21:10:38.0954 1612 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys[/size]
[size="2"]21:10:38.0954 1612 ksthunk - ok[/size]
[size="2"]21:10:38.0970 1612 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll[/size]
[size="2"]21:10:38.0970 1612 KtmRm - ok[/size]
[size="2"]21:10:39.0001 1612 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll[/size]
[size="2"]21:10:39.0001 1612 LanmanServer - ok[/size]
[size="2"]21:10:39.0017 1612 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll[/size]
[size="2"]21:10:39.0017 1612 LanmanWorkstation - ok[/size]
[size="2"]21:10:39.0032 1612 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys[/size]
[size="2"]21:10:39.0032 1612 lltdio - ok[/size]
[size="2"]21:10:39.0048 1612 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll[/size]
[size="2"]21:10:39.0048 1612 lltdsvc - ok[/size]
[size="2"]21:10:39.0064 1612 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll[/size]
[size="2"]21:10:39.0064 1612 lmhosts - ok[/size]
[size="2"]21:10:39.0079 1612 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys[/size]
[size="2"]21:10:39.0079 1612 LPCFilter - ok[/size]
[size="2"]21:10:39.0095 1612 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys[/size]
[size="2"]21:10:39.0095 1612 LSI_FC - ok[/size]
[size="2"]21:10:39.0110 1612 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys[/size]
[size="2"]21:10:39.0110 1612 LSI_SAS - ok[/size]
[size="2"]21:10:39.0126 1612 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys[/size]
[size="2"]21:10:39.0126 1612 LSI_SAS2 - ok[/size]
[size="2"]21:10:39.0126 1612 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys[/size]
[size="2"]21:10:39.0126 1612 LSI_SCSI - ok[/size]
[size="2"]21:10:39.0142 1612 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys[/size]
[size="2"]21:10:39.0157 1612 luafv - ok[/size]
[size="2"]21:10:39.0188 1612 [ 4CB64D7458ABD8396BCD389A69C8FC80 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys[/size]
[size="2"]21:10:39.0188 1612 lvpepf64 - ok[/size]
[size="2"]21:10:39.0204 1612 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys[/size]
[size="2"]21:10:39.0204 1612 LVUSBS64 - ok[/size]
[size="2"]21:10:39.0251 1612 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys[/size]
[size="2"]21:10:39.0251 1612 mcdbus - ok[/size]
[size="2"]21:10:39.0282 1612 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll[/size]
[size="2"]21:10:39.0282 1612 Mcx2Svc - ok[/size]
[size="2"]21:10:39.0298 1612 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys[/size]
[size="2"]21:10:39.0298 1612 megasas - ok[/size]
[size="2"]21:10:39.0313 1612 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys[/size]
[size="2"]21:10:39.0313 1612 MegaSR - ok[/size]
[size="2"]21:10:39.0391 1612 Microsoft SharePoint Workspace Audit Service - ok[/size]
[size="2"]21:10:39.0422 1612 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll[/size]
[size="2"]21:10:39.0422 1612 MMCSS - ok[/size]
[size="2"]21:10:39.0422 1612 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys[/size]
[size="2"]21:10:39.0422 1612 Modem - ok[/size]
[size="2"]21:10:39.0454 1612 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys[/size]
[size="2"]21:10:39.0454 1612 monitor - ok[/size]
[size="2"]21:10:39.0469 1612 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys[/size]
[size="2"]21:10:39.0469 1612 mouclass - ok[/size]
[size="2"]21:10:39.0469 1612 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys[/size]
[size="2"]21:10:39.0469 1612 mouhid - ok[/size]
[size="2"]21:10:39.0485 1612 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys[/size]
[size="2"]21:10:39.0485 1612 mountmgr - ok[/size]
[size="2"]21:10:39.0532 1612 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe[/size]
[size="2"]21:10:39.0532 1612 MozillaMaintenance - ok[/size]
[size="2"]21:10:39.0563 1612 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys[/size]
[size="2"]21:10:39.0563 1612 mpio - ok[/size]
[size="2"]21:10:39.0578 1612 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys[/size]
[size="2"]21:10:39.0578 1612 mpsdrv - ok[/size]
[size="2"]21:10:39.0610 1612 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll[/size]
[size="2"]21:10:39.0625 1612 MpsSvc - ok[/size]
[size="2"]21:10:39.0625 1612 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys[/size]
[size="2"]21:10:39.0625 1612 MRxDAV - ok[/size]
[size="2"]21:10:39.0656 1612 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys[/size]
[size="2"]21:10:39.0672 1612 mrxsmb - ok[/size]
[size="2"]21:10:39.0688 1612 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys[/size]
[size="2"]21:10:39.0688 1612 mrxsmb10 - ok[/size]
[size="2"]21:10:39.0688 1612 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys[/size]
[size="2"]21:10:39.0703 1612 mrxsmb20 - ok[/size]
[size="2"]21:10:39.0719 1612 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys[/size]
[size="2"]21:10:39.0719 1612 msahci - ok[/size]
[size="2"]21:10:39.0734 1612 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys[/size]
[size="2"]21:10:39.0734 1612 msdsm - ok[/size]
[size="2"]21:10:39.0750 1612 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe[/size]
[size="2"]21:10:39.0750 1612 MSDTC - ok[/size]
[size="2"]21:10:39.0797 1612 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys[/size]
[size="2"]21:10:39.0797 1612 Msfs - ok[/size]
[size="2"]21:10:39.0812 1612 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys[/size]
[size="2"]21:10:39.0812 1612 mshidkmdf - ok[/size]
[size="2"]21:10:39.0828 1612 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys[/size]
[size="2"]21:10:39.0828 1612 msisadrv - ok[/size]
[size="2"]21:10:39.0844 1612 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll[/size]
[size="2"]21:10:39.0844 1612 MSiSCSI - ok[/size]
[size="2"]21:10:39.0859 1612 msiserver - ok[/size]
[size="2"]21:10:39.0875 1612 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys[/size]
[size="2"]21:10:39.0875 1612 MSKSSRV - ok[/size]
[size="2"]21:10:39.0890 1612 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys[/size]
[size="2"]21:10:39.0890 1612 MSPCLOCK - ok[/size]
[size="2"]21:10:39.0906 1612 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys[/size]
[size="2"]21:10:39.0906 1612 MSPQM - ok[/size]
[size="2"]21:10:39.0922 1612 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys[/size]
[size="2"]21:10:39.0922 1612 MsRPC - ok[/size]
[size="2"]21:10:39.0953 1612 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys[/size]
[size="2"]21:10:39.0953 1612 mssmbios - ok[/size]
[size="2"]21:10:39.0968 1612 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys[/size]
[size="2"]21:10:39.0968 1612 MSTEE - ok[/size]
[size="2"]21:10:39.0984 1612 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys[/size]
[size="2"]21:10:39.0984 1612 MTConfig - ok[/size]
[size="2"]21:10:40.0000 1612 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys[/size]
[size="2"]21:10:40.0000 1612 MTsensor - ok[/size]
[size="2"]21:10:40.0015 1612 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys[/size]
[size="2"]21:10:40.0015 1612 Mup - ok[/size]
[size="2"]21:10:40.0031 1612 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll[/size]
[size="2"]21:10:40.0046 1612 napagent - ok[/size]
[size="2"]21:10:40.0062 1612 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys[/size]
[size="2"]21:10:40.0062 1612 NativeWifiP - ok[/size]
[size="2"]21:10:40.0109 1612 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys[/size]
[size="2"]21:10:40.0124 1612 NDIS - ok[/size]
[size="2"]21:10:40.0156 1612 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys[/size]
[size="2"]21:10:40.0156 1612 NdisCap - ok[/size]
[size="2"]21:10:40.0156 1612 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys[/size]
[size="2"]21:10:40.0171 1612 NdisTapi - ok[/size]
[size="2"]21:10:40.0187 1612 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys[/size]
[size="2"]21:10:40.0187 1612 Ndisuio - ok[/size]
[size="2"]21:10:40.0202 1612 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys[/size]
[size="2"]21:10:40.0202 1612 NdisWan - ok[/size]
[size="2"]21:10:40.0218 1612 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys[/size]
[size="2"]21:10:40.0218 1612 NDProxy - ok[/size]
[size="2"]21:10:40.0218 1612 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys[/size]
[size="2"]21:10:40.0218 1612 NetBIOS - ok[/size]
[size="2"]21:10:40.0234 1612 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys[/size]
[size="2"]21:10:40.0249 1612 NetBT - ok[/size]
[size="2"]21:10:40.0265 1612 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe[/size]
[size="2"]21:10:40.0265 1612 Netlogon - ok[/size]
[size="2"]21:10:40.0280 1612 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll[/size]
[size="2"]21:10:40.0296 1612 Netman - ok[/size]
[size="2"]21:10:40.0312 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="2"]21:10:40.0358 1612 NetMsmqActivator - ok[/size]
[size="2"]21:10:40.0358 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="2"]21:10:40.0374 1612 NetPipeActivator - ok[/size]
[size="2"]21:10:40.0390 1612 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll[/size]
[size="2"]21:10:40.0390 1612 netprofm - ok[/size]
[size="2"]21:10:40.0405 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="2"]21:10:40.0405 1612 NetTcpActivator - ok[/size]
[size="2"]21:10:40.0405 1612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="2"]21:10:40.0405 1612 NetTcpPortSharing - ok[/size]
[size="2"]21:10:40.0421 1612 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys[/size]
[size="2"]21:10:40.0421 1612 nfrd960 - ok[/size]
[size="2"]21:10:40.0436 1612 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll[/size]
[size="2"]21:10:40.0436 1612 NlaSvc - ok[/size]
[size="2"]21:10:40.0468 1612 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys[/size]
[size="2"]21:10:40.0468 1612 nmwcd - ok[/size]
[size="2"]21:10:40.0530 1612 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys[/size]
[size="2"]21:10:40.0530 1612 nmwcdc - ok[/size]
[size="2"]21:10:40.0546 1612 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys[/size]
[size="2"]21:10:40.0546 1612 Npfs - ok[/size]
[size="2"]21:10:40.0546 1612 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll[/size]
[size="2"]21:10:40.0561 1612 nsi - ok[/size]
[size="2"]21:10:40.0561 1612 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys[/size]
[size="2"]21:10:40.0561 1612 nsiproxy - ok[/size]
[size="2"]21:10:40.0624 1612 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys[/size]
[size="2"]21:10:40.0655 1612 Ntfs - ok[/size]
[size="2"]21:10:40.0702 1612 nTuneService - ok[/size]
[size="2"]21:10:40.0733 1612 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys[/size]
[size="2"]21:10:40.0733 1612 NuidFltr - ok[/size]
[size="2"]21:10:40.0748 1612 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys[/size]
[size="2"]21:10:40.0748 1612 Null - ok[/size]
[size="2"]21:10:40.0780 1612 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys[/size]
[size="2"]21:10:40.0780 1612 NVENETFD - ok[/size]
[size="2"]21:10:40.0811 1612 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys[/size]
[size="2"]21:10:40.0811 1612 NVHDA - ok[/size]
[size="2"]21:10:41.0060 1612 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys[/size]
[size="2"]21:10:41.0263 1612 nvlddmkm - ok[/size]
[size="2"]21:10:41.0310 1612 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys[/size]
[size="2"]21:10:41.0310 1612 nvoclk64 - ok[/size]
[size="2"]21:10:41.0326 1612 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys[/size]
[size="2"]21:10:41.0326 1612 nvraid - ok[/size]
[size="2"]21:10:41.0341 1612 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys[/size]
[size="2"]21:10:41.0341 1612 nvstor - ok[/size]
[size="2"]21:10:41.0372 1612 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe[/size]
[size="2"]21:10:41.0388 1612 nvsvc - ok[/size]
[size="2"]21:10:41.0419 1612 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[/size]
[size="2"]21:10:41.0435 1612 nvUpdatusService - ok[/size]
[size="2"]21:10:41.0466 1612 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys[/size]
[size="2"]21:10:41.0466 1612 nv_agp - ok[/size]
[size="2"]21:10:41.0482 1612 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys[/size]
[size="2"]21:10:41.0482 1612 ohci1394 - ok[/size]
[size="2"]21:10:41.0544 1612 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[/size]
[size="2"]21:10:41.0544 1612 ose - ok[/size]
[size="2"]21:10:41.0684 1612 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[/size]
[size="2"]21:10:41.0778 1612 osppsvc - ok[/size]
[size="2"]21:10:41.0809 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll[/size]
[size="2"]21:10:41.0809 1612 p2pimsvc - ok[/size]
[size="2"]21:10:41.0825 1612 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll[/size]
[size="2"]21:10:41.0840 1612 p2psvc - ok[/size]
[size="2"]21:10:41.0856 1612 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys[/size]
[size="2"]21:10:41.0856 1612 Parport - ok[/size]
[size="2"]21:10:41.0872 1612 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys[/size]
[size="2"]21:10:41.0872 1612 partmgr - ok[/size]
[size="2"]21:10:41.0887 1612 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll[/size]
[size="2"]21:10:41.0903 1612 PcaSvc - ok[/size]
[size="2"]21:10:41.0934 1612 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys[/size]
[size="2"]21:10:41.0934 1612 pccsmcfd - ok[/size]
[size="2"]21:10:41.0950 1612 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys[/size]
[size="2"]21:10:41.0965 1612 pci - ok[/size]
[size="2"]21:10:41.0965 1612 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys[/size]
[size="2"]21:10:41.0965 1612 pciide - ok[/size]
[size="2"]21:10:41.0981 1612 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys[/size]
[size="2"]21:10:41.0981 1612 pcmcia - ok[/size]
[size="2"]21:10:42.0012 1612 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys[/size]
[size="2"]21:10:42.0012 1612 pcw - ok[/size]
[size="2"]21:10:42.0028 1612 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys[/size]
[size="2"]21:10:42.0043 1612 PEAUTH - ok[/size]
[size="2"]21:10:42.0090 1612 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll[/size]
[size="2"]21:10:42.0106 1612 PeerDistSvc - ok[/size]
[size="2"]21:10:42.0184 1612 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe[/size]
[size="2"]21:10:42.0230 1612 PerfHost - ok[/size]
[size="2"]21:10:42.0277 1612 [ 9CE52A8D939A5ED0526AE7D7E5DB9755 ] PGR1394b C:\Windows\system32\DRIVERS\PGR1394.sys[/size]
[size="2"]21:10:42.0277 1612 PGR1394b - ok[/size]
[size="2"]21:10:42.0308 1612 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS[/size]
[size="2"]21:10:42.0324 1612 PID_PEPI - ok[/size]
[size="2"]21:10:42.0355 1612 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll[/size]
[size="2"]21:10:42.0371 1612 pla - ok[/size]
[size="2"]21:10:42.0402 1612 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll[/size]
[size="2"]21:10:42.0402 1612 PlugPlay - ok[/size]
[size="2"]21:10:42.0433 1612 PnkBstrA - ok[/size]
[size="2"]21:10:42.0449 1612 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll[/size]
[size="2"]21:10:42.0449 1612 PNRPAutoReg - ok[/size]
[size="2"]21:10:42.0464 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll[/size]
[size="2"]21:10:42.0464 1612 PNRPsvc - ok[/size]
[size="2"]21:10:42.0496 1612 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys[/size]
[size="2"]21:10:42.0496 1612 Point64 - ok[/size]
[size="2"]21:10:42.0527 1612 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll[/size]
[size="2"]21:10:42.0527 1612 PolicyAgent - ok[/size]
[size="2"]21:10:42.0558 1612 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll[/size]
[size="2"]21:10:42.0574 1612 Power - ok[/size]
[size="2"]21:10:42.0589 1612 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys[/size]
[size="2"]21:10:42.0589 1612 PptpMiniport - ok[/size]
[size="2"]21:10:42.0605 1612 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys[/size]
[size="2"]21:10:42.0605 1612 Processor - ok[/size]
[size="2"]21:10:42.0636 1612 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll[/size]
[size="2"]21:10:42.0636 1612 ProfSvc - ok[/size]
[size="2"]21:10:42.0652 1612 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe[/size]
[size="2"]21:10:42.0652 1612 ProtectedStorage - ok[/size]
[size="2"]21:10:42.0667 1612 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys[/size]
[size="2"]21:10:42.0667 1612 Psched - ok[/size]
[size="2"]21:10:42.0714 1612 [ 0B6DEA0A1662CAB8F2BF339DC0752EF4 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[/size]
[size="2"]21:10:42.0714 1612 PSI_SVC_2 - ok[/size]
[size="2"]21:10:42.0776 1612 [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[/size]
[size="2"]21:10:42.0776 1612 PSI_SVC_2_x64 - ok[/size]
[size="2"]21:10:42.0808 1612 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys[/size]
[size="2"]21:10:42.0808 1612 PxHlpa64 - ok[/size]
[size="2"]21:10:42.0839 1612 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys[/size]
[size="2"]21:10:42.0854 1612 ql2300 - ok[/size]
[size="2"]21:10:42.0870 1612 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys[/size]
[size="2"]21:10:42.0886 1612 ql40xx - ok[/size]
[size="2"]21:10:42.0901 1612 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll[/size]
[size="2"]21:10:42.0901 1612 QWAVE - ok[/size]
[size="2"]21:10:42.0901 1612 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys[/size]
[size="2"]21:10:42.0901 1612 QWAVEdrv - ok[/size]
[size="2"]21:10:42.0917 1612 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys[/size]
[size="2"]21:10:42.0917 1612 RasAcd - ok[/size]
[size="2"]21:10:42.0932 1612 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys[/size]
[size="2"]21:10:42.0932 1612 RasAgileVpn - ok[/size]
[size="2"]21:10:42.0932 1612 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll[/size]
[size="2"]21:10:42.0932 1612 RasAuto - ok[/size]
[size="2"]21:10:42.0964 1612 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys[/size]
[size="2"]21:10:42.0964 1612 Rasl2tp - ok[/size]
[size="2"]21:10:42.0979 1612 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll[/size]
[size="2"]21:10:42.0979 1612 RasMan - ok[/size]
[size="2"]21:10:42.0995 1612 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys[/size]
[size="2"]21:10:42.0995 1612 RasPppoe - ok[/size]
[size="2"]21:10:43.0010 1612 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys[/size]
[size="2"]21:10:43.0010 1612 RasSstp - ok[/size]
[size="2"]21:10:43.0042 1612 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys[/size]
[size="2"]21:10:43.0042 1612 rdbss - ok[/size]
[size="2"]21:10:43.0057 1612 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys[/size]
[size="2"]21:10:43.0057 1612 rdpbus - ok[/size]
[size="2"]21:10:43.0088 1612 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys[/size]
[size="2"]21:10:43.0088 1612 RDPCDD - ok[/size]
[size="2"]21:10:43.0104 1612 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys[/size]
[size="2"]21:10:43.0104 1612 RDPDR - ok[/size]
[size="2"]21:10:43.0135 1612 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys[/size]
[size="2"]21:10:43.0135 1612 RDPENCDD - ok[/size]
[size="2"]21:10:43.0151 1612 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys[/size]
[size="2"]21:10:43.0151 1612 RDPREFMP - ok[/size]
[size="2"]21:10:43.0198 1612 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys[/size]
[size="2"]21:10:43.0198 1612 RdpVideoMiniport - ok[/size]
[size="2"]21:10:43.0229 1612 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys[/size]
[size="2"]21:10:43.0229 1612 RDPWD - ok[/size]
[size="2"]21:10:43.0244 1612 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys[/size]
[size="2"]21:10:43.0244 1612 rdyboost - ok[/size]
[size="2"]21:10:43.0260 1612 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll[/size]
[size="2"]21:10:43.0276 1612 RemoteAccess - ok[/size]
[size="2"]21:10:43.0276 1612 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll[/size]
[size="2"]21:10:43.0291 1612 RemoteRegistry - ok[/size]
[size="2"]21:10:43.0291 1612 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll[/size]
[size="2"]21:10:43.0291 1612 RpcEptMapper - ok[/size]
[size="2"]21:10:43.0307 1612 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe[/size]
[size="2"]21:10:43.0307 1612 RpcLocator - ok[/size]
[size="2"]21:10:43.0322 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll[/size]
[size="2"]21:10:43.0322 1612 RpcSs - ok[/size]
[size="2"]21:10:43.0338 1612 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys[/size]
[size="2"]21:10:43.0338 1612 rspndr - ok[/size]
[size="2"]21:10:43.0369 1612 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys[/size]
[size="2"]21:10:43.0369 1612 RTL8187 - ok[/size]
[size="2"]21:10:43.0416 1612 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys[/size]
[size="2"]21:10:43.0432 1612 s3cap - ok[/size]
[size="2"]21:10:43.0432 1612 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe[/size]
[size="2"]21:10:43.0432 1612 SamSs - ok[/size]
[size="2"]21:10:43.0451 1612 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys[/size]
[size="2"]21:10:43.0453 1612 sbp2port - ok[/size]
[size="2"]21:10:43.0505 1612 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[/size]
[size="2"]21:10:43.0517 1612 SBSDWSCService - ok[/size]
[size="2"]21:10:43.0529 1612 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll[/size]
[size="2"]21:10:43.0532 1612 SCardSvr - ok[/size]
[size="2"]21:10:43.0551 1612 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys[/size]
[size="2"]21:10:43.0552 1612 scfilter - ok[/size]
[size="2"]21:10:43.0581 1612 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll[/size]
[size="2"]21:10:43.0592 1612 Schedule - ok[/size]
[size="2"]21:10:43.0611 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll[/size]
[size="2"]21:10:43.0612 1612 SCPolicySvc - ok[/size]
[size="2"]21:10:43.0629 1612 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll[/size]
[size="2"]21:10:43.0633 1612 SDRSVC - ok[/size]
[size="2"]21:10:43.0639 1612 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys[/size]
[size="2"]21:10:43.0640 1612 secdrv - ok[/size]
[size="2"]21:10:43.0653 1612 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll[/size]
[size="2"]21:10:43.0655 1612 seclogon - ok[/size]
[size="2"]21:10:43.0674 1612 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll[/size]
[size="2"]21:10:43.0677 1612 SENS - ok[/size]
[size="2"]21:10:43.0682 1612 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll[/size]
[size="2"]21:10:43.0684 1612 SensrSvc - ok[/size]
[size="2"]21:10:43.0712 1612 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys[/size]
[size="2"]21:10:43.0713 1612 Serenum - ok[/size]
[size="2"]21:10:43.0731 1612 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys[/size]
[size="2"]21:10:43.0733 1612 Serial - ok[/size]
[size="2"]21:10:43.0749 1612 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys[/size]
[size="2"]21:10:43.0750 1612 sermouse - ok[/size]
[size="2"]21:10:43.0827 1612 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[/size]
[size="2"]21:10:43.0835 1612 ServiceLayer - ok[/size]
[size="2"]21:10:43.0861 1612 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll[/size]
[size="2"]21:10:43.0864 1612 SessionEnv - ok[/size]
[size="2"]21:10:43.0872 1612 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys[/size]
[size="2"]21:10:43.0874 1612 sffdisk - ok[/size]
[size="2"]21:10:43.0888 1612 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys[/size]
[size="2"]21:10:43.0889 1612 sffp_mmc - ok[/size]
[size="2"]21:10:43.0906 1612 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys[/size]
[size="2"]21:10:43.0907 1612 sffp_sd - ok[/size]
[size="2"]21:10:43.0924 1612 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys[/size]
[size="2"]21:10:43.0925 1612 sfloppy - ok[/size]
[size="2"]21:10:43.0945 1612 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll[/size]
[size="2"]21:10:43.0951 1612 ShellHWDetection - ok[/size]
[size="2"]21:10:43.0975 1612 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys[/size]
[size="2"]21:10:43.0977 1612 SI3132 - ok[/size]
[size="2"]21:10:43.0982 1612 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys[/size]
[size="2"]21:10:43.0983 1612 SiFilter - ok[/size]
[size="2"]21:10:43.0995 1612 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys[/size]
[size="2"]21:10:43.0996 1612 SiRemFil - ok[/size]
[size="2"]21:10:44.0007 1612 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys[/size]
[size="2"]21:10:44.0009 1612 SiSRaid2 - ok[/size]
[size="2"]21:10:44.0024 1612 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys[/size]
[size="2"]21:10:44.0026 1612 SiSRaid4 - ok[/size]
[size="2"]21:10:44.0061 1612 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe[/size]
[size="2"]21:10:44.0063 1612 SkypeUpdate - ok[/size]
[size="2"]21:10:44.0084 1612 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys[/size]
[size="2"]21:10:44.0084 1612 Smb - ok[/size]
[size="2"]21:10:44.0131 1612 [ 32CDE417100C530964E79C53B4E994CA ] snapman C:\Windows\system32\DRIVERS\snapman.sys[/size]
[size="2"]21:10:44.0147 1612 snapman - ok[/size]
[size="2"]21:10:44.0162 1612 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe[/size]
[size="2"]21:10:44.0162 1612 SNMPTRAP - ok[/size]
[size="2"]21:10:44.0178 1612 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys[/size]
[size="2"]21:10:44.0178 1612 spldr - ok[/size]
[size="2"]21:10:44.0225 1612 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe[/size]
[size="2"]21:10:44.0225 1612 Spooler - ok[/size]
[size="2"]21:10:44.0287 1612 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe[/size]
[size="2"]21:10:44.0349 1612 sppsvc - ok[/size]
[size="2"]21:10:44.0365 1612 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll[/size]
[size="2"]21:10:44.0365 1612 sppuinotify - ok[/size]
[size="2"]21:10:44.0396 1612 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys[/size]
[size="2"]21:10:44.0396 1612 srv - ok[/size]
[size="2"]21:10:44.0412 1612 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys[/size]
[size="2"]21:10:44.0427 1612 srv2 - ok[/size]
[size="2"]21:10:44.0443 1612 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys[/size]
[size="2"]21:10:44.0443 1612 srvnet - ok[/size]
[size="2"]21:10:44.0490 1612 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys[/size]
[size="2"]21:10:44.0490 1612 ssadbus - ok[/size]
[size="2"]21:10:44.0521 1612 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys[/size]
[size="2"]21:10:44.0521 1612 ssadmdfl - ok[/size]
[size="2"]21:10:44.0552 1612 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys[/size]
[size="2"]21:10:44.0568 1612 ssadmdm - ok[/size]
[size="2"]21:10:44.0615 1612 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys[/size]
[size="2"]21:10:44.0615 1612 ssadserd - ok[/size]
[size="2"]21:10:44.0630 1612 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll[/size]
[size="2"]21:10:44.0646 1612 SSDPSRV - ok[/size]
[size="2"]21:10:44.0646 1612 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll[/size]
[size="2"]21:10:44.0646 1612 SstpSvc - ok[/size]
[size="2"]21:10:44.0661 1612 Steam Client Service - ok[/size]
[size="2"]21:10:44.0739 1612 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[/size]
[size="2"]21:10:44.0755 1612 Stereo Service - ok[/size]
[size="2"]21:10:44.0786 1612 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys[/size]
[size="2"]21:10:44.0786 1612 stexstor - ok[/size]
[size="2"]21:10:44.0817 1612 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll[/size]
[size="2"]21:10:44.0833 1612 stisvc - ok[/size]
[size="2"]21:10:44.0864 1612 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys[/size]
[size="2"]21:10:44.0864 1612 storflt - ok[/size]
[size="2"]21:10:44.0895 1612 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys[/size]
[size="2"]21:10:44.0895 1612 storvsc - ok[/size]
[size="2"]21:10:44.0927 1612 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys[/size]
[size="2"]21:10:44.0927 1612 swenum - ok[/size]
[size="2"]21:10:45.0020 1612 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe[/size]
[size="2"]21:10:45.0020 1612 SwitchBoard - ok[/size]
[size="2"]21:10:45.0051 1612 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll[/size]
[size="2"]21:10:45.0051 1612 swprv - ok[/size]
[size="2"]21:10:45.0083 1612 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys[/size]
[size="2"]21:10:45.0083 1612 Synth3dVsc - ok[/size]
[size="2"]21:10:45.0114 1612 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll[/size]
[size="2"]21:10:45.0145 1612 SysMain - ok[/size]
[size="2"]21:10:45.0161 1612 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll[/size]
[size="2"]21:10:45.0176 1612 TabletInputService - ok[/size]
[size="2"]21:10:45.0192 1612 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys[/size]
[size="2"]21:10:45.0192 1612 tap0901 - ok[/size]
[size="2"]21:10:45.0239 1612 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys[/size]
[size="2"]21:10:45.0239 1612 taphss - ok[/size]
[size="2"]21:10:45.0254 1612 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll[/size]
[size="2"]21:10:45.0254 1612 TapiSrv - ok[/size]
[size="2"]21:10:45.0270 1612 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll[/size]
[size="2"]21:10:45.0270 1612 TBS - ok[/size]
[size="2"]21:10:45.0348 1612 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys[/size]
[size="2"]21:10:45.0379 1612 Tcpip - ok[/size]
[size="2"]21:10:45.0410 1612 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys[/size]
[size="2"]21:10:45.0410 1612 TCPIP6 - ok[/size]
[size="2"]21:10:45.0441 1612 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys[/size]
[size="2"]21:10:45.0457 1612 tcpipreg - ok[/size]
[size="2"]21:10:45.0473 1612 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys[/size]
[size="2"]21:10:45.0473 1612 TDPIPE - ok[/size]
[size="2"]21:10:45.0488 1612 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys[/size]
[size="2"]21:10:45.0488 1612 TDTCP - ok[/size]
[size="2"]21:10:45.0519 1612 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys[/size]
[size="2"]21:10:45.0519 1612 tdx - ok[/size]
[size="2"]21:10:45.0535 1612 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys[/size]
[size="2"]21:10:45.0535 1612 TermDD - ok[/size]
[size="2"]21:10:45.0535 1612 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys[/size]
[size="2"]21:10:45.0551 1612 terminpt - ok[/size]
[size="2"]21:10:45.0582 1612 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll[/size]
[size="2"]21:10:45.0597 1612 TermService - ok[/size]
[size="2"]21:10:45.0613 1612 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll[/size]
[size="2"]21:10:45.0613 1612 Themes - ok[/size]
[size="2"]21:10:45.0629 1612 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll[/size]
[size="2"]21:10:45.0629 1612 THREADORDER - ok[/size]
[size="2"]21:10:45.0644 1612 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll[/size]
[size="2"]21:10:45.0644 1612 TrkWks - ok[/size]
[size="2"]21:10:45.0691 1612 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe[/size]
[size="2"]21:10:45.0691 1612 TrustedInstaller - ok[/size]
[size="2"]21:10:45.0707 1612 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys[/size]
[size="2"]21:10:45.0707 1612 tssecsrv - ok[/size]
[size="2"]21:10:45.0722 1612 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys[/size]
[size="2"]21:10:45.0722 1612 TsUsbFlt - ok[/size]
[size="2"]21:10:45.0738 1612 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys[/size]
[size="2"]21:10:45.0738 1612 TsUsbGD - ok[/size]
[size="2"]21:10:45.0753 1612 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys[/size]
[size="2"]21:10:45.0769 1612 tsusbhub - ok[/size]
[size="2"]21:10:45.0769 1612 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys[/size]
[size="2"]21:10:45.0785 1612 tunnel - ok[/size]
[size="2"]21:10:45.0785 1612 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys[/size]
[size="2"]21:10:45.0785 1612 uagp35 - ok[/size]
[size="2"]21:10:45.0816 1612 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys[/size]
[size="2"]21:10:45.0816 1612 udfs - ok[/size]
[size="2"]21:10:45.0831 1612 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe[/size]
[size="2"]21:10:45.0831 1612 UI0Detect - ok[/size]
[size="2"]21:10:45.0863 1612 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys[/size]
[size="2"]21:10:45.0863 1612 uliagpkx - ok[/size]
[size="2"]21:10:45.0878 1612 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys[/size]
[size="2"]21:10:45.0878 1612 umbus - ok[/size]
[size="2"]21:10:45.0894 1612 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys[/size]
[size="2"]21:10:45.0894 1612 UmPass - ok[/size]
[size="2"]21:10:45.0925 1612 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll[/size]
[size="2"]21:10:45.0925 1612 UmRdpService - ok[/size]
[size="2"]21:10:45.0987 1612 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys[/size]
[size="2"]21:10:45.0987 1612 UnlockerDriver5 - ok[/size]
[size="2"]21:10:46.0003 1612 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll[/size]
[size="2"]21:10:46.0019 1612 upnphost - ok[/size]
[size="2"]21:10:46.0050 1612 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys[/size]
[size="2"]21:10:46.0050 1612 upperdev - ok[/size]
[size="2"]21:10:46.0081 1612 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys[/size]
[size="2"]21:10:46.0081 1612 usbaudio - ok[/size]
[size="2"]21:10:46.0112 1612 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys[/size]
[size="2"]21:10:46.0112 1612 usbccgp - ok[/size]
[size="2"]21:10:46.0143 1612 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys[/size]
[size="2"]21:10:46.0143 1612 usbcir - ok[/size]
[size="2"]21:10:46.0175 1612 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys[/size]
[size="2"]21:10:46.0175 1612 usbehci - ok[/size]
[size="2"]21:10:46.0206 1612 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys[/size]
[size="2"]21:10:46.0206 1612 usbhub - ok[/size]
[size="2"]21:10:46.0221 1612 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys[/size]
[size="2"]21:10:46.0221 1612 usbohci - ok[/size]
[size="2"]21:10:46.0253 1612 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys[/size]
[size="2"]21:10:46.0253 1612 usbprint - ok[/size]
[size="2"]21:10:46.0284 1612 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys[/size]
[size="2"]21:10:46.0284 1612 usbser - ok[/size]
[size="2"]21:10:46.0299 1612 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys[/size]
[size="2"]21:10:46.0299 1612 UsbserFilt - ok[/size]
[size="2"]21:10:46.0331 1612 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS[/size]
[size="2"]21:10:46.0346 1612 USBSTOR - ok[/size]
[size="2"]21:10:46.0377 1612 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys[/size]
[size="2"]21:10:46.0377 1612 usbuhci - ok[/size]
[size="2"]21:10:46.0377 1612 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll[/size]
[size="2"]21:10:46.0393 1612 UxSms - ok[/size]
[size="2"]21:10:46.0393 1612 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe[/size]
[size="2"]21:10:46.0393 1612 VaultSvc - ok[/size]
[size="2"]21:10:46.0424 1612 [ 780B472A8392771EF31031BA6238BF9E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys[/size]
[size="2"]21:10:46.0440 1612 VBoxDrv - ok[/size]
[size="2"]21:10:46.0455 1612 [ E705A3A384E7569FA2F1A3A29BDC5240 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys[/size]
[size="2"]21:10:46.0455 1612 VBoxNetAdp - ok[/size]
[size="2"]21:10:46.0487 1612 [ D00756D69EFCFBF90F759D338E4B16EB ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys[/size]
[size="2"]21:10:46.0487 1612 VBoxNetFlt - ok[/size]
[size="2"]21:10:46.0518 1612 [ 815E54E21908488BC545659A76D57D2F ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys[/size]
[size="2"]21:10:46.0518 1612 VBoxUSB - ok[/size]
[size="2"]21:10:46.0549 1612 [ 508CFD271CFDD2B686A0FC5D370070E6 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys[/size]
[size="2"]21:10:46.0549 1612 VBoxUSBMon - ok[/size]
[size="2"]21:10:46.0565 1612 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys[/size]
[size="2"]21:10:46.0565 1612 vdrvroot - ok[/size]
[size="2"]21:10:46.0596 1612 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe[/size]
[size="2"]21:10:46.0596 1612 vds - ok[/size]
[size="2"]21:10:46.0627 1612 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys[/size]
[size="2"]21:10:46.0627 1612 vga - ok[/size]
[size="2"]21:10:46.0643 1612 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys[/size]
[size="2"]21:10:46.0643 1612 VgaSave - ok[/size]
[size="2"]21:10:46.0658 1612 VGPU - ok[/size]
[size="2"]21:10:46.0689 1612 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys[/size]
[size="2"]21:10:46.0689 1612 vhdmp - ok[/size]
[size="2"]21:10:46.0705 1612 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys[/size]
[size="2"]21:10:46.0705 1612 viaide - ok[/size]
[size="2"]21:10:46.0721 1612 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys[/size]
[size="2"]21:10:46.0736 1612 vmbus - ok[/size]
[size="2"]21:10:46.0736 1612 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys[/size]
[size="2"]21:10:46.0752 1612 VMBusHID - ok[/size]
[size="2"]21:10:46.0752 1612 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys[/size]
[size="2"]21:10:46.0752 1612 volmgr - ok[/size]
[size="2"]21:10:46.0767 1612 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys[/size]
[size="2"]21:10:46.0767 1612 volmgrx - ok[/size]
[size="2"]21:10:46.0830 1612 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys[/size]
[size="2"]21:10:46.0830 1612 volsnap - ok[/size]
[size="2"]21:10:46.0861 1612 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys[/size]
[size="2"]21:10:46.0861 1612 vsmraid - ok[/size]
[size="2"]21:10:46.0908 1612 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe[/size]
[size="2"]21:10:46.0939 1612 VSS - ok[/size]
[size="2"]21:10:46.0955 1612 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys[/size]
[size="2"]21:10:46.0955 1612 vwifibus - ok[/size]
[size="2"]21:10:46.0955 1612 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys[/size]
[size="2"]21:10:46.0955 1612 vwififlt - ok[/size]
[size="2"]21:10:46.0986 1612 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys[/size]
[size="2"]21:10:46.0986 1612 vwifimp - ok[/size]
[size="2"]21:10:47.0001 1612 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll[/size]
[size="2"]21:10:47.0001 1612 W32Time - ok[/size]
[size="2"]21:10:47.0017 1612 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys[/size]
[size="2"]21:10:47.0017 1612 WacomPen - ok[/size]
[size="2"]21:10:47.0048 1612 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="2"]21:10:47.0048 1612 WANARP - ok[/size]
[size="2"]21:10:47.0064 1612 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="2"]21:10:47.0064 1612 Wanarpv6 - ok[/size]
[size="2"]21:10:47.0126 1612 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe[/size]
[size="2"]21:10:47.0142 1612 WatAdminSvc - ok[/size]
[size="2"]21:10:47.0173 1612 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe[/size]
[size="2"]21:10:47.0189 1612 wbengine - ok[/size]
[size="2"]21:10:47.0220 1612 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll[/size]
[size="2"]21:10:47.0220 1612 WbioSrvc - ok[/size]
[size="2"]21:10:47.0235 1612 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll[/size]
[size="2"]21:10:47.0235 1612 wcncsvc - ok[/size]
[size="2"]21:10:47.0251 1612 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll[/size]
[size="2"]21:10:47.0251 1612 WcsPlugInService - ok[/size]
[size="2"]21:10:47.0267 1612 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys[/size]
[size="2"]21:10:47.0267 1612 Wd - ok[/size]
[size="2"]21:10:47.0313 1612 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size="2"]21:10:47.0313 1612 Wdf01000 - ok[/size]
[size="2"]21:10:47.0345 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll[/size]
[size="2"]21:10:47.0345 1612 WdiServiceHost - ok[/size]
[size="2"]21:10:47.0345 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll[/size]
[size="2"]21:10:47.0345 1612 WdiSystemHost - ok[/size]
[size="2"]21:10:47.0360 1612 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll[/size]
[size="2"]21:10:47.0376 1612 WebClient - ok[/size]
[size="2"]21:10:47.0376 1612 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll[/size]
[size="2"]21:10:47.0391 1612 Wecsvc - ok[/size]
[size="2"]21:10:47.0391 1612 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll[/size]
[size="2"]21:10:47.0391 1612 wercplsupport - ok[/size]
[size="2"]21:10:47.0407 1612 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll[/size]
[size="2"]21:10:47.0423 1612 WerSvc - ok[/size]
[size="2"]21:10:47.0423 1612 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys[/size]
[size="2"]21:10:47.0423 1612 WfpLwf - ok[/size]
[size="2"]21:10:47.0438 1612 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys[/size]
[size="2"]21:10:47.0438 1612 WIMMount - ok[/size]
[size="2"]21:10:47.0454 1612 WinHttpAutoProxySvc - ok[/size]
[size="2"]21:10:47.0485 1612 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll[/size]
[size="2"]21:10:47.0485 1612 Winmgmt - ok[/size]
[size="2"]21:10:47.0532 1612 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll[/size]
[size="2"]21:10:47.0579 1612 WinRM - ok[/size]
[size="2"]21:10:47.0625 1612 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys[/size]
[size="2"]21:10:47.0625 1612 WinUsb - ok[/size]
[size="2"]21:10:47.0657 1612 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll[/size]
[size="2"]21:10:47.0657 1612 Wlansvc - ok[/size]
[size="2"]21:10:47.0735 1612 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe[/size]
[size="2"]21:10:47.0735 1612 wlcrasvc - ok[/size]
[size="2"]21:10:47.0797 1612 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/size]
[size="2"]21:10:47.0844 1612 wlidsvc - ok[/size]
[size="2"]21:10:47.0859 1612 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys[/size]
[size="2"]21:10:47.0859 1612 WmiAcpi - ok[/size]
[size="2"]21:10:47.0875 1612 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe[/size]
[size="2"]21:10:47.0875 1612 wmiApSrv - ok[/size]
[size="2"]21:10:47.0891 1612 WMPNetworkSvc - ok[/size]
[size="2"]21:10:47.0891 1612 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll[/size]
[size="2"]21:10:47.0906 1612 WPCSvc - ok[/size]
[size="2"]21:10:47.0922 1612 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll[/size]
[size="2"]21:10:47.0922 1612 WPDBusEnum - ok[/size]
[size="2"]21:10:47.0937 1612 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size="2"]21:10:47.0937 1612 ws2ifsl - ok[/size]
[size="2"]21:10:47.0953 1612 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll[/size]
[size="2"]21:10:47.0953 1612 wscsvc - ok[/size]
[size="2"]21:10:47.0969 1612 WSearch - ok[/size]
[size="2"]21:10:48.0015 1612 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys[/size]
[size="2"]21:10:48.0015 1612 WudfPf - ok[/size]
[size="2"]21:10:48.0047 1612 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size="2"]21:10:48.0047 1612 WUDFRd - ok[/size]
[size="2"]21:10:48.0078 1612 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll[/size]
[size="2"]21:10:48.0078 1612 wudfsvc - ok[/size]
[size="2"]21:10:48.0109 1612 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll[/size]
[size="2"]21:10:48.0140 1612 WwanSvc - ok[/size]
[size="2"]21:10:48.0203 1612 ================ Scan global ===============================[/size]
[size="2"]21:10:48.0218 1612 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll[/size]
[size="2"]21:10:48.0234 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll[/size]
[size="2"]21:10:48.0249 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll[/size]
[size="2"]21:10:48.0281 1612 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll[/size]
[size="2"]21:10:48.0312 1612 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe[/size]
[size="2"]21:10:48.0327 1612 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected[/size]
[size="2"]21:10:48.0327 1612 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)[/size]
[size="2"]21:10:48.0327 1612 ================ Scan MBR ==================================[/size]
[size="2"]21:10:48.0343 1612 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0[/size]
[size="2"]21:10:48.0499 1612 \Device\Harddisk0\DR0 - ok[/size]
[size="2"]21:10:48.0499 1612 ================ Scan VBR ==================================[/size]
[size="2"]21:10:48.0515 1612 [ F16EA6A7538BBC8BB193A3534BA3D598 ] \Device\Harddisk0\DR0\Partition1[/size]
[size="2"]21:10:48.0515 1612 \Device\Harddisk0\DR0\Partition1 - ok[/size]
[size="2"]21:10:48.0530 1612 [ 87F916EEF76A94598CC94CE6525C4016 ] \Device\Harddisk0\DR0\Partition2[/size]
[size="2"]21:10:48.0530 1612 \Device\Harddisk0\DR0\Partition2 - ok[/size]
[size="2"]21:10:48.0546 1612 [ 03B4257DDA97D1B1F49138FFB509238E ] \Device\Harddisk0\DR0\Partition3[/size]
[size="2"]21:10:48.0546 1612 \Device\Harddisk0\DR0\Partition3 - ok[/size]
[size="2"]21:10:48.0561 1612 [ 30B1CAC8E760630136A3A09B8B34495C ] \Device\Harddisk0\DR0\Partition4[/size]
[size="2"]21:10:48.0561 1612 \Device\Harddisk0\DR0\Partition4 - ok[/size]
[size="2"]21:10:48.0561 1612 ============================================================[/size]
[size="2"]21:10:48.0561 1612 Scan finished[/size]
[size="2"]21:10:48.0561 1612 ============================================================[/size]
[size="2"]21:10:48.0577 1604 Detected object count: 1[/size]
[size="2"]21:10:48.0577 1604 Actual detected object count: 1[/size]
[size="2"]21:10:55.0956 1604 C:\Windows\system32\services.exe - copied to quarantine[/size]
[size="2"]21:10:56.0471 1604 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine[/size]
[size="2"]21:10:56.0471 1604 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine[/size]
[size="2"]21:10:56.0689 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\@ - copied to quarantine[/size]
[size="2"]21:10:56.0689 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\00000004.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\201d3dde - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@ - copied to quarantine[/size]
[size="2"]21:10:56.0705 1604 C:\Windows\installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@ - copied to quarantine[/size]
[size="2"]21:11:31.0509 1604 Backup copy not found, trying to cure infected file..[/size]
[size="2"]21:11:31.0509 1604 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)[/size]
[size="2"]21:11:31.0509 1604 C:\Windows\system32\services.exe - processing error[/size]
[size="2"]21:11:31.0509 1604 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure [/size]
[size="2"]21:12:49.0761 1488 Deinitialize success[/size]

[size="2"]
[/size]

[size="2"]ESET Log[/size]

[size="2"]C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application[/size]
[size="2"]C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application[/size]
[size="2"]C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.B trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.AW trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0007.dta probably a variant of Win32/Sirefef.FD trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_20.57.54\zasubsys0000\zafs0000\tsk0008.dta a variant of Win64/Sirefef.AN trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AW trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan[/size]
[size="2"]C:\TDSSKiller_Quarantine\10.12.2012_21.09.35\zasubsys0000\zafs0000\tsk0010.dta a variant of Win64/Sirefef.AN trojan[/size]
[size="2"]C:\Users\Sno_opy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\56fed00a-32869c70 Java/TrojanDownloader.Agent.JX trojan[/size]
[size="2"]C:\Users\Public\Documentos Publicos\Corel Draw X5 Keygen [2010] - www.GuruFuel.com.rar a variant of Win32/Keygen.AF application[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@ Win64/Conedex.C trojan[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@ Win64/Agent.BA trojan[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@ Win64/Conedex.B trojan[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@ Win64/Sirefef.AW trojan[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan[/size]
[size="2"]C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@ a variant of Win64/Sirefef.AN trojan[/size]
[size="2"]Operating memory a variant of Win32/Sirefef.EZ trojan[/size]




[size="2"]aswMBR Crash Pic[/size] Posted Image



BC AdBot (Login to Remove)

 


#2 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 December 2012 - 04:09 PM

FRST64 log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012
Ran by SISTEMA at 11-12-2012 09:58:52
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Brazilian
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKU\Administrador\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-21] (Microsoft Corporation)
HKU\Administrador\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Administrador\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKU\Administrador\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [x]
HKU\Administrador\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]
HKU\Administrador\...\Run: [Steam] "E:\Rlyeh\Games\Steam\Steam.exe" -silent [x]
HKU\Administrador\...\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet [x]
HKU\Administrador\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Administrador\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [x]
HKU\Administrador\...\Run: [AdobeBridge] [x]
HKU\Administrador\...\Run: [] [x]
HKU\Administrador\...\Policies\system: [LogonHoursAction] 2
HKU\Administrador\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sno_opy\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Sno_opy\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [9532824 2012-03-26] (Innovative Solutions)
HKU\Sno_opy\...\Run: [EPSON T24 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU" [223232 2008-09-12] (SEIKO EPSON CORPORATION)
HKU\Sno_opy\...\Run: [] [x]
HKU\Sno_opy\...\Run: [AdobeBridge] [x]
HKU\Sno_opy\...\Run: [Facebook Update] "C:\Users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-11-06] (Facebook Inc.)
HKU\Sno_opy\...\Policies\system: [LogonHoursAction] 2
HKU\Sno_opy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Renato\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKU\Renato\...\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [x]
HKU\Renato\...\Run: [EPSON T24 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "C:\Users\Renato\AppData\Local\Temp\E_S974F.tmp" /EF "HKCU" [x]
HKU\Renato\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\Renato\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [x]
HKU\Renato\...\Run: [AdobeBridge] [x]
HKU\Renato\...\Run: [] [x]
HKU\Renato\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKU\Renato\...\Policies\system: [LogonHoursAction] 2
HKU\Renato\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Renato.Nataraja.001\...\Policies\system: [LogonHoursAction] 2
HKU\Renato.Nataraja.001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-04-10] (Google Inc.)
HKU\UpdatusUser\...\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [9532824 2012-03-26] (Innovative Solutions)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Todos os Usuários\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ===================

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [278336 2011-09-19] (NVIDIA)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-28] ()
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-30] (arvato digital services llc)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research)
0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-12] (Oracle Corporation)
4 bdselfpr; [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
4 vsserv; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-11 09:58 - 2012-12-11 09:58 - 00000000 ____D C:\FRST
2012-12-10 20:45 - 2012-12-10 20:45 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 20:44 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-10 19:59 - 2012-12-10 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-10 19:49 - 2012-12-10 20:53 - 00000000 ____D C:\Users\Sno_opy\Desktop\solution
2012-12-08 12:21 - 2012-12-08 12:21 - 00000000 ____D C:\Program Files (x86)\coverXP
2012-12-03 17:50 - 2012-12-03 17:50 - 00291752 ____A C:\Windows\Minidump\120312-38937-01.dmp
2012-11-27 22:20 - 2012-11-27 22:20 - 00000214 ____A C:\Users\Sno_opy\Desktop\Sid Meier's Civilization V (DirectX 11).url
2012-11-23 16:54 - 2012-11-23 16:54 - 00001761 ____A C:\Users\Sno_opy\Desktop\TESVSnip.lnk
2012-11-23 14:10 - 2012-11-23 14:10 - 00001136 ____A C:\Users\Sno_opy\Desktop\Wrye Bash - Skyrim.lnk
2012-11-21 13:28 - 2012-11-21 13:29 - 00001668 ____A C:\Users\Sno_opy\Desktop\TSEV - SKSE.lnk
2012-11-16 11:40 - 2009-03-18 15:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2012-11-16 10:04 - 2012-07-26 01:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 10:04 - 2012-07-26 01:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 10:04 - 2012-07-25 23:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 10:04 - 2012-06-02 11:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 09:59 - 2012-10-08 09:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 09:59 - 2012-10-08 08:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 09:59 - 2012-10-08 08:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 09:59 - 2012-10-08 08:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 09:59 - 2012-10-08 08:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 09:59 - 2012-10-08 08:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 09:59 - 2012-10-08 08:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 09:59 - 2012-10-08 08:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 09:59 - 2012-10-08 08:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 09:59 - 2012-10-08 08:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 09:59 - 2012-10-08 08:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 09:59 - 2012-10-08 08:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 09:59 - 2012-10-08 08:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 09:59 - 2012-10-08 08:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 09:59 - 2012-10-08 08:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 09:59 - 2012-10-08 08:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 09:59 - 2012-10-08 05:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-16 09:59 - 2012-10-08 05:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-16 09:59 - 2012-10-08 04:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-16 09:59 - 2012-10-08 04:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-16 09:59 - 2012-10-08 04:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-16 09:59 - 2012-10-08 04:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-16 09:59 - 2012-10-08 04:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-16 09:59 - 2012-10-08 04:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-16 09:59 - 2012-10-08 04:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-16 09:59 - 2012-10-08 04:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-16 09:59 - 2012-10-08 04:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-16 09:59 - 2012-10-08 04:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-16 09:59 - 2012-10-08 04:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-16 09:59 - 2012-10-08 04:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-16 09:59 - 2012-10-08 04:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-16 09:59 - 2012-10-08 04:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 09:53 - 2012-07-26 00:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 09:53 - 2012-07-26 00:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 09:53 - 2012-07-25 23:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 09:53 - 2012-07-25 23:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 09:53 - 2012-06-02 11:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 08:24 - 2012-10-18 15:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 08:24 - 2012-10-09 15:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-16 08:24 - 2012-10-09 15:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 08:24 - 2012-10-09 14:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 08:24 - 2012-10-09 14:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 08:23 - 2012-10-03 14:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-16 08:23 - 2012-10-03 14:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-16 08:23 - 2012-10-03 14:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-16 08:23 - 2012-10-03 14:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-16 08:23 - 2012-10-03 13:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-16 08:23 - 2012-10-03 13:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-16 08:23 - 2012-09-25 19:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-16 08:23 - 2012-09-25 19:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 08:23 - 2012-01-13 04:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 00:01 - 2012-11-14 00:01 - 00000208 ____A C:\Users\Sno_opy\Desktop\Creation Kit.url
2012-11-13 23:52 - 2012-11-13 23:52 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 19:58 - 2012-11-13 19:58 - 00003067 ____A C:\Users\Sno_opy\Desktop\BOSS Userlist Manager.lnk
2012-11-13 19:58 - 2012-11-13 19:58 - 00000000 ____D C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 12:42 - 2012-11-13 12:42 - 00001510 ____A C:\Users\Sno_opy\Desktop\SBW.lnk
2012-11-13 11:07 - 2012-11-13 11:07 - 00000207 ____A C:\Users\Sno_opy\Desktop\The Elder Scrolls V Skyrim.url
2012-11-13 10:44 - 2012-11-13 10:44 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-11-12 16:27 - 2012-11-12 16:27 - 00000899 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-11-11 18:57 - 2012-11-11 18:57 - 00000000 ____D C:\Program Files (x86)\GameSave Manager v3
2012-11-11 18:56 - 2012-11-11 21:13 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 18:54 - 2012-11-11 18:54 - 00000000 ____D C:\Program Files\LinkShellExtension
2012-11-11 18:44 - 2012-11-11 18:44 - 00000000 ____D C:\Program Files (x86)\Tiggit
2012-11-11 18:06 - 2012-12-10 14:36 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

2012-12-10 20:53 - 2012-12-10 19:49 - 00000000 ____D C:\Users\Sno_opy\Desktop\solution
2012-12-10 20:45 - 2012-12-10 20:45 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 20:44 - 2012-12-10 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 20:35 - 2012-05-03 15:55 - 00256500 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-12-10 20:22 - 2011-04-12 10:40 - 00703370 ____A C:\Windows\System32\prfh0416.dat
2012-12-10 20:22 - 2011-04-12 10:40 - 00146156 ____A C:\Windows\System32\prfc0416.dat
2012-12-10 20:22 - 2009-07-14 02:13 - 01628050 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-10 20:20 - 2012-05-03 15:55 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Apple Computer
2012-12-10 20:10 - 2012-12-10 19:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-12-10 20:04 - 2009-07-14 01:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-10 20:04 - 2009-07-14 01:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-10 19:58 - 2012-11-06 13:08 - 00012997 ____A C:\Windows\SysWOW64\debug.log
2012-12-10 19:42 - 2012-11-06 13:07 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
2012-12-10 19:42 - 2012-11-06 13:07 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
2012-12-10 19:38 - 2012-04-22 23:19 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
2012-12-10 19:34 - 2012-04-22 22:16 - 01161048 ____A C:\Windows\WindowsUpdate.log
2012-12-10 19:08 - 2012-05-03 20:46 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-10 17:43 - 2012-07-12 18:11 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-12-10 17:43 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2012-12-10 17:43 - 2012-07-12 18:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-10 14:36 - 2012-11-11 18:06 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Dropbox
2012-12-10 14:34 - 2012-04-22 22:29 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2012-12-10 14:34 - 2012-04-22 22:29 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-10 14:34 - 2009-07-14 02:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-10 14:34 - 2009-07-14 01:51 - 00087202 ____A C:\Windows\setupact.log
2012-12-10 07:06 - 2012-04-24 11:26 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Adobe
2012-12-08 12:33 - 2012-07-12 18:11 - 00000000 ____D C:\Users\Todos os Usuários\AVG2012
2012-12-08 12:33 - 2012-07-12 18:11 - 00000000 ____D C:\Users\All Users\AVG2012
2012-12-08 12:32 - 2010-11-21 00:47 - 01446314 ____A C:\Windows\PFRO.log
2012-12-08 12:21 - 2012-12-08 12:21 - 00000000 ____D C:\Program Files (x86)\coverXP
2012-12-08 01:37 - 2012-04-22 23:19 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
2012-12-07 18:30 - 2012-04-23 10:35 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Skype
2012-12-07 10:22 - 2012-04-22 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-07 00:20 - 2012-10-02 09:57 - 00007546 ____A C:\Users\Sno_opy\.pia_manager_crash.log
2012-12-05 16:57 - 2012-04-23 11:04 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\vlc
2012-12-04 10:14 - 2012-04-24 11:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-04 10:00 - 2012-04-24 12:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-03 17:50 - 2012-12-03 17:50 - 00291752 ____A C:\Windows\Minidump\120312-38937-01.dmp
2012-12-03 17:50 - 2012-04-23 16:01 - 270892091 ____A C:\Windows\MEMORY.DMP
2012-12-03 17:50 - 2012-04-23 16:01 - 00000000 ____D C:\Windows\Minidump
2012-12-03 15:22 - 2012-04-24 11:27 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2012-12-03 15:22 - 2012-04-24 11:27 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-29 08:49 - 2012-10-01 17:44 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\LogMeIn Hamachi
2012-11-29 01:06 - 2012-04-23 12:01 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\uTorrent
2012-11-28 13:52 - 2012-04-25 19:07 - 00347177 ____A C:\Windows\DirectX.log
2012-11-27 22:20 - 2012-11-27 22:20 - 00000214 ____A C:\Users\Sno_opy\Desktop\Sid Meier's Civilization V (DirectX 11).url
2012-11-27 21:25 - 2009-07-13 23:34 - 00000550 ____A C:\Windows\win.ini
2012-11-26 19:45 - 2012-04-25 13:16 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Skyrim
2012-11-25 07:24 - 2012-04-23 12:05 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-11-23 16:54 - 2012-11-23 16:54 - 00001761 ____A C:\Users\Sno_opy\Desktop\TESVSnip.lnk
2012-11-23 14:10 - 2012-11-23 14:10 - 00001136 ____A C:\Users\Sno_opy\Desktop\Wrye Bash - Skyrim.lnk
2012-11-22 20:51 - 2012-05-15 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-21 13:29 - 2012-11-21 13:28 - 00001668 ____A C:\Users\Sno_opy\Desktop\TSEV - SKSE.lnk
2012-11-20 18:49 - 2012-04-23 10:39 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\Notepad++
2012-11-18 23:13 - 2012-04-22 22:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-18 23:09 - 2012-04-22 22:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-16 11:41 - 2012-04-23 15:48 - 00171616 ____A C:\Users\Sno_opy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-16 11:40 - 2009-07-14 01:45 - 10092696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 11:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-16 10:10 - 2012-04-23 15:42 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2012-11-16 10:10 - 2012-04-23 15:42 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 09:53 - 2012-04-22 22:33 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 00:01 - 2012-11-14 00:01 - 00000208 ____A C:\Users\Sno_opy\Desktop\Creation Kit.url
2012-11-13 23:52 - 2012-11-13 23:52 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 19:59 - 2012-07-27 17:02 - 00000000 ____D C:\Users\Sno_opy\AppData\Local\Surazal
2012-11-13 19:58 - 2012-11-13 19:58 - 00003067 ____A C:\Users\Sno_opy\Desktop\BOSS Userlist Manager.lnk
2012-11-13 19:58 - 2012-11-13 19:58 - 00000000 ____D C:\Program Files (x86)\BOSS Userlist Manager
2012-11-13 12:42 - 2012-11-13 12:42 - 00001510 ____A C:\Users\Sno_opy\Desktop\SBW.lnk
2012-11-13 11:07 - 2012-11-13 11:07 - 00000207 ____A C:\Users\Sno_opy\Desktop\The Elder Scrolls V Skyrim.url
2012-11-13 10:44 - 2012-11-13 10:44 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2012-11-12 16:27 - 2012-11-12 16:27 - 00000899 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-11-12 16:27 - 2012-07-12 21:59 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-11-11 21:13 - 2012-11-11 18:56 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\GameSave Manager 3
2012-11-11 18:57 - 2012-11-11 18:57 - 00000000 ____D C:\Program Files (x86)\GameSave Manager v3
2012-11-11 18:54 - 2012-11-11 18:54 - 00000000 ____D C:\Program Files\LinkShellExtension
2012-11-11 18:44 - 2012-11-11 18:44 - 00000000 ____D C:\Program Files (x86)\Tiggit
2012-11-11 10:01 - 2012-04-24 22:04 - 00000000 ____D C:\Users\Sno_opy\AppData\Roaming\.minecraft


ZeroAccess:
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\00000004.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\L\201d3dde
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000004.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\00000008.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\000000cb.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000000.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000032.@
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-13 19:57:08
Restore point made on: 2012-11-16 09:51:43
Restore point made on: 2012-11-18 23:07:10
Restore point made on: 2012-11-28 13:51:29
Restore point made on: 2012-11-29 01:11:54
Restore point made on: 2012-11-29 08:50:25
Restore point made on: 2012-12-10 19:56:12

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2046.49 MB
Available physical RAM: 1485.46 MB
Total Pagefile: 2046.49 MB
Available Pagefile: 1469.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: (SAHASRARA) (Fixed) (Total:200.61 GB) (Free:123.64 GB) NTFS
3 Drive d: (ANAHATA) (Fixed) (Total:280.16 GB) (Free:130.75 GB) NTFS
4 Drive e: (AJNA) (Fixed) (Total:450.64 GB) (Free:135.31 GB) NTFS
6 Drive h: (20101212) (Removable) (Total:1.87 GB) (Free:0.42 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N§ Disco Status Tam. Livre Din. GPT
-------- ------------- ------- ------- --- ---
Disco 0 Online 931 GB 3072 KB
Disco 1 Online 1913 MB 0 B
Disco 2 Nenhuma m¡dia 0 B 0 B

Partitions of Disk 0:
===============

O disco 0 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 100 MB 1024 KB
Parti‡Æo 2 Prim rio 200 GB 101 MB
Parti‡Æo 0 Estendido 730 GB 200 GB
Parti‡Æo 3 L¢gico 280 GB 200 GB
Parti‡Æo 4 L¢gico 450 GB 480 GB

==================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 07
Oculto: NÆo
Ativo : Sim
Desloc. em Bytes: 1048576

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Reservado p NTFS Parti‡Æo 100 MB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

2 ‚ a parti‡Æo selecionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 105906176

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SAHASRARA NTFS Parti‡Æo 200 GB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

3 ‚ a parti‡Æo selecionada.

Parti‡Æo 3
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 215514873856

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D ANAHATA NTFS Parti‡Æo 280 GB Öntegro

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

4 ‚ a parti‡Æo selecionada.

Parti‡Æo 4
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 516331405312

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E AJNA NTFS Parti‡Æo 450 GB Öntegro

=========================================================

Partitions of Disk 1:
===============

O disco 1 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 1912 MB 252 KB

==================================================================================

Disk: 1
O disco 1 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 06
Oculto: NÆo
Ativo : Sim
Desloc. em Bytes: 258048

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H 20101212 FAT Remov¡vel 1912 MB Öntegro

=========================================================

Last Boot: 2012-10-21 06:55

==================== End Of Log =============================


That's it. Thanks for the help!

Edited by Drak_k, 11 December 2012 - 04:10 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 11 December 2012 - 06:04 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 December 2012 - 07:03 PM

Hi Gringo, thanks for the reply!

Here is the contents for the search.txt


Farbar Recovery Scan Tool (x64) Version: 06-12-2012
Ran by SISTEMA at 2012-12-11 21:46:28
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 20:19] - [2009-07-13 22:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 20:19] - [2009-07-13 22:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 11 December 2012 - 09:36 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 December 2012 - 10:05 PM

Here it goes:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2012
Ran by SISTEMA at 2012-12-12 00:59:03 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{52e952dd-e116-61c5-cd6f-9a3bf61ae1db} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 11 December 2012 - 11:55 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 12 December 2012 - 06:56 AM

Hello,

Thanks for the help!

AdwCleaner hanged when it was 70% or so done. It happened twice. Then I restarted in safety mode and finally could ran the program to the end. Here are the contents of logs #1 and #3 (the contents of #2 have no results).


# AdwCleaner v2.100 - Logfile created 12/12/2012 at 08:17:07
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Sno_opy - NATARAJA
# Boot Mode : Normal
# Running from : C:\Users\Sno_opy\Desktop\solution\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\AF-HSS
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Users\Sno_opy\AppData\Local\Conduit
Folder Deleted : C:\Users\Sno_opy\AppData\LocalLow\AF-HSS
Folder Deleted : C:\Users\Sno_opy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sno_opy\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AF-HSS
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7511D30-DDC0-4FDA-BD4D-58B20054DAC0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AF-HSS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B7511D30-DDC0-4FDA-BD4D-58B20054DAC0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B7511D30-DDC0-4FDA-BD4D-58B20054DAC0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{161DFBF1-741E-4188-8E73-DB4D5C10AC5A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{935F7BF9-2D97-4C13-8D10-D0D3C2F8E2E0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\prefs.js


==================================================================================================================================================



# AdwCleaner v2.100 - Logfile created 12/12/2012 at 09:36:41
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Sno_opy - NATARAJA
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Sno_opy\Desktop\solution\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\prefs.js

Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_6747.url", "hxxp://lt.veoh.com/V[...]
Deleted : user_pref("extensions.opensearch@ask.com.install-event-fired", true);
Deleted : user_pref("extensions.sxipper2.overlayPosition.google.com/hxxps://www.google.com/accounts/ServiceLog[...]
Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Deleted : user_pref("surfcanyon.last_checked_ts", "1266979051670");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Sno_opy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Sno_opy\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4406 octets] - [12/12/2012 08:17:07]
AdwCleaner[S2].txt - [656 octets] - [12/12/2012 09:29:49]
AdwCleaner[S3].txt - [1534 octets] - [12/12/2012 09:36:41]

########## EOF - C:\AdwCleaner[S3].txt - [1594 octets] ##########












Rogue Killer generated 2 reports. Here are both:


RogueKiller V8.4.0 [Dec 12 2012] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Site : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Sno_opy [Privilegios de Admnistrador]
Modo : Verificar -- Data : 12/12/2012 09:43:14

¤¤¤ Entradas ruins : 2 ¤¤¤
[SUSP PATH] rubyw.exe -- C:\Users\Sno_opy\AppData\Local\Temp\ocrB9CC.tmp\bin\rubyw.exe -> FINALIZADO [TermProc]
[SUSP PATH] rubyw.exe -- C:\Users\Sno_opy\AppData\Local\Temp\ocrFA16.tmp\bin\rubyw.exe -> FINALIZADO [TermProc]

¤¤¤ Entradas do Registro : 27 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON T24 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU") -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-21-868034237-4125614927-2153615287-1001[...]\Run : EPSON T24 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU") -> ENCONTRADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {91140000-0011-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-001A-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-00A1-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-006E-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {91140000-0011-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {90140000-001A-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {90140000-00A1-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {90140000-006E-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> ENCONTRADO
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe) -> ENCONTRADO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
[...]


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 EARS-00Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] 54dc3e7deaac1b57b0e4cdd1321f5144
[BSP] bbaadcd474a5f3422ae730697d154aeb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 205429 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 420925440 | Size: 748336 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[1]_S_12122012_02d0943.txt >>
RKreport[1]_S_12122012_02d0943.txt


==================================================================================================================================================



RogueKiller V8.4.0 [Dec 12 2012] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Site : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Sno_opy [Privilegios de Admnistrador]
Modo : Remover -- Data : 12/12/2012 09:44:24

¤¤¤ Entradas ruins : 2 ¤¤¤
[SUSP PATH] rubyw.exe -- C:\Users\Sno_opy\AppData\Local\Temp\ocrB9CC.tmp\bin\rubyw.exe -> FINALIZADO [TermProc]
[SUSP PATH] rubyw.exe -- C:\Users\Sno_opy\AppData\Local\Temp\ocrFA16.tmp\bin\rubyw.exe -> FINALIZADO [TermProc]

¤¤¤ Entradas do Registro : 18 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON T24 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAB.EXE /FU "C:\Windows\TEMP\E_S1A86.tmp" /EF "HKCU") -> DELETADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {91140000-0011-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> DELETADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-001A-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> DELETADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-00A1-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> DELETADO
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90140000-006E-0416-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> DELETADO
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Users\Sno_opy\AppData\Local\Temp\Windows\taskhost.exe) -> SUBSTITUIDO (C:\Windows\system32\userinit.exe,)
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETADO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETADO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> SUBSTITUIDO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> SUBSTITUIDO (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 lm.licenses.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
[...]


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 EARS-00Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] 54dc3e7deaac1b57b0e4cdd1321f5144
[BSP] bbaadcd474a5f3422ae730697d154aeb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 205429 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 420925440 | Size: 748336 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[2]_D_12122012_02d0944.txt >>
RKreport[1]_S_12122012_02d0943.txt ; RKreport[2]_D_12122012_02d0944.txt




#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 12 December 2012 - 01:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 12 December 2012 - 04:22 PM

Hello,

I used ComboFix. The software restarted and hanged then crashed while making the report (I also was waiting for over an hour and half). Should I run it again?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 12 December 2012 - 11:13 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 13 December 2012 - 08:23 AM

Thanks Gringo. In retrospect, I should have ran ComboFix in safe mode, sorry for that.

Anyway, here is the log:


ComboFix 12-12-10.01 - Sno_opy 13/12/2012 10:38:01.2.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1488 [GMT -2:00]
Executando de: c:\users\Sno_opy\Desktop\solution\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
c:\programdata\1335196593.bdinstall.bin
c:\programdata\1335197550.bdinstall.bin
c:\programdata\1335198783.bdinstall.bin
c:\programdata\1342125988.bdinstall.bin
c:\programdata\1342126389.bdinstall.bin
c:\users\Sno_opy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{00BDB157-FBBC-41AF-BE87-76D318627C2E}.xps
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\SET524E.tmp
c:\windows\SysWow64\SET68FF.tmp
c:\windows\SysWow64\SET7DEC.tmp
c:\windows\wininit.ini
F:\Autorun.inf
F:\install.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-13 to 2012-12-13 ))))))))))))))))))))))))))))
.
.
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\UpdatusUser.SNOOPY\AppData\Local\temp
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\Renato\AppData\Local\temp
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\Renato.Nataraja\AppData\Local\temp
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2012-12-12 19:46 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 19:45 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 19:45 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 12:58 . 2012-12-11 12:58 -------- d-----w- C:\FRST
2012-12-10 23:45 . 2012-12-10 23:45 -------- d-----w- c:\users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 23:44 . 2012-12-10 23:44 -------- d-----w- c:\programdata\Malwarebytes
2012-12-10 23:44 . 2012-12-10 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-10 23:44 . 2012-09-29 21:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 22:59 . 2012-12-10 23:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-08 15:21 . 2012-12-08 15:21 -------- d-----w- c:\program files (x86)\coverXP
2012-11-22 23:51 . 2012-11-22 23:51 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-22 23:51 . 2012-11-22 23:51 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-16 14:40 . 2009-03-18 18:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-11-16 13:04 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2012-11-16 13:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 13:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 13:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 12:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 12:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 12:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 12:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 12:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 12:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 12:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 11:24 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 11:24 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 11:24 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 11:24 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 02:52 . 2012-11-14 02:52 -------- d-----w- c:\users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 22:58 . 2012-11-13 22:58 -------- d-----w- c:\program files (x86)\BOSS Userlist Manager
2012-11-13 13:44 . 2012-11-13 13:44 -------- d-----w- c:\program files (x86)\Resource Hacker
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:07 . 2012-04-23 01:33 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 15:13 . 2012-05-03 23:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:13 . 2012-05-03 23:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 16:26 . 2012-10-28 20:44 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-08 16:26 . 2012-10-28 20:04 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-07 19:22 . 2012-10-28 20:04 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-28 20:45 . 2012-10-28 20:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38 . 2012-11-28 11:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 23:23 . 2012-10-10 23:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 23:23 . 2012-10-10 23:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 23:23 . 2012-10-10 23:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 23:23 . 2012-10-10 23:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 23:23 . 2012-10-10 23:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 23:23 . 2012-10-10 23:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 23:23 . 2012-10-10 23:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 23:23 . 2012-04-23 01:28 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 23:23 . 2012-10-10 23:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 23:23 . 2012-10-10 23:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 23:23 . 2012-10-10 23:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 23:22 . 2012-10-10 23:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 23:22 . 2012-10-10 23:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 23:22 . 2012-04-23 01:28 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 23:22 . 2012-10-10 23:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 23:22 . 2012-10-10 23:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 23:22 . 2012-10-10 23:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 23:22 . 2012-10-10 23:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 23:22 . 2012-10-10 23:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:40 . 2012-12-12 19:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-04-23 01:29 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-04-23 01:29 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-23 01:29 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-05-22 16:17 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-04-23 01:29 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-23 01:29 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-23 01:29 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 15:15 . 2012-10-02 15:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-01 19:44 . 2012-10-01 19:44 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-09-25 01:16 . 2012-10-22 19:06 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-26 9532824]
"Facebook Update"="c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
.
c:\users\Sno_opy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-5 26619512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-25 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
R3 PGR1394b;PGR IEEE 1394 Bus host controllers;c:\windows\system32\DRIVERS\PGR1394.sys [2008-03-14 88064]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-04-12 117040]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:13]
.
2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
- c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-06 22:36]
.
2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
- c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-06 22:36]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
- c:\users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23 12:44]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
- c:\users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23 12:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vcvIsaaxyAA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-868034237-4125614927-2153615287-1001\Software\SecuROM\License information*]
"datasecu"=hex:a4,b1,ad,cf,d2,8c,d4,79,28,4b,c9,8e,6a,89,7f,ee,d4,68,58,16,17,
98,67,d5,fc,8c,49,02,6c,19,ef,82,8d,c9,bb,83,bd,84,08,14,9b,a4,9c,ea,6b,e2,\
"rkeysecu"=hex:b5,81,9d,fa,43,fd,00,98,5a,21,97,03,c6,1a,32,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:d1,99,57,50,7c,65,98,1c,a5,fb,4d,92,13,b5,3c,5e,3a,69,73,b7,df,
03,78,d1,99,4d,e0,aa,90,6a,c7,18,65,79,ef,92,02,d9,14,70,ca,6f,54,2e,a7,17,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:d1,99,57,50,7c,65,98,1c,a5,fb,4d,92,13,b5,3c,5e,3a,69,73,b7,df,
03,78,d1,99,4d,e0,aa,90,6a,c7,18,65,79,ef,92,02,d9,14,70,ca,6f,54,2e,a7,17,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-12-13 10:51:52
ComboFix-quarantined-files.txt 2012-12-13 12:51
.
Pré-execução: 136.294.170.624 bytes disponíveis
Pós execução: 135.544.131.584 bytes disponíveis
.
- - End Of File - - C119F1BAD949A0D0083DD14AAAAC57BB




So far no problems. I can access google, facebook and other sites (that the virus was blocking) fine. Should I re-scan my computer just to be safe? Or all of this procedure remove all of the trojans? Also, how this virus spread? I mean is it through a file or visiting websites? Thanks for the help!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 13 December 2012 - 08:36 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Drak_k

Drak_k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 13 December 2012 - 09:46 AM

Hey Gringo here is the log:


ComboFix 12-12-10.01 - Sno_opy 13/12/2012 12:08:47.3.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1411 [GMT -2:00]
Executando de: c:\users\Sno_opy\Desktop\solution\ComboFix.exe
Comandos utilizados :: c:\users\Sno_opy\Desktop\solution\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-13 to 2012-12-13 ))))))))))))))))))))))))))))
.
.
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\UpdatusUser.SNOOPY\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Renato\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Renato.Nataraja\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Renato.Nataraja.000\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Renato 2\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 14:20 . 2012-12-13 14:20 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2012-12-13 13:03 . 2012-12-13 13:03 -------- d-----w- c:\program files (x86)\MagicDisc
2012-12-13 13:03 . 2009-02-24 20:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-12-12 19:46 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 19:45 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 19:45 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 12:58 . 2012-12-11 12:58 -------- d-----w- C:\FRST
2012-12-10 23:45 . 2012-12-10 23:45 -------- d-----w- c:\users\Sno_opy\AppData\Roaming\Malwarebytes
2012-12-10 23:44 . 2012-12-10 23:44 -------- d-----w- c:\programdata\Malwarebytes
2012-12-10 23:44 . 2012-12-10 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-10 23:44 . 2012-09-29 21:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 22:59 . 2012-12-10 23:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-08 15:21 . 2012-12-08 15:21 -------- d-----w- c:\program files (x86)\coverXP
2012-11-22 23:51 . 2012-11-22 23:51 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-22 23:51 . 2012-11-22 23:51 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-16 14:40 . 2009-03-18 18:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-11-16 13:04 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2012-11-16 13:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 13:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 13:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 12:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 12:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 12:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 12:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 12:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 12:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 12:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 11:24 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 11:24 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 11:24 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 11:24 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 02:52 . 2012-11-14 02:52 -------- d-----w- c:\users\Sno_opy\AppData\Local\TESVSnip
2012-11-13 22:58 . 2012-11-13 22:58 -------- d-----w- c:\program files (x86)\BOSS Userlist Manager
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:07 . 2012-04-23 01:33 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 15:13 . 2012-05-03 23:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:13 . 2012-05-03 23:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 16:26 . 2012-10-28 20:44 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-08 16:26 . 2012-10-28 20:04 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-07 19:22 . 2012-10-28 20:04 270408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-28 20:45 . 2012-10-28 20:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38 . 2012-11-28 11:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 23:23 . 2012-10-10 23:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 23:23 . 2012-10-10 23:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 23:23 . 2012-10-10 23:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 23:23 . 2012-10-10 23:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 23:23 . 2012-10-10 23:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 23:23 . 2012-10-10 23:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 23:23 . 2012-10-10 23:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 23:23 . 2012-04-23 01:28 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 23:23 . 2012-10-10 23:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 23:23 . 2012-10-10 23:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 23:23 . 2012-10-10 23:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 23:22 . 2012-10-10 23:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 23:22 . 2012-10-10 23:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 23:22 . 2012-04-23 01:28 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 23:22 . 2012-10-10 23:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 23:22 . 2012-10-10 23:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 23:22 . 2012-10-10 23:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 23:22 . 2012-10-10 23:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 23:22 . 2012-10-10 23:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:40 . 2012-12-12 19:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-04-23 01:29 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-04-23 01:29 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-23 01:29 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-05-22 16:17 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-04-23 01:29 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-23 01:29 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-23 01:29 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 15:15 . 2012-10-02 15:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-01 19:44 . 2012-10-01 19:44 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-09-25 01:16 . 2012-10-22 19:06 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-26 9532824]
"Facebook Update"="c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
.
c:\users\Sno_opy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-5 26619512]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-12-13 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-25 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-10 16032]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-10 50208]
R3 PGR1394b;PGR IEEE 1394 Bus host controllers;c:\windows\system32\DRIVERS\PGR1394.sys [2008-03-14 88064]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-04-12 117040]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:13]
.
2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
- c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-06 22:36]
.
2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
- c:\users\Sno_opy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-06 22:36]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001Core.job
- c:\users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23 12:44]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868034237-4125614927-2153615287-1001UA.job
- c:\users\Sno_opy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23 12:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 97792 ----a-w- c:\users\Sno_opy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sno_opy\AppData\Roaming\Mozilla\Firefox\Profiles\lm88p65i.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vcvIsaaxyAA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-868034237-4125614927-2153615287-1001\Software\SecuROM\License information*]
"datasecu"=hex:a4,b1,ad,cf,d2,8c,d4,79,28,4b,c9,8e,6a,89,7f,ee,d4,68,58,16,17,
98,67,d5,fc,8c,49,02,6c,19,ef,82,8d,c9,bb,83,bd,84,08,14,9b,a4,9c,ea,6b,e2,\
"rkeysecu"=hex:b5,81,9d,fa,43,fd,00,98,5a,21,97,03,c6,1a,32,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:d1,99,57,50,7c,65,98,1c,a5,fb,4d,92,13,b5,3c,5e,3a,69,73,b7,df,
03,78,d1,99,4d,e0,aa,90,6a,c7,18,65,79,ef,92,02,d9,14,70,ca,6f,54,2e,a7,17,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:d1,99,57,50,7c,65,98,1c,a5,fb,4d,92,13,b5,3c,5e,3a,69,73,b7,df,
03,78,d1,99,4d,e0,aa,90,6a,c7,18,65,79,ef,92,02,d9,14,70,ca,6f,54,2e,a7,17,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-12-13 12:23:18
ComboFix-quarantined-files.txt 2012-12-13 14:23
ComboFix2.txt 2012-12-13 12:51
.
Pré-execução: 135.705.538.560 bytes disponíveis
Pós execução: 135.319.842.816 bytes disponíveis
.
- - End Of File - - 68EC3DA0E0F1498F2593F8A03A6BA903

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 13 December 2012 - 02:20 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users