View Full Version : Help with Malware Removal
pedrodsky1
2011-03-19, 15:10
Hope you can help me with this problem.A friend of mine tried to formatted my netbook,which was known already as having malware.
this is the log of DDS
DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 13:50:37,40 on 19-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.139 [GMT 0:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wgaer_m.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Joao\Downloads\dds.scr
============== Pseudo HJT Report ===============
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
=============== Created Last 30 ================
2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 13:32 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2011-03-17 13:32 1,303 a------- c:\windows\system32\WGAScanner.xml
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 04:05 326,160 a------- c:\windows\system32\PresentationHost.exe
2011-03-17 03:53 96,760 a------- c:\windows\system32\dfshim.dll
2011-03-17 03:53 282,112 a------- c:\windows\system32\mscoree.dll
2011-03-17 03:53 41,984 a------- c:\windows\system32\netfxperf.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\netevent.dll
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 376,832 a------- c:\windows\system32\winhttp.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 738,304 a------- c:\windows\system32\inetcomm.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:03 <DIR> --d----- c:\program files\AVG
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
==================== Find3M ====================
2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:57:05,99 ===============
Hi,
Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806) (ran ComboFix though it shouldn't be used without supervision).
Look for c:\ComboFix.txt file and post back its contents. What are the existing symptoms?
pedrodsky1
2011-03-20, 23:50
thanks for your reply.the laptop opens windows of "windows explorer" all the time.Also noticed that opens the "search finder" in any browser(firefox,IE,etc).
here´s the combofix log
ComboFix 11-03-15.02 - Joao 17-03-2011 1:41.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.230 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-17 to 2011-03-17 ))))))))))))))))))))))))))))
.
.
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 01:50 . 2011-03-17 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 01:33 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-17 01:17 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-03-17 01:17 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-03-17 01:17 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-03-17 01:17 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-17 01:16 . 2011-03-17 01:16 -------- d-----w- c:\windows\system32\Macromed
2011-03-17 01:16 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\windows\system32\nn-NO
2011-03-17 01:07 . 2009-09-14 10:00 61440 ----a-w- c:\windows\system32\athihvui.dll
2011-03-17 01:07 . 2009-09-14 10:00 397312 ----a-w- c:\windows\system32\athihvs.dll
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\athr.sys
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Atheros
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Cisco
2011-03-17 01:07 . 2011-03-17 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-03-17 01:06 . 2011-03-17 01:07 -------- d-sh--w- c:\windows\Installer
2011-03-17 01:06 . 2011-03-17 01:08 -------- d-----w- c:\programdata\Atheros
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- c:\windows\system32\Lang
2011-03-17 01:02 . 2009-08-14 15:12 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-03-17 01:02 . 2006-11-10 09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- C:\Intel
2011-03-17 00:56 . 2011-03-17 01:08 -------- d-----w- c:\users\Joao
2011-03-17 00:55 . 2011-03-17 00:59 -------- d-----w- c:\windows\Debug
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - NATIVEWIFIP
*NewlyCreated* - NDISUIO
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 01:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2011-03-17 01:58:02
ComboFix-quarantined-files.txt 2011-03-17 01:57
.
Pré-execução: 65.461.342.208 bytes free
Pós execução: 65.410.342.912 bytes free
.
- - End Of File - - 50B5F74053338761DBABE38F8FBCFCBD
Hi,
Run ComboFix again and let it update itself when prompted. Post back the report.
pedrodsky1
2011-03-21, 12:44
Hi,this is the new report
ComboFix 11-03-15.02 - Joao 21-03-2011 11:37:00.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.255 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- MODO DE FUNCIONALIDADE REDUZIDA -
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 11:39
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 11:42:09
ComboFix-quarantined-files.txt 2011-03-21 11:42
.
Pré-execução: 49.704.931.328 bytes free
Pós execução: 50.006.245.376 bytes free
.
- - End Of File - - 2E7CE6EFBD2E02DFC6C08CB93917E456
Hi,
Please download ComboFix here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop and run it. Post back the report.
pedrodsky1
2011-03-21, 20:46
ComboFix 11-03-21.01 - Joao 21-03-2011 19:15:23.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.352 [GMT 0:00]
Executando de: c:\users\Joao\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
A cópia de c:\windows\system32\Version.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 19:26 . 2011-03-21 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 19:30
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 19:36:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-03-21 19:36
ComboFix2.txt 2011-03-21 11:42
.
Pré-execução: 49.113.538.560 bytes free
Pós execução: 48.882.683.904 bytes free
.
- - End Of File - - 5768FE3CBD9014D2E5EABDF70F468D03
Hi again,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file + fresh dds.txt in your next reply.
Are the symptoms still present?
pedrodsky1
2011-03-22, 00:11
the symptons are still present.
mbam log:
´Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6121
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
21-03-2011 22:30:59
mbam-log-2011-03-21 (22-30-59).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 268172
Time elapsed: 2 hour(s), 14 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
dds log
DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 23:05:41,59 on 21-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.245 [GMT 0:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds.scr
============== Pseudo HJT Report ===============
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-03-21 20:13 <DIR> --d----- c:\users\joao\appdata\roaming\Malwarebytes
2011-03-21 20:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 20:12 <DIR> --d----- c:\programdata\Malwarebytes
2011-03-21 20:12 <DIR> --d----- c:\progra~2\Malwarebytes
2011-03-21 20:12 20,952 a------- c:\windows\system32\drivers\mbam.sys
2011-03-21 20:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 19:59 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-21 19:57 <DIR> --d----- c:\program files\AVG
2011-03-21 19:47 222,080 -------- c:\windows\system32\MpSigStub.exe
2011-03-21 19:28 <DIR> --d----- C:\$RECYCLE.BIN
2011-03-20 15:29 233,888 a------- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 <DIR> --d----- c:\program files\BitLocker
2011-03-20 15:25 711 a------- c:\windows\system32\CPSOKBTasks.xml
2011-03-20 15:25 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 675,152 a------- c:\windows\system32\gpprefcl.dll
2011-03-20 15:19 332,682 a------- c:\windows\system32\prfi0816.dat
2011-03-20 15:19 654,866 a------- c:\windows\system32\prfh0816.dat
2011-03-20 15:19 129,702 a------- c:\windows\system32\prfc0816.dat
2011-03-20 15:19 39,514 a------- c:\windows\system32\prfd0816.dat
2011-03-20 15:17 <DIR> --d----- c:\windows\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\0816
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\pt
2011-03-19 14:01 303,616 a------- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 125,952 a------- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 101,888 a------- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 145,408 a------- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 17,920 a------- c:\windows\system32\netevent.dll
2011-03-19 14:01 420,352 a------- c:\windows\system32\vbscript.dll
2011-03-19 14:01 378,368 a------- c:\windows\system32\winhttp.dll
2011-03-19 14:00 738,816 a------- c:\windows\system32\inetcomm.dll
2011-03-19 13:36 295,264 a------- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 1,130,824 a------- c:\windows\system32\dfshim.dll
2011-03-19 13:36 297,808 a------- c:\windows\system32\mscoree.dll
2011-03-19 13:36 49,472 a------- c:\windows\system32\netfxperf.dll
2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
==================== Find3M ====================
2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat
2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat
2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 23:07:21,93 ===============
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
pedrodsky1
2011-03-22, 10:12
this is the TDSSKiller log,the laptop remains the same,with erratic behaviour.
2011/03/22 09:05:24.0659 1924 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 09:05:25.0080 1924 ================================================================================
2011/03/22 09:05:25.0080 1924 SystemInfo:
2011/03/22 09:05:25.0080 1924
2011/03/22 09:05:25.0080 1924 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/22 09:05:25.0080 1924 Product type: Workstation
2011/03/22 09:05:25.0080 1924 ComputerName: JOAO-PC
2011/03/22 09:05:25.0080 1924 UserName: Joao
2011/03/22 09:05:25.0080 1924 Windows directory: C:\Windows
2011/03/22 09:05:25.0080 1924 System windows directory: C:\Windows
2011/03/22 09:05:25.0080 1924 Processor architecture: Intel x86
2011/03/22 09:05:25.0080 1924 Number of processors: 2
2011/03/22 09:05:25.0080 1924 Page size: 0x1000
2011/03/22 09:05:25.0080 1924 Boot type: Normal boot
2011/03/22 09:05:25.0080 1924 ================================================================================
2011/03/22 09:05:26.0219 1924 Initialize success
2011/03/22 09:05:32.0428 3776 ================================================================================
2011/03/22 09:05:32.0428 3776 Scan started
2011/03/22 09:05:32.0428 3776 Mode: Manual;
2011/03/22 09:05:32.0428 3776 ================================================================================
2011/03/22 09:05:35.0392 3776 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/22 09:05:36.0577 3776 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/22 09:05:37.0295 3776 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/22 09:05:38.0605 3776 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/22 09:05:39.0604 3776 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/22 09:05:40.0477 3776 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/22 09:05:40.0992 3776 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/22 09:05:41.0413 3776 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/22 09:05:41.0819 3776 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/22 09:05:42.0240 3776 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/22 09:05:42.0677 3776 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/22 09:05:43.0098 3776 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/22 09:05:43.0550 3776 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/22 09:05:44.0065 3776 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/22 09:05:44.0502 3776 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/22 09:05:45.0095 3776 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/22 09:05:45.0516 3776 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/22 09:05:45.0968 3776 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/03/22 09:05:46.0561 3776 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/22 09:05:46.0967 3776 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/22 09:05:47.0357 3776 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/22 09:05:47.0762 3776 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/03/22 09:05:48.0184 3776 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/03/22 09:05:48.0605 3776 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/03/22 09:05:48.0995 3776 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/03/22 09:05:49.0416 3776 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/03/22 09:05:49.0915 3776 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/22 09:05:50.0368 3776 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/22 09:05:50.0820 3776 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/22 09:05:51.0226 3776 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/22 09:05:51.0647 3776 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/22 09:05:52.0115 3776 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/22 09:05:52.0536 3776 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/22 09:05:52.0957 3776 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/22 09:05:53.0378 3776 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/22 09:05:53.0815 3776 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/22 09:05:54.0314 3776 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/22 09:05:54.0736 3776 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/22 09:05:55.0188 3776 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/22 09:05:55.0516 3776 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/22 09:05:55.0984 3776 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/22 09:05:56.0452 3776 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/22 09:05:56.0842 3776 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/22 09:05:57.0325 3776 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/22 09:05:57.0762 3776 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/22 09:05:58.0230 3776 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/03/22 09:05:59.0135 3776 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/22 09:05:59.0712 3776 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/22 09:06:00.0258 3776 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/22 09:06:00.0726 3776 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/22 09:06:01.0178 3776 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/22 09:06:01.0834 3776 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/22 09:06:02.0380 3776 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/22 09:06:02.0848 3776 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/22 09:06:03.0378 3776 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/22 09:06:04.0252 3776 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/22 09:06:04.0720 3776 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/22 09:06:05.0219 3776 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/22 09:06:05.0624 3776 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/22 09:06:06.0092 3776 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/22 09:06:06.0748 3776 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/22 09:06:07.0247 3776 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/22 09:06:07.0715 3776 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/22 09:06:08.0105 3776 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/22 09:06:08.0542 3776 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/22 09:06:09.0025 3776 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/22 09:06:09.0415 3776 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/22 09:06:09.0836 3776 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/22 09:06:10.0304 3776 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/22 09:06:10.0788 3776 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/22 09:06:11.0209 3776 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/03/22 09:06:11.0771 3776 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/22 09:06:12.0208 3776 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/22 09:06:12.0894 3776 ialm (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/22 09:06:13.0518 3776 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/22 09:06:14.0158 3776 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/22 09:06:14.0641 3776 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/22 09:06:15.0218 3776 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/22 09:06:15.0671 3776 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/22 09:06:16.0139 3776 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/22 09:06:17.0012 3776 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/22 09:06:17.0434 3776 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/22 09:06:17.0870 3776 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/22 09:06:18.0292 3776 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/22 09:06:18.0760 3776 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/22 09:06:19.0150 3776 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/22 09:06:19.0586 3776 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/22 09:06:20.0008 3776 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/22 09:06:20.0460 3776 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/22 09:06:20.0959 3776 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/22 09:06:21.0443 3776 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/22 09:06:21.0911 3776 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/22 09:06:22.0316 3776 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/22 09:06:22.0738 3776 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/22 09:06:23.0206 3776 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/22 09:06:23.0658 3776 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/22 09:06:24.0095 3776 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/22 09:06:24.0516 3776 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/22 09:06:24.0937 3776 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/22 09:06:25.0358 3776 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/22 09:06:25.0780 3776 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/03/22 09:06:26.0263 3776 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/22 09:06:26.0700 3776 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/22 09:06:27.0106 3776 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/22 09:06:27.0527 3776 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/22 09:06:27.0964 3776 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/22 09:06:28.0400 3776 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/22 09:06:28.0837 3776 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/22 09:06:29.0274 3776 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/22 09:06:29.0711 3776 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/22 09:06:30.0132 3776 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/22 09:06:30.0631 3776 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/22 09:06:31.0068 3776 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/22 09:06:31.0520 3776 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/22 09:06:31.0942 3776 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/22 09:06:32.0363 3776 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/22 09:06:32.0784 3776 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/22 09:06:33.0236 3776 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/22 09:06:33.0782 3776 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/22 09:06:34.0250 3776 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/22 09:06:34.0687 3776 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/22 09:06:35.0171 3776 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/22 09:06:35.0623 3776 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/22 09:06:36.0076 3776 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/22 09:06:36.0512 3776 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/22 09:06:36.0965 3776 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/22 09:06:37.0370 3776 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/22 09:06:37.0823 3776 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/22 09:06:38.0353 3776 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/22 09:06:38.0821 3776 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/22 09:06:39.0289 3776 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/22 09:06:39.0757 3776 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/22 09:06:40.0194 3776 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/22 09:06:40.0631 3776 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/22 09:06:41.0099 3776 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/22 09:06:41.0536 3776 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/22 09:06:41.0972 3776 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/22 09:06:43.0252 3776 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/22 09:06:43.0766 3776 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/22 09:06:44.0188 3776 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/22 09:06:44.0593 3776 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/22 09:06:45.0061 3776 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/22 09:06:45.0482 3776 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/22 09:06:45.0904 3776 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/22 09:06:46.0387 3776 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/22 09:06:47.0105 3776 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/22 09:06:47.0573 3776 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/22 09:06:48.0072 3776 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/22 09:06:48.0556 3776 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/22 09:06:49.0055 3776 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/22 09:06:49.0476 3776 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/22 09:06:49.0897 3776 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/22 09:06:50.0396 3776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/22 09:06:50.0864 3776 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/22 09:06:51.0317 3776 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/22 09:06:51.0754 3776 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/22 09:06:52.0175 3776 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/22 09:06:52.0627 3776 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/03/22 09:06:53.0048 3776 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/22 09:06:53.0516 3776 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/22 09:06:54.0000 3776 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/22 09:06:54.0421 3776 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/22 09:06:54.0905 3776 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/22 09:06:55.0342 3776 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/22 09:06:55.0763 3776 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/22 09:06:56.0184 3776 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/22 09:06:56.0683 3776 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/22 09:06:57.0089 3776 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/22 09:06:57.0541 3776 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/22 09:06:58.0009 3776 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/22 09:06:58.0493 3776 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/22 09:06:58.0930 3776 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/22 09:06:59.0382 3776 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/22 09:06:59.0959 3776 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/22 09:07:00.0443 3776 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/22 09:07:00.0895 3776 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/03/22 09:07:01.0348 3776 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/22 09:07:01.0800 3776 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/22 09:07:02.0315 3776 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/22 09:07:02.0736 3776 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/22 09:07:03.0142 3776 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/22 09:07:03.0563 3776 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/22 09:07:04.0124 3776 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/03/22 09:07:04.0577 3776 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/22 09:07:04.0982 3776 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/22 09:07:05.0388 3776 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/22 09:07:05.0825 3776 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/22 09:07:06.0246 3776 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/22 09:07:06.0667 3776 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/22 09:07:07.0166 3776 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/22 09:07:07.0572 3776 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/22 09:07:07.0978 3776 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/22 09:07:08.0414 3776 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/22 09:07:08.0836 3776 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/22 09:07:09.0335 3776 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/22 09:07:09.0740 3776 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/22 09:07:10.0146 3776 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/22 09:07:10.0552 3776 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/22 09:07:10.0988 3776 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/22 09:07:11.0550 3776 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/22 09:07:11.0971 3776 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/22 09:07:12.0392 3776 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/22 09:07:12.0814 3776 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/22 09:07:13.0219 3776 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/22 09:07:13.0609 3776 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/22 09:07:14.0030 3776 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/22 09:07:14.0467 3776 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/22 09:07:14.0951 3776 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/22 09:07:15.0419 3776 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/22 09:07:15.0840 3776 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/22 09:07:16.0246 3776 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/22 09:07:16.0651 3776 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/22 09:07:17.0088 3776 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/22 09:07:17.0494 3776 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/22 09:07:17.0915 3776 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/22 09:07:18.0336 3776 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/22 09:07:18.0757 3776 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/22 09:07:19.0241 3776 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/22 09:07:19.0662 3776 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 09:07:19.0756 3776 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 09:07:20.0192 3776 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/22 09:07:20.0629 3776 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/22 09:07:21.0284 3776 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/22 09:07:21.0799 3776 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/22 09:07:22.0330 3776 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/22 09:07:22.0501 3776 ================================================================================
2011/03/22 09:07:22.0501 3776 Scan finished
2011/03/22 09:07:22.0501 3776 ================================================================================
2011/03/22 09:09:21.0525 2240 Deinitialize success
Hi,
Please post some screenshots showing those remaining symptoms.
pedrodsky1
2011-03-22, 16:26
here are two screenshots attached.it keep opening the searching field on firefox,and the searching field in windows explorer.
thanks for your patience
So, it opens those windows without pressing any button? Have you checked that there's not a key stuck?
pedrodsky1
2011-03-22, 19:33
no,in fact usually it opens 5 windows each time or more
Hi,
Could you tell me if there were any other symptoms than this in the beginning and when did the issue pop up first time?
pedrodsky1
2011-03-23, 01:23
Hello,in fact i dont know,but the weird is that the laptop was already formatted and still shows the same symptoms
That indicates some other than malware issue. Reformat would namely wipe all existing stuff away. Also, logs don't show any infection signs.
pedrodsky1
2011-03-23, 09:06
ok,thanks for your help
You're welcome. If you're sure there's nothing pressing keyboard buttons down (sticky keys etc) then you may create a topic about the issue at Tech Support Guy (http://forums.techguy.org) for example. Like I said, if the problem was malware caused it should had disappeared when you had reformat done.