Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with IE redirects


  • Please log in to reply
13 replies to this topic

#1 Maria Irene

Maria Irene

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 18 September 2011 - 03:46 PM

Hi,

I'm running Vista.
I run avast!.

Since a couple of days avast! is telling me that it blocked an IP. Frequently!
The IP is the following:

64.111.211.189

That, indeed, is not a big problem, but since avast! is doing so, the Internet Explorer runs in the TaskManager, although I do not use the IE. My favorite browser is the Firefox and now it is crashing after a while, despite I'm running it before the IE appears in the TaskManager. (for that I placed the Firefox into the autostart-folder)

I installed Malwarebyte's, but it didn't find anything.

Any ideas?

Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 18 September 2011 - 05:34 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 19 September 2011 - 11:12 AM

Hi Broni,

thousand thanks for your quick reply!
here are the logs:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.152.32
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


MiniToolBox by Farbar
Ran by m (administrator) on 19-09-2011 at 16:56:36
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global
add address name="LAN-Verbindung" address=192.168.0.1


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : Maria
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Gemischt
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein

PPP-Adapter Internet:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Internet
Physikalische Adresse . . . . . . :
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 10.177.46.64(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.255
Standardgateway . . . . . . . . . : 0.0.0.0
DNS-Server . . . . . . . . . . . : 212.23.97.3
212.23.97.2
Prim„rer WINS-Server. . . . . . . : 10.11.12.13
Sekund„rer WINS-Server. . . . . . : 10.11.12.14
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physikalische Adresse . . . . . . : 00-21-63-26-0A-46
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
Physikalische Adresse . . . . . . : 00-13-77-9D-20-D8
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung*:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{F198678E-877D-4379-8EF4-FD9B21FE7F17}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 7:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{FD7EA437-5E69-4B04-8171-AD771DF16B28}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 9:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 02-00-54-55-4E-01
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:244f:2052:f54e:d1bf(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::244f:2052:f54e:d1bf%10(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter LAN-Verbindung* 12:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 13:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 17:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : 6TO4 Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 20:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 21:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 23:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 24:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 25:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : 6TO4 Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 26:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #12
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Server: ns02sn1.eplus.de
Address: 212.23.97.3

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.39.99
74.125.39.103
74.125.39.105
74.125.39.147
74.125.39.104
74.125.39.106



Ping wird ausgefhrt fr google.com [74.125.39.106] mit 32 Bytes Daten:

Antwort von 74.125.39.106: Bytes=32 Zeit=287ms TTL=52

Antwort von 74.125.39.106: Bytes=32 Zeit=270ms TTL=52



Ping-Statistik fr 74.125.39.106:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 270ms, Maximum = 287ms, Mittelwert = 278ms

Server: ns02sn1.eplus.de
Address: 212.23.97.3

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76



Ping wird ausgefhrt fr yahoo.com [67.195.160.76] mit 32 Bytes Daten:

Antwort von 67.195.160.76: Bytes=32 Zeit=426ms TTL=51

Antwort von 67.195.160.76: Bytes=32 Zeit=313ms TTL=51



Ping-Statistik fr 67.195.160.76:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 313ms, Maximum = 426ms, Mittelwert = 369ms



Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128



Ping-Statistik fr 127.0.0.1:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms

===========================================================================
Schnittstellenliste
36 ........................... Internet
9 ...00 21 63 26 0a 46 ...... Atheros AR5007EG Wireless Network Adapter
8 ...00 13 77 9d 20 d8 ...... Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
25 ...00 00 00 00 00 00 00 e0 isatap.{F198678E-877D-4379-8EF4-FD9B21FE7F17}
14 ...00 00 00 00 00 00 00 e0 isatap.{FD7EA437-5E69-4B04-8171-AD771DF16B28}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
16 ...00 00 00 00 00 00 00 e0 isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
22 ...00 00 00 00 00 00 00 e0 isatap.{F94BABB8-7FB9-4757-83F0-58CB03F9EF02}
23 ...00 00 00 00 00 00 00 e0 isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
26 ...00 00 00 00 00 00 00 e0 isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
27 ...00 00 00 00 00 00 00 e0 isatap.{40BB08A9-51F0-4532-8C22-726472495CBD}
28 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
37 ...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #12
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 Auf Verbindung 10.177.46.64 41
10.177.46.64 255.255.255.255 Auf Verbindung 10.177.46.64 296
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 4531
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 4531
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4531
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 4531
224.0.0.0 240.0.0.0 Auf Verbindung 10.177.46.64 41
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 4531
255.255.255.255 255.255.255.255 Auf Verbindung 10.177.46.64 296
===========================================================================
St„ndige Routen:
Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
10 18 ::/0 Auf Verbindung
1 306 ::1/128 Auf Verbindung
10 18 2001::/32 Auf Verbindung
10 266 2001:0:5ef5:79fb:244f:2052:f54e:d1bf/128
Auf Verbindung
10 266 fe80::/64 Auf Verbindung
10 266 fe80::244f:2052:f54e:d1bf/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
10 266 ff00::/8 Auf Verbindung
===========================================================================
St„ndige Routen:
Keine

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2011 11:11:48 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 04:56:08 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 04:51:15 PM) (Source: RasClient) (User: )
Description: CoID={A51A4FDA-31A1-4A22-AD6C-3D66E496223F}: Der Benutzer "Maria\m" hat eine Verbindung mit dem Namen "Internet" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/18/2011 09:06:30 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\E\55> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\E\55> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\EE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\EE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (09/18/2011 08:45:05 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\61> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (09/18/2011 08:45:05 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\61> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============
Error: (09/19/2011 04:46:13 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (09/19/2011 04:44:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/19/2011 07:18:29 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/18/2011 05:29:29 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (09/18/2011 05:26:11 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/18/2011 04:51:34 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (09/18/2011 04:51:25 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (09/18/2011 04:51:15 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/18/2011 08:43:08 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/18/2011 08:41:35 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 18.09.2011 um 08:39:47 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/18/2011 11:11:48 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 04:56:08 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 04:51:15 PM) (Source: RasClient)(User: )
Description: {A51A4FDA-31A1-4A22-AD6C-3D66E496223F}Maria\mInternet0

Error: (09/18/2011 09:06:30 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\E\55

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\E\55

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\EE

Error: (09/18/2011 08:45:06 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\EE

Error: (09/18/2011 08:45:05 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\61

Error: (09/18/2011 08:45:05 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\M\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\CB3NDIJ2.DEFAULT\CACHE\1\61


=========================== Installed Programs ============================

AAC Decoder (Version: 7.1.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Atheros WLAN Client (Version: 1.00.000)
ATI Catalyst Install Manager (Version: 3.0.664.0)
AutoUpdate (Version: 1.1)
avast! Free Antivirus (Version: 6.0.1289.0)
AVStation Now (Version: 4.0.10.6)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0318.2139.36886)
Catalyst Control Center Graphics Full Existing (Version: 2008.0318.2139.36886)
Catalyst Control Center Graphics Full New (Version: 2008.0318.2139.36886)
Catalyst Control Center Graphics Light (Version: 2008.0318.2139.36886)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Czech (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Danish (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Dutch (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Finnish (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization French (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization German (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Greek (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Hungarian (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Italian (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Japanese (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Korean (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Norwegian (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Polish (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Portuguese (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Russian (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Spanish (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Swedish (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Thai (Version: 2008.0318.2139.36886)
Catalyst Control Center Localization Turkish (Version: 2008.0318.2139.36886)
ccc-core-static (Version: 2008.0318.2139.36886)
ccc-utility (Version: 2008.0318.2139.36886)
CCC Help Chinese Standard (Version: 2008.0318.2138.36886)
CCC Help Chinese Traditional (Version: 2008.0318.2138.36886)
CCC Help Czech (Version: 2008.0318.2138.36886)
CCC Help Danish (Version: 2008.0318.2138.36886)
CCC Help Dutch (Version: 2008.0318.2138.36886)
CCC Help English (Version: 2008.0318.2138.36886)
CCC Help Finnish (Version: 2008.0318.2138.36886)
CCC Help French (Version: 2008.0318.2138.36886)
CCC Help German (Version: 2008.0318.2138.36886)
CCC Help Greek (Version: 2008.0318.2138.36886)
CCC Help Hungarian (Version: 2008.0318.2138.36886)
CCC Help Italian (Version: 2008.0318.2138.36886)
CCC Help Japanese (Version: 2008.0318.2138.36886)
CCC Help Korean (Version: 2008.0318.2138.36886)
CCC Help Norwegian (Version: 2008.0318.2138.36886)
CCC Help Polish (Version: 2008.0318.2138.36886)
CCC Help Portuguese (Version: 2008.0318.2138.36886)
CCC Help Russian (Version: 2008.0318.2138.36886)
CCC Help Spanish (Version: 2008.0318.2138.36886)
CCC Help Swedish (Version: 2008.0318.2138.36886)
CCC Help Thai (Version: 2008.0318.2138.36886)
CCC Help Turkish (Version: 2008.0318.2138.36886)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
ContentSAFER for Wizmax
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
DVD Suite (Version: 5.0.2103)
Easy Battery Manager (Version: 3.2.1.1)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager 3.0 (Version: 3.0.0.0)
Easy SpeedUp Manager (Version: 2.0.0.14)
ESET Online Scanner v3
H.264 Decoder (Version: 1.0.0)
ICQ6.5 (Version: 6.5)
imagine digital freedom - Samsung (Version: 1.0.2.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LabelPrint 2.0
LightScribe 1.8.15.1 (Version: 1.8.15.1)
Malwarebytes' Anti-Malware Version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.6361.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MKV Splitter (Version: 1.0.0)
Mobile Partner (Version: 11.300.05.11.52)
Mozilla Firefox 5.0 (x86 de) (Version: 5.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PDF24 Creator 2.8.6
Play AVStation (Version: 4.1.20.47)
PlayCamera (Version: 1.0.1.1)
Power2Go 5.0
PowerDirector
PowerDVD (Version: 7.0.2802.0)
PowerProducer (Version: 074429(3.7)_Vista_SSPC)
QuickTime
Realtek High Definition Audio Driver (Version: 6.0.1.5433)
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution II (Version: 1.0.3.21)
Samsung Update Plus (Version: 1.3.0.11)
Skins (Version: 2008.0318.2139.36886)
Skype™ 5.1 (Version: 5.1.112)
SPORE™ (Version: 1.00.0000)
Springer Lexikon Medizin - Die DVD (Version: 1.3)
Synaptics Pointing Device Driver (Version: 10.1.2.0)
User Guide (Version: 1.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Vimicro UVC Camera (Version: 1.00.0000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3069.45 MB
Available physical RAM: 2019.64 MB
Total Pagefile: 6363.28 MB
Available Pagefile: 5391.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.24 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:144.09 GB) (Free:77.46 GB) NTFS
2 Drive d: () (Fixed) (Total:144 GB) (Free:118.71 GB) NTFS
3 Drive e: (EC_109856) (CDROM) (Total:7.42 GB) (Free:0 GB) UDF
4 Drive g: (Mobile Partner) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

========================= Users: ========================================

Benutzerkonten fr \\MARIA

Administrator Gast m
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7748

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19.09.2011 17:17:33
mbam-log-2011-09-19 (17-17-33).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163772
Laufzeit: 3 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


GMER shuts down. =(

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 19 September 2011 - 07:02 PM

Instead of GMER...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 22 September 2011 - 11:11 AM

And the last report:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8FC0D000 C:\Windows\system32\DRIVERS\atikmdag.sys 5025792 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C34000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x82C34000 PnpManager 3846144 bytes
0x82C34000 RAW 3846144 bytes
0x82C34000 WMIxWDM 3846144 bytes
0x990B0000 Win32k 2113536 bytes
0x990B0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x9040E000 C:\Windows\system32\drivers\RTKVHDA.sys 1781760 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x90184000 C:\Windows\system32\DRIVERS\athr.sys 1216512 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8AEEB000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8AC75000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8ADE6000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8A8D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0xA4804000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9B0B6000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x900D8000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x90368000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8A9B5000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AC04000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90613000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8A80B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9B200000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x9B043000 C:\Windows\system32\drivers\ACEDRV09.sys 405504 bytes (Protect Software GmbH, Filter Driver ProtectDisc)
0x9B371000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8B2F6000 C:\Windows\System32\Drivers\aswSP.SYS 315392 bytes (AVAST Software, avast! self protection module)
0x902AD000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x8AAE7000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9072E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8AA3E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x8A894000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B141000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x90303000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B2A3000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B362000 C:\Windows\System32\Drivers\VMC302.sys 245760 bytes (Vimicro Corporation, Vimicro USB Video Class Camera)
0x8ADAB000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9B2F8000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8ABBE000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x9B008000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8B25D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82C01000 ACPI_HAL 208896 bytes
0x82C01000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8AB7C000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x9077D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B112000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B0E4000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x905C1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AD80000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B21C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9B17B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9B1C2000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x9B349000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8B015000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8AA95000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xA491F000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x905EE000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B1AF000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B04D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9B2B8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x906A6000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9B2D9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8AB5E000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9B26D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AED0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8B07F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x8B3BD000 C:\Windows\system32\DRIVERS\ewusbmdm.sys 106496 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0x9B28A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90350000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9B331000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B2DF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B18D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8B34B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9B1EA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x907AF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x906F9000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9B2A3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B1F5000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8B39E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA48F8000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B1E1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9071A000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B0D1000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x9B1AF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x907D3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA490D000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B03C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B292000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8A87B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x8ABAE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9B16B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8AB46000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B20A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B0BE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8B3E4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B006000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8AABC000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B1D2000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90341000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AAD8000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x992F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x907C5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x906E2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8AB38000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x907F0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B3D7000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modemgerätetreiber)
0x8B250000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AA31000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA48EC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9069A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x90178000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9070F000 C:\Windows\System32\Drivers\aswTdi.SYS 45056 bytes (AVAST Software, avast! TDI Filter Driver)
0x90400000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x903F5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8FC02000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x906D7000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B1A4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B182000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B0AA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AACE000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8B3B3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B246000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9B1A5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x907E6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA48E2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x902F9000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA4945000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA494E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8B076000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90683000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x906F0000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x992D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B0B5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AA84000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AB56000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8B06E000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x8A88C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B343000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x9B0A6000 C:\Windows\system32\DRIVERS\kmdfmemio.sys 32768 bytes (SAMSUNG ELECTRONICS CO., LTD., Non PnP Driver)
0x8AA8D000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x906C7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x906CF000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ABF7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90776000 C:\Windows\System32\Drivers\aswRdr.SYS 28672 bytes (AVAST Software, avast! TDI RDR Driver)
0x90693000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A804000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9068C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8AB31000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9B166000 C:\Windows\system32\plcndis5.sys 20480 bytes (Intellon, Inc., PCAUSA NDIS 5.0 Protocol Driver)
0x8B0CD000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8AFFB000 C:\Windows\system32\DRIVERS\RecAgent.sys 16384 bytes ( , Recorder agent driver)
0x9B040000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8AACB000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B21A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FC00000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x866F81ED unknown_irp_handler 3603 bytes
==============================================
>Stealth
==============================================
0x866F9A9B Unknown page with executable code, 1381 bytes
0x8ABBE000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x866FA19B Unknown page with executable code, 3685 bytes
0x866FCE84 Unknown thread object [ ETHREAD 0x866F3A80 ] TID: 264, 600 bytes
0x866FF084 Unknown thread object [ ETHREAD 0x869864E8 ] TID: 268, 600 bytes
0x866FED58 Unknown page with executable code, 680 bytes

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 22 September 2011 - 07:11 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 24 September 2011 - 04:50 AM

The first scan which has found something ... =)

21:00:02.0001 5248 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
21:00:04.0004 5248 ============================================================
21:00:04.0005 5248 Current date / time: 2011/09/23 21:00:04.0004
21:00:04.0005 5248 SystemInfo:
21:00:04.0005 5248
21:00:04.0005 5248 OS Version: 6.0.6002 ServicePack: 2.0
21:00:04.0005 5248 Product type: Workstation
21:00:04.0005 5248 ComputerName: MARIA
21:00:04.0005 5248 UserName: m
21:00:04.0005 5248 Windows directory: C:\Windows
21:00:04.0005 5248 System windows directory: C:\Windows
21:00:04.0005 5248 Processor architecture: Intel x86
21:00:04.0006 5248 Number of processors: 2
21:00:04.0006 5248 Page size: 0x1000
21:00:04.0006 5248 Boot type: Normal boot
21:00:04.0006 5248 ============================================================
21:00:05.0012 5248 Initialize success
21:00:17.0317 4808 ============================================================
21:00:17.0317 4808 Scan started
21:00:17.0317 4808 Mode: Manual;
21:00:17.0317 4808 ============================================================
21:00:18.0059 4808 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
21:00:18.0061 4808 ACEDRV09 - ok
21:00:18.0096 4808 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:00:18.0099 4808 ACPI - ok
21:00:18.0142 4808 ADDMEM - ok
21:00:18.0218 4808 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:00:18.0226 4808 adp94xx - ok
21:00:18.0259 4808 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:00:18.0265 4808 adpahci - ok
21:00:18.0308 4808 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:00:18.0310 4808 adpu160m - ok
21:00:18.0345 4808 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:00:18.0348 4808 adpu320 - ok
21:00:18.0436 4808 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:00:18.0442 4808 AFD - ok
21:00:18.0479 4808 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:00:18.0480 4808 agp440 - ok
21:00:18.0522 4808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:00:18.0524 4808 aic78xx - ok
21:00:18.0560 4808 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
21:00:18.0562 4808 aliide - ok
21:00:18.0591 4808 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:00:18.0592 4808 amdagp - ok
21:00:18.0617 4808 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
21:00:18.0618 4808 amdide - ok
21:00:18.0639 4808 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:00:18.0642 4808 AmdK7 - ok
21:00:18.0661 4808 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:00:18.0662 4808 AmdK8 - ok
21:00:18.0711 4808 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:00:18.0712 4808 arc - ok
21:00:18.0734 4808 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:00:18.0736 4808 arcsas - ok
21:00:18.0813 4808 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
21:00:18.0815 4808 aswFsBlk - ok
21:00:18.0861 4808 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
21:00:18.0862 4808 aswMonFlt - ok
21:00:18.0923 4808 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
21:00:18.0924 4808 aswRdr - ok
21:00:18.0967 4808 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
21:00:18.0971 4808 aswSnx - ok
21:00:19.0030 4808 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
21:00:19.0033 4808 aswSP - ok
21:00:19.0085 4808 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
21:00:19.0087 4808 aswTdi - ok
21:00:19.0149 4808 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:19.0150 4808 AsyncMac - ok
21:00:19.0181 4808 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:00:19.0182 4808 atapi - ok
21:00:19.0269 4808 athr (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
21:00:19.0278 4808 athr - ok
21:00:19.0403 4808 atikmdag (976d32226fc4dd1187110b763f913a69) C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:19.0430 4808 atikmdag - ok
21:00:19.0450 4808 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:00:19.0454 4808 AtiPcie - ok
21:00:19.0517 4808 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:00:19.0518 4808 Beep - ok
21:00:19.0577 4808 blbdrive - ok
21:00:19.0645 4808 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:00:19.0646 4808 bowser - ok
21:00:19.0692 4808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:00:19.0693 4808 BrFiltLo - ok
21:00:19.0712 4808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:00:19.0713 4808 BrFiltUp - ok
21:00:19.0742 4808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:00:19.0744 4808 Brserid - ok
21:00:19.0767 4808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:00:19.0769 4808 BrSerWdm - ok
21:00:19.0792 4808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:00:19.0793 4808 BrUsbMdm - ok
21:00:19.0812 4808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:00:19.0813 4808 BrUsbSer - ok
21:00:19.0839 4808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:00:19.0841 4808 BTHMODEM - ok
21:00:19.0994 4808 catchme - ok
21:00:20.0050 4808 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:20.0051 4808 cdfs - ok
21:00:20.0089 4808 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:20.0090 4808 cdrom - ok
21:00:20.0139 4808 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:00:20.0140 4808 circlass - ok
21:00:20.0183 4808 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:00:20.0186 4808 CLFS - ok
21:00:20.0245 4808 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:20.0246 4808 CmBatt - ok
21:00:20.0288 4808 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
21:00:20.0289 4808 cmdide - ok
21:00:20.0310 4808 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:20.0311 4808 Compbatt - ok
21:00:20.0345 4808 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:00:20.0347 4808 crcdisk - ok
21:00:20.0374 4808 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:00:20.0376 4808 Crusoe - ok
21:00:20.0461 4808 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:00:20.0463 4808 DfsC - ok
21:00:20.0530 4808 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:00:20.0532 4808 disk - ok
21:00:20.0588 4808 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:00:20.0589 4808 drmkaud - ok
21:00:20.0656 4808 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:20.0678 4808 DXGKrnl - ok
21:00:20.0720 4808 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:00:20.0724 4808 E1G60 - ok
21:00:20.0790 4808 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:00:20.0794 4808 Ecache - ok
21:00:20.0854 4808 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:00:20.0860 4808 elxstor - ok
21:00:20.0946 4808 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:00:20.0949 4808 exfat - ok
21:00:20.0992 4808 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:00:20.0995 4808 fastfat - ok
21:00:21.0031 4808 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:00:21.0033 4808 fdc - ok
21:00:21.0104 4808 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:00:21.0106 4808 FileInfo - ok
21:00:21.0134 4808 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:00:21.0135 4808 Filetrace - ok
21:00:21.0157 4808 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:21.0160 4808 flpydisk - ok
21:00:21.0208 4808 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:00:21.0211 4808 FltMgr - ok
21:00:21.0252 4808 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:21.0253 4808 Fs_Rec - ok
21:00:21.0283 4808 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:00:21.0285 4808 gagp30kx - ok
21:00:21.0333 4808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:00:21.0338 4808 HdAudAddService - ok
21:00:21.0392 4808 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:21.0397 4808 HDAudBus - ok
21:00:21.0423 4808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:00:21.0424 4808 HidBth - ok
21:00:21.0448 4808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:00:21.0449 4808 HidIr - ok
21:00:21.0493 4808 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:21.0494 4808 HidUsb - ok
21:00:21.0528 4808 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:00:21.0529 4808 HpCISSs - ok
21:00:21.0577 4808 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:00:21.0584 4808 HTTP - ok
21:00:21.0648 4808 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:00:21.0651 4808 hwdatacard - ok
21:00:21.0704 4808 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:00:21.0705 4808 i2omp - ok
21:00:21.0765 4808 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:21.0768 4808 i8042prt - ok
21:00:21.0811 4808 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:00:21.0817 4808 iaStorV - ok
21:00:21.0869 4808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:00:21.0871 4808 iirsp - ok
21:00:21.0976 4808 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
21:00:21.0990 4808 IntcAzAudAddService - ok
21:00:22.0028 4808 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
21:00:22.0029 4808 intelide - ok
21:00:22.0084 4808 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:22.0086 4808 intelppm - ok
21:00:22.0148 4808 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:22.0152 4808 IpFilterDriver - ok
21:00:22.0169 4808 IpInIp - ok
21:00:22.0197 4808 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:00:22.0199 4808 IPMIDRV - ok
21:00:22.0240 4808 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:00:22.0242 4808 IPNAT - ok
21:00:22.0278 4808 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:00:22.0279 4808 IRENUM - ok
21:00:22.0311 4808 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:00:22.0312 4808 isapnp - ok
21:00:22.0354 4808 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:22.0357 4808 iScsiPrt - ok
21:00:22.0389 4808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:00:22.0391 4808 iteatapi - ok
21:00:22.0428 4808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:00:22.0430 4808 iteraid - ok
21:00:22.0489 4808 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:22.0490 4808 kbdclass - ok
21:00:22.0511 4808 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:00:22.0512 4808 kbdhid - ok
21:00:22.0560 4808 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
21:00:22.0561 4808 KMDFMEMIO - ok
21:00:22.0601 4808 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:00:22.0607 4808 KSecDD - ok
21:00:22.0668 4808 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:22.0670 4808 lltdio - ok
21:00:22.0726 4808 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:00:22.0728 4808 LSI_FC - ok
21:00:22.0768 4808 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:00:22.0770 4808 LSI_SAS - ok
21:00:22.0821 4808 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:00:22.0825 4808 LSI_SCSI - ok
21:00:22.0865 4808 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:00:22.0868 4808 luafv - ok
21:00:22.0905 4808 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:00:22.0907 4808 megasas - ok
21:00:22.0938 4808 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:00:22.0939 4808 Modem - ok
21:00:22.0977 4808 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
21:00:22.0978 4808 MODEMCSA - ok
21:00:23.0027 4808 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:00:23.0028 4808 monitor - ok
21:00:23.0056 4808 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:23.0057 4808 mouclass - ok
21:00:23.0100 4808 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:23.0102 4808 mouhid - ok
21:00:23.0135 4808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:00:23.0136 4808 MountMgr - ok
21:00:23.0170 4808 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:00:23.0172 4808 mpio - ok
21:00:23.0217 4808 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:00:23.0219 4808 mpsdrv - ok
21:00:23.0257 4808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:00:23.0258 4808 Mraid35x - ok
21:00:23.0296 4808 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:00:23.0300 4808 MRxDAV - ok
21:00:23.0339 4808 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:23.0340 4808 mrxsmb - ok
21:00:23.0372 4808 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:23.0375 4808 mrxsmb10 - ok
21:00:23.0404 4808 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:23.0405 4808 mrxsmb20 - ok
21:00:23.0435 4808 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
21:00:23.0437 4808 msahci - ok
21:00:23.0484 4808 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:00:23.0486 4808 msdsm - ok
21:00:23.0545 4808 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:00:23.0546 4808 Msfs - ok
21:00:23.0593 4808 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:00:23.0595 4808 msisadrv - ok
21:00:23.0652 4808 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:23.0653 4808 MSKSSRV - ok
21:00:23.0698 4808 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:23.0699 4808 MSPCLOCK - ok
21:00:23.0719 4808 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:00:23.0720 4808 MSPQM - ok
21:00:23.0757 4808 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:00:23.0759 4808 MsRPC - ok
21:00:23.0803 4808 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:23.0806 4808 mssmbios - ok
21:00:23.0834 4808 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:00:23.0835 4808 MSTEE - ok
21:00:23.0879 4808 Mtlmnt5 (6433ec4bce450447c7947f6181a9e268) C:\Windows\system32\DRIVERS\Mtlmnt5.sys
21:00:23.0884 4808 Mtlmnt5 - ok
21:00:23.0959 4808 Mtlstrm (30b87862b93574a20d78e1ff63c88694) C:\Windows\system32\DRIVERS\Mtlstrm.sys
21:00:24.0004 4808 Mtlstrm - ok
21:00:24.0043 4808 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:00:24.0044 4808 Mup - ok
21:00:24.0105 4808 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:24.0107 4808 NativeWifiP - ok
21:00:24.0157 4808 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:00:24.0167 4808 NDIS - ok
21:00:24.0215 4808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:24.0216 4808 NdisTapi - ok
21:00:24.0259 4808 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:24.0260 4808 Ndisuio - ok
21:00:24.0293 4808 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:24.0296 4808 NdisWan - ok
21:00:24.0337 4808 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:00:24.0340 4808 NDProxy - ok
21:00:24.0370 4808 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:00:24.0373 4808 NetBIOS - ok
21:00:24.0428 4808 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:00:24.0432 4808 netbt - ok
21:00:24.0497 4808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:00:24.0499 4808 nfrd960 - ok
21:00:24.0533 4808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:00:24.0535 4808 Npfs - ok
21:00:24.0578 4808 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:00:24.0579 4808 nsiproxy - ok
21:00:24.0648 4808 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:00:24.0668 4808 Ntfs - ok
21:00:24.0690 4808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:00:24.0692 4808 ntrigdigi - ok
21:00:24.0727 4808 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:00:24.0730 4808 Null - ok
21:00:24.0757 4808 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:00:24.0760 4808 nvraid - ok
21:00:24.0787 4808 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:00:24.0789 4808 nvstor - ok
21:00:24.0822 4808 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:00:24.0824 4808 nv_agp - ok
21:00:24.0837 4808 NwlnkFlt - ok
21:00:24.0853 4808 NwlnkFwd - ok
21:00:24.0894 4808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:00:24.0896 4808 ohci1394 - ok
21:00:24.0956 4808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:00:24.0958 4808 Parport - ok
21:00:24.0997 4808 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:00:24.0999 4808 partmgr - ok
21:00:25.0026 4808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:00:25.0028 4808 Parvdm - ok
21:00:25.0086 4808 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:00:25.0088 4808 pci - ok
21:00:25.0121 4808 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:00:25.0123 4808 pciide - ok
21:00:25.0152 4808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:00:25.0157 4808 pcmcia - ok
21:00:25.0217 4808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:00:25.0239 4808 PEAUTH - ok
21:00:25.0313 4808 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\Windows\system32\plcndis5.sys
21:00:25.0321 4808 PLCNDIS5 - ok
21:00:25.0393 4808 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:25.0394 4808 PptpMiniport - ok
21:00:25.0418 4808 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:00:25.0420 4808 Processor - ok
21:00:25.0478 4808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:00:25.0480 4808 PSched - ok
21:00:25.0537 4808 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:00:25.0570 4808 ql2300 - ok
21:00:25.0605 4808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:00:25.0608 4808 ql40xx - ok
21:00:25.0656 4808 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:00:25.0657 4808 QWAVEdrv - ok
21:00:25.0696 4808 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:25.0697 4808 RasAcd - ok
21:00:25.0748 4808 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:25.0751 4808 Rasl2tp - ok
21:00:25.0790 4808 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:25.0792 4808 RasPppoe - ok
21:00:25.0817 4808 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:25.0818 4808 RasSstp - ok
21:00:25.0868 4808 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:25.0873 4808 rdbss - ok
21:00:25.0906 4808 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:25.0907 4808 RDPCDD - ok
21:00:25.0949 4808 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:00:25.0954 4808 rdpdr - ok
21:00:25.0967 4808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:00:25.0968 4808 RDPENCDD - ok
21:00:26.0005 4808 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:00:26.0010 4808 RDPWD - ok
21:00:26.0055 4808 RecAgent (41315d97bb319bd5b5e1b367570e7b3c) C:\Windows\system32\DRIVERS\RecAgent.sys
21:00:26.0056 4808 RecAgent - ok
21:00:26.0122 4808 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:26.0123 4808 rspndr - ok
21:00:26.0177 4808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:00:26.0180 4808 sbp2port - ok
21:00:26.0223 4808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:00:26.0224 4808 secdrv - ok
21:00:26.0263 4808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:00:26.0265 4808 Serenum - ok
21:00:26.0291 4808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:00:26.0294 4808 Serial - ok
21:00:26.0332 4808 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:00:26.0334 4808 sermouse - ok
21:00:26.0373 4808 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:00:26.0374 4808 sffdisk - ok
21:00:26.0404 4808 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:00:26.0405 4808 sffp_mmc - ok
21:00:26.0425 4808 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:00:26.0427 4808 sffp_sd - ok
21:00:26.0465 4808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:00:26.0466 4808 sfloppy - ok
21:00:26.0503 4808 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:00:26.0506 4808 sisagp - ok
21:00:26.0532 4808 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:00:26.0534 4808 SiSRaid2 - ok
21:00:26.0568 4808 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:00:26.0572 4808 SiSRaid4 - ok
21:00:26.0621 4808 Slnt7554 (f3a4ab7230646941d41a9e2e754f047a) C:\Windows\system32\DRIVERS\slnt7554.sys
21:00:26.0627 4808 Slnt7554 - ok
21:00:26.0665 4808 SlNtHal (f06507086ff9bfdbcf3c5098a4848b5d) C:\Windows\system32\DRIVERS\Slnthal.sys
21:00:26.0668 4808 SlNtHal - ok
21:00:26.0718 4808 SlWdmSup (cd4f4cee4481e11bda806a9366785a1d) C:\Windows\system32\DRIVERS\SlWdmSup.sys
21:00:26.0719 4808 SlWdmSup - ok
21:00:26.0756 4808 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:00:26.0758 4808 Smb - ok
21:00:26.0832 4808 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:00:26.0834 4808 spldr - ok
21:00:26.0900 4808 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:00:26.0904 4808 srv - ok
21:00:26.0948 4808 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:00:26.0951 4808 srv2 - ok
21:00:26.0991 4808 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:26.0993 4808 srvnet - ok
21:00:27.0060 4808 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:00:27.0062 4808 swenum - ok
21:00:27.0100 4808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:00:27.0102 4808 Symc8xx - ok
21:00:27.0127 4808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:00:27.0129 4808 Sym_hi - ok
21:00:27.0158 4808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:00:27.0161 4808 Sym_u3 - ok
21:00:27.0231 4808 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
21:00:27.0235 4808 SynTP - ok
21:00:27.0317 4808 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
21:00:27.0338 4808 Tcpip - ok
21:00:27.0366 4808 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
21:00:27.0373 4808 Tcpip6 - ok
21:00:27.0402 4808 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:00:27.0404 4808 tcpipreg - ok
21:00:27.0437 4808 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:00:27.0438 4808 TDPIPE - ok
21:00:27.0461 4808 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:00:27.0463 4808 TDTCP - ok
21:00:27.0496 4808 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:00:27.0498 4808 tdx - ok
21:00:27.0537 4808 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:00:27.0538 4808 TermDD - ok
21:00:27.0592 4808 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:27.0593 4808 tssecsrv - ok
21:00:27.0637 4808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:00:27.0638 4808 tunmp - ok
21:00:27.0678 4808 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:00:27.0681 4808 tunnel - ok
21:00:27.0730 4808 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:00:27.0732 4808 uagp35 - ok
21:00:27.0777 4808 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:00:27.0781 4808 udfs - ok
21:00:27.0840 4808 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:00:27.0842 4808 uliagpkx - ok
21:00:27.0886 4808 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:00:27.0891 4808 uliahci - ok
21:00:27.0918 4808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:00:27.0920 4808 UlSata - ok
21:00:27.0957 4808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:00:27.0960 4808 ulsata2 - ok
21:00:27.0997 4808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:00:27.0998 4808 umbus - ok
21:00:28.0043 4808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:28.0045 4808 usbccgp - ok
21:00:28.0078 4808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:00:28.0080 4808 usbcir - ok
21:00:28.0126 4808 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:00:28.0128 4808 usbehci - ok
21:00:28.0170 4808 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:00:28.0174 4808 usbhub - ok
21:00:28.0216 4808 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:00:28.0217 4808 usbohci - ok
21:00:28.0252 4808 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:00:28.0253 4808 usbprint - ok
21:00:28.0277 4808 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:28.0279 4808 USBSTOR - ok
21:00:28.0317 4808 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:00:28.0321 4808 usbuhci - ok
21:00:28.0371 4808 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
21:00:28.0374 4808 usbvideo - ok
21:00:28.0421 4808 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:28.0423 4808 vga - ok
21:00:28.0448 4808 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:00:28.0450 4808 VgaSave - ok
21:00:28.0489 4808 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:00:28.0492 4808 viaagp - ok
21:00:28.0511 4808 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:00:28.0513 4808 ViaC7 - ok
21:00:28.0543 4808 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
21:00:28.0545 4808 viaide - ok
21:00:28.0598 4808 VMC302 (2dff4efa8e65b257c171c362c1256db8) C:\Windows\system32\Drivers\VMC302.sys
21:00:28.0600 4808 VMC302 - ok
21:00:28.0638 4808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:00:28.0641 4808 volmgr - ok
21:00:28.0690 4808 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:00:28.0694 4808 volmgrx - ok
21:00:28.0741 4808 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
21:00:28.0745 4808 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
21:00:28.0746 4808 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
21:00:28.0747 4808 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
21:00:28.0788 4808 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:00:28.0791 4808 vsmraid - ok
21:00:28.0835 4808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:00:28.0838 4808 WacomPen - ok
21:00:28.0873 4808 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:28.0875 4808 Wanarp - ok
21:00:28.0898 4808 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:28.0900 4808 Wanarpv6 - ok
21:00:28.0937 4808 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:00:28.0941 4808 Wd - ok
21:00:28.0995 4808 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:00:29.0017 4808 Wdf01000 - ok
21:00:29.0113 4808 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:00:29.0115 4808 WmiAcpi - ok
21:00:29.0185 4808 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:00:29.0186 4808 WpdUsb - ok
21:00:29.0237 4808 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:00:29.0239 4808 ws2ifsl - ok
21:00:29.0306 4808 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:29.0310 4808 WUDFRd - ok
21:00:29.0388 4808 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
21:00:29.0394 4808 yukonwlh - ok
21:00:29.0430 4808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:00:29.0442 4808 \Device\Harddisk0\DR0 - ok
21:00:29.0447 4808 Boot (0x1200) (39f1c8d7cb96ca8956459235f6edafcf) \Device\Harddisk0\DR0\Partition0
21:00:29.0449 4808 \Device\Harddisk0\DR0\Partition0 - ok
21:00:29.0497 4808 Boot (0x1200) (4284c0aced4a877dcb8c3581f0841df1) \Device\Harddisk0\DR0\Partition1
21:00:29.0498 4808 \Device\Harddisk0\DR0\Partition1 - ok
21:00:29.0499 4808 ============================================================
21:00:29.0499 4808 Scan finished
21:00:29.0499 4808 ============================================================
21:00:29.0517 0156 Detected object count: 1
21:00:29.0517 0156 Actual detected object count: 1
21:00:52.0170 0156 Backup copy found, using it..
21:00:52.0203 0156 C:\Windows\system32\drivers\volsnap.sys - will be cured on reboot
21:00:52.0203 0156 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
21:01:19.0464 1384 Deinitialize success

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 24 September 2011 - 10:06 AM

Good.
How is redirection?

Give me fresh RKUnhooker log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 24 September 2011 - 03:41 PM

You apparently cured my computer. =) I do not got any redirect again, my FF does not crash anymore and the IE does not appear in the TaskManager unless I open it.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 24 September 2011 - 05:15 PM

I'm glad to hear good news :)

Still, please follow my previous instructions.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 September 2011 - 11:00 AM

Oh, sorry. :huh: The report is done and I wanted to post it - unfortunately I has forgot it.
Here it is:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F808000 C:\Windows\system32\DRIVERS\atikmdag.sys 5025792 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C4A000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x82C4A000 PnpManager 3846144 bytes
0x82C4A000 RAW 3846144 bytes
0x82C4A000 WMIxWDM 3846144 bytes
0x990F0000 Win32k 2113536 bytes
0x990F0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x9000D000 C:\Windows\system32\drivers\RTKVHDA.sys 1781760 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8FD7F000 C:\Windows\system32\DRIVERS\athr.sys 1216512 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8AEEC000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8AC76000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8ADE7000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8A8D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0xA6008000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9ACBD000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8FCD3000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8FF63000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8A9B6000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AC05000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90212000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8A80C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9ADDF000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x9AC4A000 C:\Windows\system32\drivers\ACEDRV09.sys 405504 bytes (Protect Software GmbH, Filter Driver ProtectDisc)
0x9AF50000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8B307000 C:\Windows\System32\Drivers\aswSP.SYS 315392 bytes (AVAST Software, avast! self protection module)
0x8FEA8000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x8AAE8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9032D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8AA3F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x8A895000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B154000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8FEFE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B2B4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B36B000 C:\Windows\System32\Drivers\VMC302.sys 245760 bytes (Vimicro Corporation, Vimicro USB Video Class Camera)
0x8ADAC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9AED7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8ABBF000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x9AC0F000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8B26E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82C17000 ACPI_HAL 208896 bytes
0x82C17000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8AB7D000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x9037C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B125000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B0EC000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x901C0000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AD81000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B22D000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9AD82000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9AF28000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8B01D000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8AA96000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xA6123000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x901ED000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B1C2000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B055000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9AE97000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x902A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9AEB8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8AB5F000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9AE4C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AED1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8B087000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x8B3A7000 C:\Windows\system32\DRIVERS\ewusbmdm.sys 106496 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0x9AE69000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FF4B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9AF10000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B2F0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B1A0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8B354000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9ADC9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x903AE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x902F8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9AE82000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B208000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8B3C1000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA60FC000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B1F4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90319000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B0D9000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x9ADB6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x903D2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA6111000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B044000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B2A3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8A87C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x8ABAF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA6152000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9AD72000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8AB47000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B21D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B0C6000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8B3EB000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B00E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8AABD000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B1E5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FF3C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AAD9000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x99330000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x903C4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x902E1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8AB39000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90000000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x903EF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modemgerätetreiber)
0x8B261000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AA32000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA60F0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90299000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FD73000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9030E000 C:\Windows\System32\Drivers\aswTdi.SYS 45056 bytes (AVAST Software, avast! TDI Filter Driver)
0x8B3D6000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8FFF0000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8B11A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x902D6000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B1B7000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B195000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B0B2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AACF000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8B3E1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B257000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9ADAC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x903E5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA60E6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FEF4000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA6171000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA6183000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8B07E000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90282000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA6149000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x902EF000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99310000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B0BD000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AA85000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AB57000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8B076000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x8A88D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F800000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x9ACAD000 C:\Windows\system32\DRIVERS\kmdfmemio.sys 32768 bytes (SAMSUNG ELECTRONICS CO., LTD., Non PnP Driver)
0xA6169000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x8AA8E000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x902C6000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x902CE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ABF8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90375000 C:\Windows\System32\Drivers\aswRdr.SYS 28672 bytes (AVAST Software, avast! TDI RDR Driver)
0x90292000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xA6162000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8A805000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9028B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8AB32000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9AD6D000 C:\Windows\system32\plcndis5.sys 20480 bytes (Intellon, Inc., PCAUSA NDIS 5.0 Protocol Driver)
0x8B0D5000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8AFFC000 C:\Windows\system32\DRIVERS\RecAgent.sys 16384 bytes ( , Recorder agent driver)
0x9AC47000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8AACC000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FFFD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FFFB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 25 September 2011 - 11:34 AM

Good :)

Last scans...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Maria Irene

Maria Irene
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 September 2011 - 02:25 PM

TFC deleted about 190 MB temp files.
ESET says: "No threats found." (There was no option for viewing some sort of list or something else.)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:08 AM

Posted 25 September 2011 - 03:02 PM

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==============================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users