Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE opens random websites by itself


  • This topic is locked This topic is locked
46 replies to this topic

#1 hvdb

hvdb

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 24 January 2012 - 12:57 AM

Hello,

on my windows XP laptop, I have a problem that recently, the internet explorer sometimes (a few times per week) opens some websites by itself.
The sites are always different, and seem harmless. However, usign my AVG2012 virusscanner I cannot seem to get rid of the problem.

I therefore took the logs using your tools and hope that someone here can help me?

Thanks,
Hvdb

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 27 January 2012 - 12:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 January 2012 - 04:15 AM

Ok,

Have run combofix and here is the log:
Immediatly after running combofix, also received warning that windows explorer was blocked by windows firewall, see picture attached :


ComboFix 12-01-28.01 - Hans Vanderbeke 28/01/2012 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1448 [GMT 1:00]
Gestart vanuit: d:\documents and settings\Hans Vanderbeke\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\z.txt
c:\windows\system32\133652c8.dll
c:\windows\system32\17401371841.dll
c:\windows\system32\57ab4c43.dll
c:\windows\system32\5f63fbb4.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\70dbff2ab898a7c6.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b11021e52c44bb03.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5b98de26101002c.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\SET44.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET50.tmp
.
Besmet exemplaar van c:\windows\system32\autochk.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\autochk.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-28 to 2012-01-28 ))))))))))))))))))))))))))))))
.
.
2012-01-28 09:02 . 2012-01-28 09:02 24985 ----a-w- c:\windows\system32\923896841.dll
2012-01-25 19:28 . 2012-01-25 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-25 19:27 . 2012-01-25 19:31 -------- d-----w- c:\program files\NCH Software
2012-01-25 19:27 . 2012-01-25 19:27 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\NCH Software
2012-01-14 17:37 . 2012-01-14 17:37 -------- d-----w- c:\program files\iPod
2012-01-14 17:37 . 2012-01-14 17:38 -------- d-----w- c:\program files\iTunes
2012-01-11 20:29 . 2012-01-11 20:29 -------- d-----w- c:\documents and settings\Vicky Decock\Mijn documenten
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\Juniper Networks
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 23:49 . 2011-12-29 23:49 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\dvdcss
2011-12-29 22:01 . 2001-11-12 09:44 122880 ----a-w- c:\windows\system32\Nsvideo.dll
2011-12-29 21:55 . 2007-02-05 10:15 18432 ----a-w- c:\windows\system32\drivers\Achernar.sys
2011-12-29 21:54 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-29 20:57 . 2012-01-02 19:26 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\NewSoft
2011-12-29 19:43 . 2011-12-29 19:43 -------- d-----w- c:\program files\PowerQuest
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 00:27 . 2011-11-16 20:40 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-01-20 20:29 . 2011-11-16 20:40 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll.old
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-11-25 21:57 . 2004-08-03 23:03 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-03 22:56 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 08:09 . 2011-06-29 05:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2004-08-03 23:03 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-03 23:03 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-03 23:03 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2004-08-03 23:03 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-03 23:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-03 23:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:25 . 2004-08-03 22:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-03 23:03 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-03 23:03 1296384 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-03 23:03 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-12-21 08:02 . 2011-12-27 05:29 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 16:41 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2012-01-23 00:27 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-07-15 06:13 159744 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 19:48 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 09:46 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-30 17:54 16116224 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\KetnetKick2\\Main.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\Vicky Decock\\Downloads\\MusicConverterSetup.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Hans Vanderbeke\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8320:TCP"= 8320:TCP:messenger
"44665:UDP"= 44665:UDP:Emule
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [29/12/2011 22:55 18432]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/12/2009 14:23 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 3:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/11/2010 22:20 295248]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [31/03/2011 21:33 20088]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 11:48 10240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 5:09 192776]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [15/07/2008 7:13 106496]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [31/12/2009 12:43 54560]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [16/01/2012 17:41 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S2 getuname32;Unicode name Dll for UCE;c:\windows\system32\rundll32.exe getuname32.dll,axuz --> c:\windows\system32\rundll32.exe getuname32.dll,axuz [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 17:04 135664]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 17:04 135664]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4/11/2008 11:39 14336]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:04]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:04]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1220945662-682003330-1004Core.job
- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-29 18:19]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1220945662-682003330-1004UA.job
- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-29 18:19]
.
2012-01-25 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-25 19:27]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy.skynet.be:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\documents and settings\Hans Vanderbeke\Application Data\Mozilla\Firefox\Profiles\fsvwhfk3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8a61864c-36a8-4e41-bb43-f67f4236df78%7D&mid=5914444a189320c7c09eed0da8802113-ab8d4079a8cc9e00f2dcf390528314f9efadb729&ds=AVG&v=9.0.0.22&lang=nl&pr=fr&d=2011-10-12%2019%3A42%3A15&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 10:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1220945662-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BF836A6E90DA70685E972D3750FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B55546B857FC1FFDCCBAC5C1742F632F0A27D6BD47DDECBE3FC12ED510A1E6AC4B4CDF1A24DB808AAB3DC5E747B8CD461AE8651B8B0B4144B3047418C0F7AFD1357465197CE7E6DC477204D8A753567F55F62A04235FC5617B7EF5017B3B97E27E999CFCA965A514D6CA4AD8E52BA10ACD380FD909858E72A32E5C2E833E48084B6D93C1586D17C8BA4D2661B83C59093A2843B29D8137C5DAA2187481A86ADDE6B619971C6A9605F294E69E3B56AA12F65638D624A75E207600DAD88174B0F63CCAC261671D054427CD2370EC1FC83381662444C3A326BAEC7E9D96F3EFCBD5DC1BE6B61619487BA03DB2ECAD0FE8E77D0F01AC0871B5BF5B6B1B1B2D3FF5F67DA7A3636346C78FCB37B4DA46F24326311B0DF4DFE4B75081A55189665869C3770457E6F2DF6F59BCA608375FEA97D308EACA379F215A7F43220538BA856620C65BA8F3497532A8A88AD3B387EDA54C90F000427EA1D057A7683B32ABE630DF8D6A7C734E6B023EE8730133B24234DCFE35B695963352D15B1741B59D6D8D4B9003818051FA5AD1FB0ABB4FB5858D4A28D23D676879975F2E5BA436D862CC213788A669832C368A83867454CB297DCC87F727A058676064147CB95709DD3A110FF6A0B2F9E1958A453863C113F0560CBD6A4760AB49F039245096F6BFD0AC41CA596714ADCF7EDFAC01FDCE8DF66FAA0B7EBAF68FBB8D299B4318A2EF7CF949BC52B7F87C7BF992C4D7846022A69F38D821DEE9913181755957DA1B73F87D37DF969081A7C2131CC0C576161BC147BDAF5055F327ED1C50629F44D886AF978C4F6EB50054D45BEA77EA19BEA65C453640A10501A60DAEE25D45FA8547DFAC3C4DB9327C8DB5E6E062F7F55F58DF02915D3A18334A7D914A97836901BD9C2331BE67CE323EBBCFD39E335A312508E530FB57FBDF347E1F93FE2B3F5CCF4D67C72CFD1E113915B00EEEF7569F67675DEAB94562916626B445299FEFDDCA2CE752C096F1BC34BFABCD3933C04BDEE05C8C546AC205C76036D7CD5B3202DEC71A9350DD650CC610E5448669310AACAE57D42EBCD62CA4E8893447E78074A002F4464E15520CF0AD0618852E06E258DBC775CE479C2CAB531A3D18679A1A08137316D313D87A131439E3082D5F92CA4B2C95602A565E7083D646E18D0509F18515251F3FDE4B7094B23304A4230BD3308550B2970A506B33AF17ED23848B9E38DE880E978B27B551230C13667AEEA515593639560244F5721FEBA784269F335CD749A7ADCAE7EE42C6E0F2D9529756D4324809444DAED0A01DF39E2039F7367B0BE214264D1F0D"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1324)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2236)
c:\program files\Common Files\OnlineFilesManager.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\program files\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-28 10:07:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-28 09:07
.
Pre-Run: 33.432.420.352 bytes beschikbaar
Post-Run: 33.893.781.504 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - F11833756229CF06B959DF64F71A3CB7

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 28 January 2012 - 12:51 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 02:52 AM

Here is the log:


08:50:42.0343 2864 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
08:50:42.0718 2864 ============================================================
08:50:42.0718 2864 Current date / time: 2012/01/29 08:50:42.0718
08:50:42.0718 2864 SystemInfo:
08:50:42.0718 2864
08:50:42.0718 2864 OS Version: 5.1.2600 ServicePack: 3.0
08:50:42.0718 2864 Product type: Workstation
08:50:42.0718 2864 ComputerName: VICKY-LAPTOP
08:50:42.0718 2864 UserName: Hans Vanderbeke
08:50:42.0718 2864 Windows directory: C:\WINDOWS
08:50:42.0718 2864 System windows directory: C:\WINDOWS
08:50:42.0718 2864 Processor architecture: Intel x86
08:50:42.0718 2864 Number of processors: 2
08:50:42.0718 2864 Page size: 0x1000
08:50:42.0718 2864 Boot type: Normal boot
08:50:42.0718 2864 ============================================================
08:50:45.0828 2864 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:50:45.0921 2864 Initialize success
08:51:10.0953 2744 ============================================================
08:51:10.0953 2744 Scan started
08:51:10.0953 2744 Mode: Manual;
08:51:10.0953 2744 ============================================================
08:51:11.0593 2744 Abiosdsk - ok
08:51:11.0609 2744 abp480n5 - ok
08:51:11.0656 2744 Achernar (f8e916dd0de892a3bd9f6cc686100960) C:\WINDOWS\system32\Drivers\Achernar.sys
08:51:11.0656 2744 Achernar - ok
08:51:11.0703 2744 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:51:11.0703 2744 ACPI - ok
08:51:11.0718 2744 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:51:11.0718 2744 ACPIEC - ok
08:51:11.0750 2744 adpu160m - ok
08:51:11.0796 2744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:51:11.0796 2744 aec - ok
08:51:11.0890 2744 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:51:11.0890 2744 AegisP - ok
08:51:11.0953 2744 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:51:11.0968 2744 AFD - ok
08:51:12.0062 2744 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:51:12.0078 2744 AgereSoftModem - ok
08:51:12.0125 2744 Aha154x - ok
08:51:12.0140 2744 aic78u2 - ok
08:51:12.0156 2744 aic78xx - ok
08:51:12.0187 2744 AliIde - ok
08:51:12.0203 2744 amsint - ok
08:51:12.0250 2744 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
08:51:12.0265 2744 ANC - ok
08:51:12.0328 2744 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:51:12.0328 2744 Arp1394 - ok
08:51:12.0390 2744 asc - ok
08:51:12.0406 2744 asc3350p - ok
08:51:12.0421 2744 asc3550 - ok
08:51:12.0453 2744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:51:12.0453 2744 AsyncMac - ok
08:51:12.0515 2744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:51:12.0515 2744 atapi - ok
08:51:12.0531 2744 Atdisk - ok
08:51:12.0578 2744 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:51:12.0578 2744 atksgt - ok
08:51:12.0671 2744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:51:12.0671 2744 Atmarpc - ok
08:51:12.0734 2744 ATSWPDRV (0662037e057e8abf6f25f862eb119a0a) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
08:51:12.0734 2744 ATSWPDRV - ok
08:51:12.0796 2744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:51:12.0796 2744 audstub - ok
08:51:12.0859 2744 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
08:51:12.0859 2744 AVGIDSDriver - ok
08:51:12.0953 2744 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
08:51:12.0953 2744 AVGIDSEH - ok
08:51:13.0000 2744 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
08:51:13.0000 2744 AVGIDSFilter - ok
08:51:13.0078 2744 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
08:51:13.0078 2744 AVGIDSShim - ok
08:51:13.0109 2744 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:51:13.0109 2744 Avgldx86 - ok
08:51:13.0156 2744 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:51:13.0156 2744 Avgmfx86 - ok
08:51:13.0171 2744 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:51:13.0171 2744 Avgrkx86 - ok
08:51:13.0203 2744 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:51:13.0218 2744 Avgtdix - ok
08:51:13.0312 2744 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:51:13.0328 2744 b57w2k - ok
08:51:13.0375 2744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:51:13.0375 2744 Beep - ok
08:51:13.0437 2744 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
08:51:13.0468 2744 btaudio - ok
08:51:13.0500 2744 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
08:51:13.0500 2744 BTDriver - ok
08:51:13.0609 2744 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:51:13.0625 2744 BTKRNL - ok
08:51:13.0718 2744 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
08:51:13.0734 2744 BTWDNDIS - ok
08:51:13.0781 2744 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
08:51:13.0781 2744 BTWUSB - ok
08:51:13.0781 2744 catchme - ok
08:51:13.0843 2744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:51:13.0843 2744 cbidf2k - ok
08:51:13.0875 2744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:51:13.0875 2744 CCDECODE - ok
08:51:13.0890 2744 cd20xrnt - ok
08:51:13.0937 2744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:51:13.0937 2744 Cdaudio - ok
08:51:13.0984 2744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:51:13.0984 2744 Cdfs - ok
08:51:14.0078 2744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:51:14.0078 2744 Cdrom - ok
08:51:14.0093 2744 Changer - ok
08:51:14.0156 2744 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:51:14.0156 2744 CmBatt - ok
08:51:14.0171 2744 CmdIde - ok
08:51:14.0187 2744 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:51:14.0187 2744 Compbatt - ok
08:51:14.0203 2744 Cpqarray - ok
08:51:14.0281 2744 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
08:51:14.0281 2744 cpudrv - ok
08:51:14.0296 2744 dac2w2k - ok
08:51:14.0312 2744 dac960nt - ok
08:51:14.0359 2744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:51:14.0375 2744 Disk - ok
08:51:14.0484 2744 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
08:51:14.0500 2744 dmboot - ok
08:51:14.0531 2744 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
08:51:14.0546 2744 dmio - ok
08:51:14.0546 2744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:51:14.0562 2744 dmload - ok
08:51:14.0593 2744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:51:14.0593 2744 DMusic - ok
08:51:14.0656 2744 dpti2o - ok
08:51:14.0703 2744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:51:14.0703 2744 drmkaud - ok
08:51:14.0765 2744 emAudio (0613c7cf05dfe81ac70f4a925823c28e) C:\WINDOWS\system32\drivers\emAudio.sys
08:51:14.0781 2744 emAudio - ok
08:51:14.0828 2744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:51:14.0843 2744 Fastfat - ok
08:51:14.0875 2744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:51:14.0875 2744 Fdc - ok
08:51:14.0953 2744 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
08:51:14.0968 2744 Fips - ok
08:51:15.0015 2744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:51:15.0015 2744 Flpydisk - ok
08:51:15.0093 2744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:51:15.0093 2744 FltMgr - ok
08:51:15.0109 2744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:51:15.0109 2744 Fs_Rec - ok
08:51:15.0125 2744 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:51:15.0140 2744 Ftdisk - ok
08:51:15.0171 2744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:51:15.0171 2744 GEARAspiWDM - ok
08:51:15.0265 2744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:51:15.0265 2744 Gpc - ok
08:51:15.0312 2744 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:51:15.0312 2744 HDAudBus - ok
08:51:15.0343 2744 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:51:15.0343 2744 hidusb - ok
08:51:15.0359 2744 hpn - ok
08:51:15.0406 2744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:51:15.0421 2744 HTTP - ok
08:51:15.0468 2744 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
08:51:15.0468 2744 hwdatacard - ok
08:51:15.0562 2744 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS
08:51:15.0562 2744 HWiNFO32 - ok
08:51:15.0625 2744 i2omgmt - ok
08:51:15.0656 2744 i2omp - ok
08:51:15.0703 2744 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:51:15.0703 2744 i8042prt - ok
08:51:15.0796 2744 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:51:15.0843 2744 ialm - ok
08:51:15.0937 2744 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
08:51:15.0953 2744 IBMTPCHK - ok
08:51:16.0031 2744 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
08:51:16.0031 2744 imagedrv - ok
08:51:16.0046 2744 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
08:51:16.0046 2744 imagesrv - ok
08:51:16.0093 2744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:51:16.0093 2744 Imapi - ok
08:51:16.0109 2744 ini910u - ok
08:51:16.0312 2744 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:51:16.0453 2744 IntcAzAudAddService - ok
08:51:16.0515 2744 IntelIde - ok
08:51:16.0562 2744 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:51:16.0562 2744 intelppm - ok
08:51:16.0593 2744 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:51:16.0593 2744 Ip6Fw - ok
08:51:16.0640 2744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:51:16.0640 2744 IpFilterDriver - ok
08:51:16.0671 2744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:51:16.0671 2744 IpInIp - ok
08:51:16.0718 2744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:51:16.0718 2744 IpNat - ok
08:51:16.0828 2744 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:51:16.0828 2744 IPSec - ok
08:51:16.0875 2744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:51:16.0875 2744 IRENUM - ok
08:51:16.0921 2744 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:51:16.0921 2744 isapnp - ok
08:51:16.0953 2744 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:51:16.0953 2744 Kbdclass - ok
08:51:17.0000 2744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:51:17.0015 2744 kmixer - ok
08:51:17.0046 2744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:51:17.0046 2744 KSecDD - ok
08:51:17.0109 2744 lbrtfdc - ok
08:51:17.0171 2744 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:51:17.0171 2744 lirsgt - ok
08:51:17.0218 2744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:51:17.0218 2744 mnmdd - ok
08:51:17.0281 2744 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
08:51:17.0281 2744 Modem - ok
08:51:17.0312 2744 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:51:17.0312 2744 Mouclass - ok
08:51:17.0359 2744 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:51:17.0359 2744 mouhid - ok
08:51:17.0421 2744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:51:17.0437 2744 MountMgr - ok
08:51:17.0484 2744 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:51:17.0484 2744 MPE - ok
08:51:17.0500 2744 mraid35x - ok
08:51:17.0515 2744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:51:17.0515 2744 MRxDAV - ok
08:51:17.0578 2744 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:51:17.0578 2744 MRxSmb - ok
08:51:17.0640 2744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:51:17.0640 2744 Msfs - ok
08:51:17.0687 2744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:51:17.0687 2744 MSKSSRV - ok
08:51:17.0703 2744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:51:17.0703 2744 MSPCLOCK - ok
08:51:17.0734 2744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:51:17.0734 2744 MSPQM - ok
08:51:17.0781 2744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:51:17.0781 2744 mssmbios - ok
08:51:17.0812 2744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:51:17.0812 2744 MSTEE - ok
08:51:17.0875 2744 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:51:17.0875 2744 Mup - ok
08:51:17.0953 2744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:51:17.0953 2744 NABTSFEC - ok
08:51:18.0000 2744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:51:18.0015 2744 NDIS - ok
08:51:18.0015 2744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:51:18.0031 2744 NdisIP - ok
08:51:18.0062 2744 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:51:18.0062 2744 NdisTapi - ok
08:51:18.0109 2744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:51:18.0109 2744 Ndisuio - ok
08:51:18.0187 2744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:18.0187 2744 NdisWan - ok
08:51:18.0265 2744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:51:18.0281 2744 NDProxy - ok
08:51:18.0328 2744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:51:18.0328 2744 NetBIOS - ok
08:51:18.0390 2744 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:51:18.0390 2744 NetBT - ok
08:51:18.0515 2744 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
08:51:18.0546 2744 NETw3x32 - ok
08:51:18.0640 2744 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:51:18.0640 2744 NIC1394 - ok
08:51:18.0656 2744 NLNdisMP - ok
08:51:18.0671 2744 NLNdisPT - ok
08:51:18.0703 2744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:51:18.0703 2744 Npfs - ok
08:51:18.0734 2744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:51:18.0734 2744 Ntfs - ok
08:51:18.0796 2744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:51:18.0796 2744 Null - ok
08:51:18.0843 2744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:51:18.0843 2744 NwlnkFlt - ok
08:51:18.0906 2744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:51:18.0906 2744 NwlnkFwd - ok
08:51:19.0031 2744 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:51:19.0031 2744 ohci1394 - ok
08:51:19.0062 2744 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
08:51:19.0062 2744 Parport - ok
08:51:19.0093 2744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:51:19.0093 2744 PartMgr - ok
08:51:19.0125 2744 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
08:51:19.0125 2744 ParVdm - ok
08:51:19.0140 2744 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
08:51:19.0140 2744 PCI - ok
08:51:19.0156 2744 PCIDump - ok
08:51:19.0171 2744 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:51:19.0171 2744 PCIIde - ok
08:51:19.0203 2744 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:51:19.0203 2744 Pcmcia - ok
08:51:19.0281 2744 PDCOMP - ok
08:51:19.0328 2744 PDFRAME - ok
08:51:19.0343 2744 PDRELI - ok
08:51:19.0359 2744 PDRFRAME - ok
08:51:19.0375 2744 perc2 - ok
08:51:19.0390 2744 perc2hib - ok
08:51:19.0453 2744 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
08:51:19.0453 2744 PMHler - ok
08:51:19.0515 2744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:51:19.0515 2744 PptpMiniport - ok
08:51:19.0546 2744 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
08:51:19.0546 2744 PQNTDrv - ok
08:51:19.0562 2744 PROCEXP151 - ok
08:51:19.0578 2744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:51:19.0593 2744 PSched - ok
08:51:19.0625 2744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:51:19.0625 2744 Ptilink - ok
08:51:19.0687 2744 ql1080 - ok
08:51:19.0734 2744 Ql10wnt - ok
08:51:19.0750 2744 ql12160 - ok
08:51:19.0765 2744 ql1240 - ok
08:51:19.0781 2744 ql1280 - ok
08:51:19.0812 2744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:51:19.0828 2744 RasAcd - ok
08:51:19.0875 2744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:51:19.0875 2744 Rasl2tp - ok
08:51:19.0906 2744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:51:19.0906 2744 RasPppoe - ok
08:51:19.0921 2744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:51:19.0921 2744 Raspti - ok
08:51:19.0968 2744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:51:19.0968 2744 Rdbss - ok
08:51:20.0046 2744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:51:20.0046 2744 RDPCDD - ok
08:51:20.0109 2744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:51:20.0125 2744 rdpdr - ok
08:51:20.0171 2744 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:51:20.0171 2744 RDPWD - ok
08:51:20.0218 2744 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:51:20.0218 2744 redbook - ok
08:51:20.0328 2744 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
08:51:20.0343 2744 rimmptsk - ok
08:51:20.0390 2744 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
08:51:20.0390 2744 rimsptsk - ok
08:51:20.0406 2744 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
08:51:20.0406 2744 rismxdp - ok
08:51:20.0484 2744 s24trans (decee0d67d032b57c1f5ef649a67a967) C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:51:20.0484 2744 s24trans - ok
08:51:20.0546 2744 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:51:20.0546 2744 sdbus - ok
08:51:20.0625 2744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:51:20.0625 2744 Secdrv - ok
08:51:20.0718 2744 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
08:51:20.0718 2744 Serial - ok
08:51:20.0750 2744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:51:20.0750 2744 Sfloppy - ok
08:51:20.0765 2744 Simbad - ok
08:51:20.0812 2744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:51:20.0828 2744 SLIP - ok
08:51:20.0906 2744 Sparrow - ok
08:51:20.0984 2744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:51:20.0984 2744 splitter - ok
08:51:21.0062 2744 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
08:51:21.0062 2744 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:51:21.0062 2744 sptd ( LockedFile.Multi.Generic ) - warning
08:51:21.0062 2744 sptd - detected LockedFile.Multi.Generic (1)
08:51:21.0125 2744 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
08:51:21.0140 2744 sr - ok
08:51:21.0187 2744 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:51:21.0203 2744 Srv - ok
08:51:21.0234 2744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:51:21.0234 2744 streamip - ok
08:51:21.0281 2744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:51:21.0281 2744 swenum - ok
08:51:21.0328 2744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:51:21.0328 2744 swmidi - ok
08:51:21.0359 2744 symc810 - ok
08:51:21.0359 2744 symc8xx - ok
08:51:21.0375 2744 sym_hi - ok
08:51:21.0390 2744 sym_u3 - ok
08:51:21.0453 2744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:51:21.0453 2744 sysaudio - ok
08:51:21.0546 2744 tbhsd (10a926ef723a816d3db771608f184e3b) C:\WINDOWS\system32\drivers\tbhsd.sys
08:51:21.0562 2744 tbhsd - ok
08:51:21.0640 2744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:51:21.0656 2744 Tcpip - ok
08:51:21.0734 2744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:51:21.0734 2744 TDPIPE - ok
08:51:21.0781 2744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:51:21.0781 2744 TDTCP - ok
08:51:21.0828 2744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:51:21.0828 2744 TermDD - ok
08:51:21.0859 2744 TosIde - ok
08:51:21.0906 2744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:51:21.0906 2744 Udfs - ok
08:51:21.0921 2744 ultra - ok
08:51:21.0984 2744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:51:22.0000 2744 Update - ok
08:51:22.0171 2744 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
08:51:22.0187 2744 USB28xxBGA - ok
08:51:22.0265 2744 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
08:51:22.0265 2744 USB28xxOEM - ok
08:51:22.0328 2744 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:51:22.0328 2744 USBAAPL - ok
08:51:22.0375 2744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:51:22.0375 2744 usbccgp - ok
08:51:22.0406 2744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:51:22.0406 2744 usbehci - ok
08:51:22.0437 2744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:51:22.0437 2744 usbhub - ok
08:51:22.0468 2744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:51:22.0484 2744 usbprint - ok
08:51:22.0578 2744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:51:22.0578 2744 usbscan - ok
08:51:22.0656 2744 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:51:22.0671 2744 USBSTOR - ok
08:51:22.0703 2744 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:51:22.0703 2744 usbuhci - ok
08:51:22.0765 2744 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:51:22.0765 2744 usbvideo - ok
08:51:22.0828 2744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:51:22.0828 2744 VgaSave - ok
08:51:22.0890 2744 ViaIde - ok
08:51:22.0953 2744 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
08:51:22.0953 2744 VolSnap - ok
08:51:23.0000 2744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:51:23.0015 2744 Wanarp - ok
08:51:23.0015 2744 WDICA - ok
08:51:23.0078 2744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:51:23.0078 2744 wdmaud - ok
08:51:23.0140 2744 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:51:23.0140 2744 WmiAcpi - ok
08:51:23.0187 2744 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:51:23.0187 2744 WpdUsb - ok
08:51:23.0281 2744 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:51:23.0281 2744 WS2IFSL - ok
08:51:23.0359 2744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:51:23.0359 2744 WSTCODEC - ok
08:51:23.0406 2744 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:51:23.0406 2744 WudfPf - ok
08:51:23.0437 2744 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:51:23.0437 2744 WudfRd - ok
08:51:23.0500 2744 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
08:51:23.0671 2744 \Device\Harddisk0\DR0 - ok
08:51:23.0671 2744 Boot (0x1200) (7178dface8dc4209e7cc385bdde0d895) \Device\Harddisk0\DR0\Partition0
08:51:23.0671 2744 \Device\Harddisk0\DR0\Partition0 - ok
08:51:23.0703 2744 Boot (0x1200) (fa8e96c4628ec077c09e261ce515327d) \Device\Harddisk0\DR0\Partition1
08:51:23.0703 2744 \Device\Harddisk0\DR0\Partition1 - ok
08:51:23.0703 2744 ============================================================
08:51:23.0703 2744 Scan finished
08:51:23.0703 2744 ============================================================
08:51:23.0734 4208 Detected object count: 1
08:51:23.0734 4208 Actual detected object count: 1
08:51:48.0828 4208 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:51:48.0828 4208 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 29 January 2012 - 03:35 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 06:42 AM

Here is teh log file:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 11:27:24
-----------------------------
11:27:24.578 OS Version: Windows 5.1.2600 Service Pack 3
11:27:24.578 Number of processors: 2 586 0xF0D
11:27:24.578 ComputerName: VICKY-LAPTOP UserName:
11:27:26.156 Initialize success
11:38:39.062 AVAST engine defs: 12012900
11:46:11.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:46:11.406 Disk 0 Vendor: HITACHI_HTS541616J9SA00 SB4IC7UP Size: 152627MB BusType: 3
11:46:11.437 Disk 0 MBR read successfully
11:46:11.437 Disk 0 MBR scan
11:46:11.484 Disk 0 Windows XP default MBR code
11:46:11.515 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6603 MB offset 2048
11:46:11.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 51200 MB offset 13525032
11:46:11.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 94821 MB offset 118382992
11:46:11.562 Disk 0 scanning sectors +312576705
11:46:11.640 Disk 0 scanning C:\WINDOWS\system32\drivers
11:46:27.062 Service scanning
11:46:27.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:46:28.203 Modules scanning
11:46:37.406 Disk 0 trace - called modules:
11:46:37.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwh.sys >>UNKNOWN [0x89bb1938]<<
11:46:37.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ab3ab8]
11:46:37.453 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\00000084[0x89ab79e8]
11:46:37.453 5 ACPI.sys[f7483620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89b26d98]
11:46:38.015 AVAST engine scan C:\WINDOWS
11:46:54.406 AVAST engine scan C:\WINDOWS\system32
11:47:34.796 File: C:\WINDOWS\system32\getuname32.dll **INFECTED** Win32:Proxydoor [Drp]
11:50:00.281 AVAST engine scan C:\WINDOWS\system32\drivers
11:50:21.609 AVAST engine scan C:\Documents and Settings\Hans Vanderbeke
11:53:49.109 AVAST engine scan C:\Documents and Settings\All Users
11:55:53.843 Scan finished successfully
12:41:54.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\MBR.dat"
12:41:54.562 The log file has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 29 January 2012 - 12:30 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 01:26 PM

After running fixTDSS I got message:

Backdoor.Tidserv has not been found on your computer

And here is the new log from aswMBR:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 19:11:49
-----------------------------
19:11:49.078 OS Version: Windows 5.1.2600 Service Pack 3
19:11:49.078 Number of processors: 2 586 0xF0D
19:11:49.078 ComputerName: VICKY-LAPTOP UserName:
19:11:49.828 Initialize success
19:12:00.203 AVAST engine defs: 12012900
19:12:03.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
19:12:03.406 Disk 0 Vendor: HITACHI_HTS541616J9SA00 SB4IC7UP Size: 152627MB BusType: 3
19:12:03.421 Disk 0 MBR read successfully
19:12:03.421 Disk 0 MBR scan
19:12:03.468 Disk 0 Windows XP default MBR code
19:12:03.484 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6603 MB offset 2048
19:12:03.500 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 51200 MB offset 13525032
19:12:03.531 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 94821 MB offset 118382992
19:12:03.531 Disk 0 scanning sectors +312576705
19:12:03.656 Disk 0 scanning C:\WINDOWS\system32\drivers
19:12:19.171 Service scanning
19:12:19.750 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
19:12:20.312 Modules scanning
19:12:28.531 Disk 0 trace - called modules:
19:12:28.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyt.sys >>UNKNOWN [0x89bb1938]<<
19:12:28.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b44ab8]
19:12:28.578 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\00000085[0x89b52230]
19:12:28.578 5 ACPI.sys[f7483620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89ab1d98]
19:12:29.062 AVAST engine scan C:\WINDOWS
19:12:44.593 AVAST engine scan C:\WINDOWS\system32
19:13:23.187 File: C:\WINDOWS\system32\getuname32.dll **INFECTED** Win32:Proxydoor [Drp]
19:15:36.562 AVAST engine scan C:\WINDOWS\system32\drivers
19:15:56.843 AVAST engine scan C:\Documents and Settings\Hans Vanderbeke
19:19:03.046 AVAST engine scan C:\Documents and Settings\All Users
19:20:56.718 Scan finished successfully
19:22:03.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\MBR.dat"
19:22:03.015 The log file has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\aswMBR.txt"
19:22:14.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\MBR.dat"
19:22:14.140 The log file has been saved successfully to "C:\Documents and Settings\Hans Vanderbeke\Bureaublad\aswMBR2.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 29 January 2012 - 02:04 PM

Hello

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
getuname32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo

Edited by gringo_pr, 29 January 2012 - 02:08 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 02:09 PM

Here you are, the CombFix.txt you asked for. Noticed you updated your previous message, so will now try to run Defrogger


ComboFix 12-01-28.01 - Hans Vanderbeke 28/01/2012 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1448 [GMT 1:00]
Gestart vanuit: d:\documents and settings\Hans Vanderbeke\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Hans Vanderbeke\Application Data\PriceGong\Data\z.txt
c:\windows\system32\133652c8.dll
c:\windows\system32\17401371841.dll
c:\windows\system32\57ab4c43.dll
c:\windows\system32\5f63fbb4.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\70dbff2ab898a7c6.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b11021e52c44bb03.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5b98de26101002c.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\SET44.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET50.tmp
.
Besmet exemplaar van c:\windows\system32\autochk.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\autochk.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-28 to 2012-01-28 ))))))))))))))))))))))))))))))
.
.
2012-01-28 09:02 . 2012-01-28 09:02 24985 ----a-w- c:\windows\system32\923896841.dll
2012-01-25 19:28 . 2012-01-25 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-25 19:27 . 2012-01-25 19:31 -------- d-----w- c:\program files\NCH Software
2012-01-25 19:27 . 2012-01-25 19:27 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\NCH Software
2012-01-14 17:37 . 2012-01-14 17:37 -------- d-----w- c:\program files\iPod
2012-01-14 17:37 . 2012-01-14 17:38 -------- d-----w- c:\program files\iTunes
2012-01-11 20:29 . 2012-01-11 20:29 -------- d-----w- c:\documents and settings\Vicky Decock\Mijn documenten
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\Juniper Networks
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 23:49 . 2011-12-29 23:49 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Application Data\dvdcss
2011-12-29 22:01 . 2001-11-12 09:44 122880 ----a-w- c:\windows\system32\Nsvideo.dll
2011-12-29 21:55 . 2007-02-05 10:15 18432 ----a-w- c:\windows\system32\drivers\Achernar.sys
2011-12-29 21:54 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-29 20:57 . 2012-01-02 19:26 -------- d-----w- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\NewSoft
2011-12-29 19:43 . 2011-12-29 19:43 -------- d-----w- c:\program files\PowerQuest
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 00:27 . 2011-11-16 20:40 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-01-20 20:29 . 2011-11-16 20:40 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll.old
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-11-25 21:57 . 2004-08-03 23:03 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-03 22:56 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 08:09 . 2011-06-29 05:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2004-08-03 23:03 60928 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-03 23:03 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-03 23:03 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2004-08-03 23:03 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-03 23:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-03 23:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:25 . 2004-08-03 22:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-03 23:03 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-03 23:03 1296384 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-03 23:03 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-12-21 08:02 . 2011-12-27 05:29 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 16:41 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2012-01-23 00:27 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-07-15 06:13 159744 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 19:48 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 09:46 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-30 17:54 16116224 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\KetnetKick2\\Main.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Documents and Settings\\Vicky Decock\\Downloads\\MusicConverterSetup.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Hans Vanderbeke\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8320:TCP"= 8320:TCP:messenger
"44665:UDP"= 44665:UDP:Emule
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [29/12/2011 22:55 18432]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/12/2009 14:23 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 3:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/11/2010 22:20 295248]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [31/03/2011 21:33 20088]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 11:48 10240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 5:09 192776]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [15/07/2008 7:13 106496]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [31/12/2009 12:43 54560]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [16/01/2012 17:41 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 4433248]
S2 getuname32;Unicode name Dll for UCE;c:\windows\system32\rundll32.exe getuname32.dll,axuz --> c:\windows\system32\rundll32.exe getuname32.dll,axuz [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 17:04 135664]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 17:04 135664]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4/11/2008 11:39 14336]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:04]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:04]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1220945662-682003330-1004Core.job
- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-29 18:19]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1220945662-682003330-1004UA.job
- c:\documents and settings\Hans Vanderbeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-29 18:19]
.
2012-01-25 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-25 19:27]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy.skynet.be:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\documents and settings\Hans Vanderbeke\Application Data\Mozilla\Firefox\Profiles\fsvwhfk3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8a61864c-36a8-4e41-bb43-f67f4236df78%7D&mid=5914444a189320c7c09eed0da8802113-ab8d4079a8cc9e00f2dcf390528314f9efadb729&ds=AVG&v=9.0.0.22&lang=nl&pr=fr&d=2011-10-12%2019%3A42%3A15&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 10:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1220945662-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BF836A6E90DA70685E972D3750FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B55546B857FC1FFDCCBAC5C1742F632F0A27D6BD47DDECBE3FC12ED510A1E6AC4B4CDF1A24DB808AAB3DC5E747B8CD461AE8651B8B0B4144B3047418C0F7AFD1357465197CE7E6DC477204D8A753567F55F62A04235FC5617B7EF5017B3B97E27E999CFCA965A514D6CA4AD8E52BA10ACD380FD909858E72A32E5C2E833E48084B6D93C1586D17C8BA4D2661B83C59093A2843B29D8137C5DAA2187481A86ADDE6B619971C6A9605F294E69E3B56AA12F65638D624A75E207600DAD88174B0F63CCAC261671D054427CD2370EC1FC83381662444C3A326BAEC7E9D96F3EFCBD5DC1BE6B61619487BA03DB2ECAD0FE8E77D0F01AC0871B5BF5B6B1B1B2D3FF5F67DA7A3636346C78FCB37B4DA46F24326311B0DF4DFE4B75081A55189665869C3770457E6F2DF6F59BCA608375FEA97D308EACA379F215A7F43220538BA856620C65BA8F3497532A8A88AD3B387EDA54C90F000427EA1D057A7683B32ABE630DF8D6A7C734E6B023EE8730133B24234DCFE35B695963352D15B1741B59D6D8D4B9003818051FA5AD1FB0ABB4FB5858D4A28D23D676879975F2E5BA436D862CC213788A669832C368A83867454CB297DCC87F727A058676064147CB95709DD3A110FF6A0B2F9E1958A453863C113F0560CBD6A4760AB49F039245096F6BFD0AC41CA596714ADCF7EDFAC01FDCE8DF66FAA0B7EBAF68FBB8D299B4318A2EF7CF949BC52B7F87C7BF992C4D7846022A69F38D821DEE9913181755957DA1B73F87D37DF969081A7C2131CC0C576161BC147BDAF5055F327ED1C50629F44D886AF978C4F6EB50054D45BEA77EA19BEA65C453640A10501A60DAEE25D45FA8547DFAC3C4DB9327C8DB5E6E062F7F55F58DF02915D3A18334A7D914A97836901BD9C2331BE67CE323EBBCFD39E335A312508E530FB57FBDF347E1F93FE2B3F5CCF4D67C72CFD1E113915B00EEEF7569F67675DEAB94562916626B445299FEFDDCA2CE752C096F1BC34BFABCD3933C04BDEE05C8C546AC205C76036D7CD5B3202DEC71A9350DD650CC610E5448669310AACAE57D42EBCD62CA4E8893447E78074A002F4464E15520CF0AD0618852E06E258DBC775CE479C2CAB531A3D18679A1A08137316D313D87A131439E3082D5F92CA4B2C95602A565E7083D646E18D0509F18515251F3FDE4B7094B23304A4230BD3308550B2970A506B33AF17ED23848B9E38DE880E978B27B551230C13667AEEA515593639560244F5721FEBA784269F335CD749A7ADCAE7EE42C6E0F2D9529756D4324809444DAED0A01DF39E2039F7367B0BE214264D1F0D"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1324)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2236)
c:\program files\Common Files\OnlineFilesManager.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\program files\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-28 10:07:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-28 09:07
.
Pre-Run: 33.432.420.352 bytes beschikbaar
Post-Run: 33.893.781.504 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - F11833756229CF06B959DF64F71A3CB7

Edited by hvdb, 29 January 2012 - 02:11 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 29 January 2012 - 02:20 PM

Hello

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
getuname32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 02:21 PM

And here is the log created by systemLook utility:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:17 on 29/01/2012 by Hans Vanderbeke
Administrator - Elevation successful

========== filefind ==========

Searching for "getuname32.dll"
C:\WINDOWS\system32\getuname32.dll --a---- 12288 bytes [22:05 06/04/2006] [22:05 06/04/2006] 670449EDC757988BB4782ECFA7D17CEB

-= EOF =-

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 PM

Posted 29 January 2012 - 02:43 PM

do you have access to another windows XP computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hvdb

hvdb
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 January 2012 - 02:46 PM

Yes I do, you want me to copy the getuname32.dll from another xp computer?

Hvdb




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users