Pall
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Pall
-
Im kinda hoping your taking a break for the weekend caus its either that or you ditched me and my unsolveable problem
-
a14t66j7U still keeps coming on task manager The .exe file has not returned to System32 though. And two others files appeared which are called: 2VeQniks.exe 2VeQniks.exe.b They are both located in C:\ProgramData The first one is flooding my task manager too now.
-
(sorry meant to edit my last post but I couldnt) a14t66j7U isnt completely gone from System32 yet. The one with .exe is gone right now but .com.b and .com_ are still there. Ill keep an eye on it for the next few hours to see if .exe returns and to see if they still flood task manager.
-
ComboFix 11-12-13.03 - femke 15-12-2011 14:34:53.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1919.1424 [GMT 1:00] Gestart vanuit: c:\users\femke\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\femke\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . file zipped: c:\windows\system32\a14t66j7U.com file zipped: c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\a14t66j7U.com c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))) . . 2011-12-15 13:42 . 2011-12-15 13:44 -------- d-----w- c:\users\femke\AppData\Local\temp 2011-12-15 13:42 . 2011-12-15 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-14 22:47 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-12-10 12:54 . 2011-12-10 12:54 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\programdata\IObit 2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\program files\IObit 2011-12-10 04:51 . 2011-12-10 04:51 -------- d-----w- c:\users\femke\AppData\Local\PackageAware 2011-12-07 13:17 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-12-07 13:17 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-12-07 13:17 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-12-07 13:17 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-12-07 13:17 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\users\femke\AppData\Roaming\Malwarebytes 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\programdata\Malwarebytes 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-05 21:24 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 21:01 . 2011-12-10 17:52 -------- d-----w- c:\programdata\Norton 2011-12-04 19:04 . 2011-12-04 20:45 22528 ----a-w- c:\windows\system32\wsock32.dll 2011-12-04 18:50 . 2011-12-04 20:36 116224 ----a-w- c:\windows\system32\a14t66j7U.com_ 2011-12-04 18:34 . 2011-12-04 18:34 -------- d-----w- c:\users\femke\AppData\Local\SanctionedMedia 2011-12-01 22:54 . 2011-12-05 21:32 -------- d-----w- c:\users\femke\AppData\Roaming\Viuks 2011-12-01 22:54 . 2011-12-05 21:21 -------- d-----w- c:\users\femke\AppData\Roaming\Ososgo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 05:53 . 2011-06-15 06:02 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-23 01:51 . 2011-10-23 01:51 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2011-02-13 232912] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RUN.CMD [2010-10-24 142] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] 2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 CFcatchme;CFcatchme;c:\users\femke\AppData\Local\Temp\CFcatchme.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 218688] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\femke\AppData\Roaming\Mozilla\Firefox\Profiles\t1hdrefw.default\ FF - prefs.js: browser.startup.homepage - www.google.nl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\ . [HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ea63857-c0b9-4247-8071-b7f22870224c}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000127 "Therad"=dword:00000021 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\ . [HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):e6,42,d5,90,10,23,b1,62,39,0f,88,32,21,9b,8d,8f,85,1d,51,c1,41, 02,fc,cf,97,8a,f8,0e,01,a4,70,54,dd,70,1c,2f,b6,a4,45,1d,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2011-12-15 14:49:29 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-15 13:49 ComboFix2.txt 2011-12-14 23:09 . Pre-Run: 22.944.911.360 bytes beschikbaar Post-Run: 22.832.017.408 bytes beschikbaar . - - End Of File - - BA9DAC3BCC2B4D49C655977685D2F8C5 Upload was successvol
-
In between the scan I got a pop-up saying something bout Rootkit.ZeroAccess and it automaticly restarted. And the log seems to be in Dutch. If that gives you any problems please let me know. Heres the log: ComboFix 11-12-13.03 - femke 14-12-2011 23:51:00.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1919.1359 [GMT 1:00] Gestart vanuit: c:\users\femke\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\2VeQniks.exe c:\programdata\windows c:\programdata\Windows\dumd.dat c:\programdata\Windows\xdor.dat c:\windows\$NtUninstallKB56154$\1516601663\@ c:\windows\$NtUninstallKB56154$\1516601663\bckfg.tmp c:\windows\$NtUninstallKB56154$\1516601663\cfg.ini c:\windows\$NtUninstallKB56154$\1516601663\Desktop.ini c:\windows\$NtUninstallKB56154$\1516601663\keywords c:\windows\$NtUninstallKB56154$\1516601663\kwrd.dll c:\windows\$NtUninstallKB56154$\1516601663\L\xadqgnnk c:\windows\$NtUninstallKB56154$\1516601663\U\00000001.@ c:\windows\$NtUninstallKB56154$\1516601663\U\00000002.@ c:\windows\$NtUninstallKB56154$\1516601663\U\00000004.@ c:\windows\$NtUninstallKB56154$\1516601663\U\80000000.@ c:\windows\$NtUninstallKB56154$\1516601663\U\80000004.@ c:\windows\$NtUninstallKB56154$\1516601663\U\80000032.@ c:\windows\$NtUninstallKB56154$\2536208358 c:\windows\$NtUninstallKB56154$ . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))) . . 2011-12-12 20:35 . 2011-12-04 20:36 116224 ----a-w- c:\windows\system32\a14t66j7U.com 2011-12-10 12:54 . 2011-12-10 12:54 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\programdata\IObit 2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\program files\IObit 2011-12-10 04:51 . 2011-12-10 04:51 -------- d-----w- c:\users\femke\AppData\Local\PackageAware 2011-12-07 13:17 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-12-07 13:17 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-12-07 13:17 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-12-07 13:17 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-12-07 13:17 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\users\femke\AppData\Roaming\Malwarebytes 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\programdata\Malwarebytes 2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-05 21:24 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 21:01 . 2011-12-10 17:52 -------- d-----w- c:\programdata\Norton 2011-12-04 19:04 . 2011-12-04 20:45 22528 ----a-w- c:\windows\system32\wsock32.dll 2011-12-04 18:34 . 2011-12-04 18:34 -------- d-----w- c:\users\femke\AppData\Local\SanctionedMedia 2011-12-01 22:54 . 2011-12-05 21:32 -------- d-----w- c:\users\femke\AppData\Roaming\Viuks 2011-12-01 22:54 . 2011-12-05 21:21 -------- d-----w- c:\users\femke\AppData\Roaming\Ososgo . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 05:53 . 2011-06-15 06:02 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-10-23 01:51 . 2011-10-23 01:51 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2011-02-13 232912] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RUN.CMD [2010-10-24 142] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fdewuqe] 2011-12-05 10:49 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] 2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 218688] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map . 2011-12-13 c:\windows\Tasks\At1.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At10.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-13 c:\windows\Tasks\At11.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At12.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-10 c:\windows\Tasks\At13.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-10 c:\windows\Tasks\At14.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At15.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At16.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At17.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At18.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At19.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At2.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At20.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At21.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At22.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At23.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At24.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At25.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At26.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-09 c:\windows\Tasks\At27.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-09 c:\windows\Tasks\At28.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-13 c:\windows\Tasks\At29.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At3.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At30.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-13 c:\windows\Tasks\At31.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At32.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-13 c:\windows\Tasks\At33.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-13 c:\windows\Tasks\At34.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At35.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At36.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At37.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At38.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At39.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At4.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At40.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At41.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At42.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At43.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At44.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At45.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At46.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At47.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At48.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At5.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At6.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-14 c:\windows\Tasks\At7.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\At8.job - c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36] . 2011-12-13 c:\windows\Tasks\At9.job - c:\windows\system32\a14t66j7U.com [2011-12-12 20:36] . 2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37] . 2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\femke\AppData\Roaming\Mozilla\Firefox\Profiles\t1hdrefw.default\ FF - prefs.js: browser.startup.homepage - www.google.nl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file) Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file) SafeBoot-44587636.sys AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc] "ImagePath"="\*" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\ . [HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ea63857-c0b9-4247-8071-b7f22870224c}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000127 "Therad"=dword:00000021 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\ . [HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):e6,42,d5,90,10,23,b1,62,39,0f,88,32,21,9b,8d,8f,85,1d,51,c1,41, 02,fc,cf,97,8a,f8,0e,01,a4,70,54,dd,70,1c,2f,b6,a4,45,1d,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Voltooingstijd: 2011-12-15 00:09:25 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-14 23:09 . Pre-Run: 23.577.083.904 bytes beschikbaar Post-Run: 23.327.694.848 bytes beschikbaar . - - End Of File - - E20070F706CA12104AFB3D475AFEF308
-
Thanks for helping me out Maniac. And Im sorry I didnt know I wasnt allowed to post in someone elses topic. Anyways I ran TDSSKiller succesfully it found 3 threats and removed none. Im having some issues with OTL though. It keeps freezing at Scanning Firefox Settings. Ive tried booting in Safe Mode and trying to run the scan but it still freezes. Im thinking about trying to remove Firefox but Ill wait for your reply before I do anything. Heres the TDSSKiller log: 14:40:45.0309 3472 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 14:40:45.0403 3472 ============================================================ 14:40:45.0403 3472 Current date / time: 2011/12/13 14:40:45.0403 14:40:45.0403 3472 SystemInfo: 14:40:45.0403 3472 14:40:45.0403 3472 OS Version: 6.1.7600 ServicePack: 0.0 14:40:45.0403 3472 Product type: Workstation 14:40:45.0403 3472 ComputerName: LAPTOP_FEMKE 14:40:45.0403 3472 UserName: femke 14:40:45.0403 3472 Windows directory: C:\Windows 14:40:45.0403 3472 System windows directory: C:\Windows 14:40:45.0403 3472 Processor architecture: Intel x86 14:40:45.0403 3472 Number of processors: 2 14:40:45.0403 3472 Page size: 0x1000 14:40:45.0403 3472 Boot type: Normal boot 14:40:45.0403 3472 ============================================================ 14:40:46.0635 3472 Initialize success 14:40:58.0008 1948 ============================================================ 14:40:58.0008 1948 Scan started 14:40:58.0008 1948 Mode: Manual; SigCheck; TDLFS; 14:40:58.0008 1948 ============================================================ 14:40:58.0866 1948 .dfsc - ok 14:40:59.0724 1948 1394ohci (cf59585cf72f2471940def24a730f647) C:\Windows\system32\DRIVERS\1394ohci.sys 14:40:59.0849 1948 1394ohci - ok 14:41:00.0582 1948 ACPI (4984c69b47aedebef33eb90572160d30) C:\Windows\system32\DRIVERS\ACPI.sys 14:41:00.0707 1948 ACPI - ok 14:41:01.0175 1948 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 14:41:01.0253 1948 AcpiPmi - ok 14:41:01.0721 1948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 14:41:01.0767 1948 adp94xx - ok 14:41:02.0064 1948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 14:41:02.0126 1948 adpahci - ok 14:41:02.0391 1948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 14:41:02.0423 1948 adpu320 - ok 14:41:02.0672 1948 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 14:41:02.0750 1948 AFD - ok 14:41:02.0813 1948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 14:41:02.0813 1948 agp440 - ok 14:41:02.0906 1948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 14:41:02.0937 1948 aic78xx - ok 14:41:03.0047 1948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 14:41:03.0078 1948 aliide - ok 14:41:03.0125 1948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 14:41:03.0140 1948 amdagp - ok 14:41:03.0281 1948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 14:41:03.0296 1948 amdide - ok 14:41:03.0577 1948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 14:41:03.0624 1948 AmdK8 - ok 14:41:03.0733 1948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 14:41:03.0764 1948 AmdPPM - ok 14:41:03.0842 1948 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 14:41:03.0858 1948 amdsata - ok 14:41:03.0936 1948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 14:41:04.0014 1948 amdsbs - ok 14:41:04.0232 1948 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 14:41:04.0248 1948 amdxata - ok 14:41:04.0373 1948 AppID (a1136e9bee592df0814dbd2fa5695973) C:\Windows\system32\drivers\appid.sys 14:41:04.0451 1948 AppID - ok 14:41:04.0747 1948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 14:41:04.0763 1948 arc - ok 14:41:04.0981 1948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 14:41:05.0012 1948 arcsas - ok 14:41:05.0106 1948 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys 14:41:05.0168 1948 ASMMAP - ok 14:41:05.0387 1948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:41:05.0543 1948 AsyncMac - ok 14:41:05.0792 1948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 14:41:05.0808 1948 atapi - ok 14:41:06.0182 1948 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys 14:41:06.0338 1948 athr - ok 14:41:06.0650 1948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 14:41:06.0744 1948 b06bdrv - ok 14:41:07.0087 1948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:41:07.0149 1948 b57nd60x - ok 14:41:07.0477 1948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:41:07.0555 1948 Beep - ok 14:41:07.0961 1948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:41:08.0007 1948 blbdrive - ok 14:41:08.0304 1948 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 14:41:08.0366 1948 bowser - ok 14:41:08.0694 1948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:41:08.0787 1948 BrFiltLo - ok 14:41:09.0084 1948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:41:09.0162 1948 BrFiltUp - ok 14:41:09.0567 1948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:41:09.0708 1948 Brserid - ok 14:41:10.0035 1948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:41:10.0113 1948 BrSerWdm - ok 14:41:10.0410 1948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:41:10.0472 1948 BrUsbMdm - ok 14:41:10.0737 1948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:41:10.0815 1948 BrUsbSer - ok 14:41:11.0034 1948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 14:41:11.0112 1948 BTHMODEM - ok 14:41:11.0393 1948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:41:11.0455 1948 cdfs - ok 14:41:11.0720 1948 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys 14:41:11.0814 1948 cdrom - ok 14:41:12.0126 1948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 14:41:12.0204 1948 circlass - ok 14:41:12.0469 1948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:41:12.0516 1948 CLFS - ok 14:41:12.0828 1948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 14:41:12.0890 1948 CmBatt - ok 14:41:13.0155 1948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 14:41:13.0171 1948 cmdide - ok 14:41:13.0545 1948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 14:41:13.0623 1948 CNG - ok 14:41:13.0935 1948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 14:41:13.0951 1948 Compbatt - ok 14:41:14.0232 1948 CompositeBus (44c8853fecd1147c86bbaae7ee0be4cf) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:41:14.0325 1948 CompositeBus - ok 14:41:14.0591 1948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 14:41:14.0606 1948 crcdisk - ok 14:41:15.0027 1948 CSC (dcb18d86f4f80926a59a9a3cf420a3cd) C:\Windows\system32\drivers\csc.sys 14:41:15.0121 1948 CSC - ok 14:41:15.0464 1948 DfsC (c84f40ca67fd827d7f2d5c325a5530e2) C:\Windows\system32\Drivers\dfsc.sys 14:41:15.0464 1948 DfsC ( Rootkit.Win32.ZAccess.h ) - infected 14:41:15.0464 1948 DfsC - detected Rootkit.Win32.ZAccess.h (0) 14:41:15.0870 1948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:41:15.0932 1948 discache - ok 14:41:16.0026 1948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 14:41:16.0041 1948 Disk - ok 14:41:16.0135 1948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:41:16.0166 1948 drmkaud - ok 14:41:16.0244 1948 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 14:41:16.0244 1948 dtsoftbus01 - ok 14:41:16.0665 1948 DXGKrnl (7f4d13f3f468f8ec3c698a154ac52c93) C:\Windows\System32\drivers\dxgkrnl.sys 14:41:16.0697 1948 DXGKrnl - ok 14:41:17.0399 1948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 14:41:17.0617 1948 ebdrv - ok 14:41:17.0835 1948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 14:41:17.0867 1948 elxstor - ok 14:41:17.0945 1948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 14:41:18.0007 1948 ErrDev - ok 14:41:18.0210 1948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:41:18.0257 1948 exfat - ok 14:41:18.0537 1948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:41:18.0662 1948 fastfat - ok 14:41:19.0005 1948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 14:41:19.0068 1948 fdc - ok 14:41:19.0177 1948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:41:19.0193 1948 FileInfo - ok 14:41:19.0255 1948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:41:19.0286 1948 Filetrace - ok 14:41:19.0333 1948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 14:41:19.0380 1948 flpydisk - ok 14:41:19.0427 1948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:41:19.0473 1948 FltMgr - ok 14:41:19.0583 1948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:41:19.0598 1948 FsDepends - ok 14:41:19.0614 1948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 14:41:19.0629 1948 Fs_Rec - ok 14:41:19.0676 1948 fvevol (0c0386c5b33812be2e7188e5e82621dc) C:\Windows\system32\DRIVERS\fvevol.sys 14:41:19.0707 1948 fvevol - ok 14:41:19.0926 1948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:41:19.0973 1948 gagp30kx - ok 14:41:20.0082 1948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:41:20.0144 1948 hcw85cir - ok 14:41:20.0238 1948 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 14:41:20.0285 1948 HdAudAddService - ok 14:41:20.0394 1948 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:41:20.0441 1948 HDAudBus - ok 14:41:20.0690 1948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 14:41:20.0893 1948 HidBatt - ok 14:41:21.0283 1948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 14:41:21.0361 1948 HidBth - ok 14:41:21.0455 1948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 14:41:21.0486 1948 HidIr - ok 14:41:21.0564 1948 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 14:41:21.0579 1948 HidUsb - ok 14:41:21.0657 1948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:41:21.0673 1948 HpSAMD - ok 14:41:21.0735 1948 HTTP (33bd3b302aaf1bae758b1a73d0279972) C:\Windows\system32\drivers\HTTP.sys 14:41:21.0829 1948 HTTP - ok 14:41:21.0954 1948 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 14:41:21.0985 1948 hwpolicy - ok 14:41:22.0172 1948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 14:41:22.0188 1948 i8042prt - ok 14:41:22.0375 1948 iaStorV (b9039a34c2f8769490dcc494e2402445) C:\Windows\system32\drivers\iaStorV.sys 14:41:22.0422 1948 iaStorV - ok 14:41:22.0562 1948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 14:41:22.0593 1948 iirsp - ok 14:41:22.0781 1948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 14:41:22.0827 1948 intelide - ok 14:41:22.0952 1948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:41:22.0983 1948 intelppm - ok 14:41:23.0171 1948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:41:23.0249 1948 IpFilterDriver - ok 14:41:23.0467 1948 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:41:23.0498 1948 IPMIDRV - ok 14:41:23.0561 1948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:41:23.0654 1948 IPNAT - ok 14:41:23.0685 1948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:41:23.0888 1948 IRENUM - ok 14:41:24.0044 1948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 14:41:24.0075 1948 isapnp - ok 14:41:24.0169 1948 iScsiPrt (97bd53b860bd1d3d0dbcf2fbbbe18710) C:\Windows\system32\DRIVERS\msiscsi.sys 14:41:24.0185 1948 iScsiPrt - ok 14:41:24.0263 1948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:41:24.0278 1948 kbdclass - ok 14:41:24.0434 1948 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 14:41:24.0497 1948 kbdhid - ok 14:41:24.0559 1948 KSecDD (06db9866e55a6d4af50a3ddaeacaea2a) C:\Windows\system32\Drivers\ksecdd.sys 14:41:24.0575 1948 KSecDD - ok 14:41:24.0637 1948 KSecPkg (509fc3c29f86d715dafc622c3a685ba1) C:\Windows\system32\Drivers\ksecpkg.sys 14:41:24.0653 1948 KSecPkg - ok 14:41:25.0261 1948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:41:25.0339 1948 lltdio - ok 14:41:25.0823 1948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:41:25.0869 1948 LSI_FC - ok 14:41:26.0057 1948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:41:26.0103 1948 LSI_SAS - ok 14:41:26.0306 1948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:41:26.0337 1948 LSI_SAS2 - ok 14:41:26.0618 1948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:41:26.0649 1948 LSI_SCSI - ok 14:41:26.0712 1948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:41:26.0759 1948 luafv - ok 14:41:26.0868 1948 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys 14:41:26.0915 1948 ManyCam - ok 14:41:27.0055 1948 MBAMSwissArmy - ok 14:41:27.0117 1948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 14:41:27.0149 1948 megasas - ok 14:41:27.0180 1948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 14:41:27.0211 1948 MegaSR - ok 14:41:27.0242 1948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:41:27.0305 1948 Modem - ok 14:41:27.0367 1948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:41:27.0398 1948 monitor - ok 14:41:27.0429 1948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 14:41:27.0445 1948 mouclass - ok 14:41:27.0507 1948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:41:27.0539 1948 mouhid - ok 14:41:27.0570 1948 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 14:41:27.0585 1948 mountmgr - ok 14:41:27.0663 1948 mpio (8a4a284ce21201f245e09f0021a3c8c7) C:\Windows\system32\DRIVERS\mpio.sys 14:41:27.0710 1948 mpio - ok 14:41:27.0773 1948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:41:27.0804 1948 mpsdrv - ok 14:41:27.0897 1948 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 14:41:27.0944 1948 MRxDAV - ok 14:41:27.0991 1948 mrxsmb (ae6248d356c6c1de1623f0610b7fb0a3) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:41:28.0038 1948 mrxsmb - ok 14:41:28.0100 1948 mrxsmb10 (6d8ab5e1ef631470014cb167c426a38f) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:41:28.0147 1948 mrxsmb10 - ok 14:41:28.0350 1948 mrxsmb20 (05fcf029fb6915df707222d3806c760a) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:41:28.0381 1948 mrxsmb20 - ok 14:41:28.0459 1948 msahci (4e00965bb3c471d52b07c9c3c59a82cf) C:\Windows\system32\DRIVERS\msahci.sys 14:41:28.0475 1948 msahci - ok 14:41:28.0521 1948 msdsm (c575749358de482326943bddf0beb64b) C:\Windows\system32\DRIVERS\msdsm.sys 14:41:28.0537 1948 msdsm - ok 14:41:28.0584 1948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:41:28.0631 1948 Msfs - ok 14:41:28.0911 1948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:41:28.0974 1948 mshidkmdf - ok 14:41:29.0052 1948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 14:41:29.0083 1948 msisadrv - ok 14:41:29.0177 1948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:41:29.0223 1948 MSKSSRV - ok 14:41:29.0333 1948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:41:29.0411 1948 MSPCLOCK - ok 14:41:29.0520 1948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:41:29.0567 1948 MSPQM - ok 14:41:29.0707 1948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:41:29.0723 1948 MsRPC - ok 14:41:29.0925 1948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 14:41:29.0941 1948 mssmbios - ok 14:41:30.0003 1948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:41:30.0066 1948 MSTEE - ok 14:41:30.0175 1948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 14:41:30.0206 1948 MTConfig - ok 14:41:30.0300 1948 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys 14:41:30.0347 1948 MTsensor - ok 14:41:30.0425 1948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:41:30.0440 1948 Mup - ok 14:41:30.0565 1948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:41:30.0627 1948 NativeWifiP - ok 14:41:30.0799 1948 NDIS (3cb507ab001dffaca301cfe177631ccc) C:\Windows\system32\drivers\ndis.sys 14:41:30.0861 1948 NDIS - ok 14:41:30.0924 1948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:41:31.0033 1948 NdisCap - ok 14:41:31.0205 1948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:41:31.0251 1948 NdisTapi - ok 14:41:31.0314 1948 Ndisuio (bf6d06b889915b252333ee887479c5ac) C:\Windows\system32\DRIVERS\ndisuio.sys 14:41:31.0345 1948 Ndisuio - ok 14:41:31.0392 1948 NdisWan (50c5535b0c3c2f357d83037d1bcf9199) C:\Windows\system32\DRIVERS\ndiswan.sys 14:41:31.0470 1948 NdisWan - ok 14:41:31.0532 1948 NDProxy (f49fef57e1828e243679f1e9a0b5f291) C:\Windows\system32\drivers\NDProxy.sys 14:41:31.0595 1948 NDProxy - ok 14:41:31.0641 1948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:41:31.0704 1948 NetBIOS - ok 14:41:31.0782 1948 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 14:41:31.0844 1948 NetBT - ok 14:41:31.0969 1948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 14:41:31.0985 1948 nfrd960 - ok 14:41:32.0047 1948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:41:32.0125 1948 Npfs - ok 14:41:32.0390 1948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:41:32.0453 1948 nsiproxy - ok 14:41:32.0733 1948 Ntfs (a7266d82db9675afbded39695b69edac) C:\Windows\system32\drivers\Ntfs.sys 14:41:32.0889 1948 Ntfs - ok 14:41:33.0123 1948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:41:33.0170 1948 Null - ok 14:41:33.0373 1948 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 14:41:33.0435 1948 NVENETFD - ok 14:41:34.0434 1948 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:41:34.0808 1948 nvlddmkm - ok 14:41:34.0917 1948 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 14:41:34.0949 1948 nvraid - ok 14:41:35.0027 1948 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 14:41:35.0042 1948 nvstor - ok 14:41:35.0105 1948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 14:41:35.0120 1948 nv_agp - ok 14:41:35.0151 1948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 14:41:35.0183 1948 ohci1394 - ok 14:41:35.0276 1948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 14:41:35.0323 1948 Parport - ok 14:41:35.0370 1948 partmgr (f9b97abba2b00b9a30d75944e84ca309) C:\Windows\system32\drivers\partmgr.sys 14:41:35.0401 1948 partmgr - ok 14:41:35.0448 1948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 14:41:35.0463 1948 Parvdm - ok 14:41:35.0526 1948 pci (1d20a96c51832217dc0732b4e0f3d9b7) C:\Windows\system32\DRIVERS\pci.sys 14:41:35.0541 1948 pci - ok 14:41:35.0573 1948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 14:41:35.0588 1948 pciide - ok 14:41:35.0635 1948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 14:41:35.0651 1948 pcmcia - ok 14:41:35.0697 1948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:41:35.0713 1948 pcw - ok 14:41:35.0791 1948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:41:35.0885 1948 PEAUTH - ok 14:41:36.0353 1948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:41:36.0431 1948 PptpMiniport - ok 14:41:36.0774 1948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 14:41:36.0836 1948 Processor - ok 14:41:37.0273 1948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:41:37.0335 1948 Psched - ok 14:41:37.0585 1948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 14:41:37.0694 1948 ql2300 - ok 14:41:37.0928 1948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 14:41:37.0959 1948 ql40xx - ok 14:41:38.0271 1948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:41:38.0318 1948 QWAVEdrv - ok 14:41:38.0381 1948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:41:38.0427 1948 RasAcd - ok 14:41:38.0490 1948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:41:38.0537 1948 RasAgileVpn - ok 14:41:38.0599 1948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:41:38.0646 1948 Rasl2tp - ok 14:41:38.0693 1948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:41:38.0739 1948 RasPppoe - ok 14:41:38.0942 1948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:41:39.0145 1948 RasSstp - ok 14:41:39.0473 1948 rdbss (d0d5f258a906a9a7226d0ce648c62fd5) C:\Windows\system32\DRIVERS\rdbss.sys 14:41:39.0566 1948 rdbss - ok 14:41:39.0644 1948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 14:41:39.0675 1948 rdpbus - ok 14:41:39.0722 1948 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:41:39.0753 1948 RDPCDD - ok 14:41:39.0816 1948 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 14:41:39.0863 1948 RDPDR - ok 14:41:40.0159 1948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:41:40.0237 1948 RDPENCDD - ok 14:41:40.0315 1948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:41:40.0377 1948 RDPREFMP - ok 14:41:40.0471 1948 RDPWD (bc247aad6a56abb6b476d9286ce14f51) C:\Windows\system32\drivers\RDPWD.sys 14:41:40.0502 1948 RDPWD - ok 14:41:40.0565 1948 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys 14:41:40.0580 1948 rdyboost - ok 14:41:40.0783 1948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:41:40.0861 1948 rspndr - ok 14:41:40.0923 1948 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS 14:41:40.0970 1948 RTSTOR - ok 14:41:41.0079 1948 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 14:41:41.0126 1948 s3cap - ok 14:41:41.0298 1948 sbp2port (662b7f49cb295f15b5a1a36ad3ae9c2c) C:\Windows\system32\DRIVERS\sbp2port.sys 14:41:41.0345 1948 sbp2port - ok 14:41:41.0469 1948 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 14:41:41.0516 1948 scfilter - ok 14:41:41.0906 1948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:41:41.0969 1948 secdrv - ok 14:41:42.0062 1948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:41:42.0078 1948 Serenum - ok 14:41:42.0156 1948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:41:42.0203 1948 Serial - ok 14:41:42.0249 1948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 14:41:42.0296 1948 sermouse - ok 14:41:42.0343 1948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 14:41:42.0374 1948 sffdisk - ok 14:41:42.0405 1948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:41:42.0421 1948 sffp_mmc - ok 14:41:42.0468 1948 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:41:42.0499 1948 sffp_sd - ok 14:41:42.0577 1948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 14:41:42.0655 1948 sfloppy - ok 14:41:42.0780 1948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 14:41:42.0795 1948 sisagp - ok 14:41:42.0858 1948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:41:42.0873 1948 SiSRaid2 - ok 14:41:43.0061 1948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 14:41:43.0076 1948 SiSRaid4 - ok 14:41:43.0357 1948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:41:43.0435 1948 Smb - ok 14:41:44.0012 1948 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys 14:41:44.0137 1948 smserial - ok 14:41:44.0355 1948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:41:44.0418 1948 spldr - ok 14:41:44.0979 1948 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\Windows\System32\Drivers\sptd.sys 14:41:44.0979 1948 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7 14:41:44.0979 1948 sptd ( LockedFile.Multi.Generic ) - warning 14:41:44.0979 1948 sptd - detected LockedFile.Multi.Generic (1) 14:41:45.0494 1948 srv (110ad8cd36f173e917b1145950042b79) C:\Windows\system32\DRIVERS\srv.sys 14:41:45.0635 1948 srv - ok 14:41:46.0056 1948 srv2 (0460a195747ec2cb8d07b9634e85d637) C:\Windows\system32\DRIVERS\srv2.sys 14:41:46.0134 1948 srv2 - ok 14:41:46.0212 1948 srvnet (e461231d570586f158becc94c342cbe0) C:\Windows\system32\DRIVERS\srvnet.sys 14:41:46.0259 1948 srvnet - ok 14:41:46.0524 1948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 14:41:46.0555 1948 stexstor - ok 14:41:46.0711 1948 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 14:41:46.0758 1948 storflt - ok 14:41:46.0820 1948 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 14:41:46.0836 1948 storvsc - ok 14:41:46.0867 1948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 14:41:46.0883 1948 swenum - ok 14:41:47.0273 1948 Tcpip (93c444d118b184452132357c322124cd) C:\Windows\system32\drivers\tcpip.sys 14:41:47.0351 1948 Tcpip - ok 14:41:47.0928 1948 TCPIP6 (93c444d118b184452132357c322124cd) C:\Windows\system32\DRIVERS\tcpip.sys 14:41:47.0975 1948 TCPIP6 - ok 14:41:48.0177 1948 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 14:41:48.0224 1948 tcpipreg - ok 14:41:48.0302 1948 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 14:41:48.0349 1948 TDPIPE - ok 14:41:48.0396 1948 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 14:41:48.0443 1948 TDTCP - ok 14:41:48.0489 1948 tdx (4893eb2d4333da983fed1aef1fac24f6) C:\Windows\system32\DRIVERS\tdx.sys 14:41:48.0536 1948 tdx - ok 14:41:48.0567 1948 TermDD (c0d02b80867e31320d36ac551b72f0e9) C:\Windows\system32\DRIVERS\termdd.sys 14:41:48.0583 1948 TermDD - ok 14:41:48.0630 1948 tssecsrv (9dff45630df6e13b48bc01b8e799a781) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:41:48.0677 1948 tssecsrv - ok 14:41:48.0739 1948 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 14:41:48.0833 1948 tunnel - ok 14:41:48.0895 1948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 14:41:48.0911 1948 uagp35 - ok 14:41:48.0957 1948 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys 14:41:49.0004 1948 udfs - ok 14:41:49.0051 1948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:41:49.0067 1948 uliagpkx - ok 14:41:49.0113 1948 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 14:41:49.0176 1948 umbus - ok 14:41:49.0238 1948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 14:41:49.0269 1948 UmPass - ok 14:41:49.0332 1948 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys 14:41:49.0379 1948 usbccgp - ok 14:41:49.0410 1948 usbcir (6eb45c02e2c8a5dbf9a119f76ae9bd95) C:\Windows\system32\DRIVERS\usbcir.sys 14:41:49.0425 1948 usbcir - ok 14:41:49.0472 1948 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys 14:41:49.0503 1948 usbehci - ok 14:41:49.0581 1948 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys 14:41:49.0628 1948 usbhub - ok 14:41:49.0675 1948 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\DRIVERS\usbohci.sys 14:41:49.0691 1948 usbohci - ok 14:41:49.0722 1948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 14:41:49.0753 1948 usbprint - ok 14:41:49.0815 1948 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:49.0862 1948 USBSTOR - ok 14:41:49.0940 1948 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys 14:41:49.0971 1948 usbuhci - ok 14:41:50.0065 1948 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys 14:41:50.0143 1948 usbvideo - ok 14:41:50.0221 1948 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 14:41:50.0268 1948 usb_rndisx - ok 14:41:50.0361 1948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:41:50.0377 1948 vdrvroot - ok 14:41:50.0424 1948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:41:50.0455 1948 vga - ok 14:41:50.0486 1948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:41:50.0533 1948 VgaSave - ok 14:41:50.0595 1948 vhdmp (2fd298650b5739dd59d21ce5ddaca031) C:\Windows\system32\DRIVERS\vhdmp.sys 14:41:50.0642 1948 vhdmp - ok 14:41:50.0720 1948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 14:41:50.0736 1948 viaagp - ok 14:41:50.0814 1948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 14:41:50.0845 1948 ViaC7 - ok 14:41:50.0907 1948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 14:41:50.0923 1948 viaide - ok 14:41:51.0219 1948 vmbus (cdfd6ba00b8859fbeeb1bce0f150de68) C:\Windows\system32\DRIVERS\vmbus.sys 14:41:51.0282 1948 vmbus - ok 14:41:51.0531 1948 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 14:41:51.0547 1948 VMBusHID - ok 14:41:51.0781 1948 volmgr (978ea60a508574116d468f9beb8593b3) C:\Windows\system32\DRIVERS\volmgr.sys 14:41:51.0812 1948 volmgr - ok 14:41:52.0124 1948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:41:52.0187 1948 volmgrx - ok 14:41:52.0343 1948 volsnap (5463c319d61e7510c67bc7b5506c5c20) C:\Windows\system32\DRIVERS\volsnap.sys 14:41:52.0405 1948 volsnap - ok 14:41:52.0748 1948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 14:41:52.0779 1948 vsmraid - ok 14:41:53.0013 1948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 14:41:53.0076 1948 vwifibus - ok 14:41:53.0232 1948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 14:41:53.0310 1948 vwififlt - ok 14:41:53.0403 1948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 14:41:53.0419 1948 WacomPen - ok 14:41:53.0513 1948 WANARP (db3b1965c2fb1476d95e413c3b7cacbb) C:\Windows\system32\DRIVERS\wanarp.sys 14:41:53.0575 1948 WANARP - ok 14:41:53.0575 1948 Wanarpv6 (db3b1965c2fb1476d95e413c3b7cacbb) C:\Windows\system32\DRIVERS\wanarp.sys 14:41:53.0591 1948 Wanarpv6 - ok 14:41:53.0653 1948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 14:41:53.0669 1948 Wd - ok 14:41:53.0840 1948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:41:53.0887 1948 Wdf01000 - ok 14:41:54.0199 1948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:41:54.0277 1948 WfpLwf - ok 14:41:54.0542 1948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:41:54.0589 1948 WIMMount - ok 14:41:55.0026 1948 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 14:41:55.0088 1948 WinUsb - ok 14:41:55.0431 1948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:41:55.0478 1948 WmiAcpi - ok 14:41:55.0634 1948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:41:55.0681 1948 ws2ifsl - ok 14:41:55.0743 1948 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys 14:41:55.0775 1948 WudfPf - ok 14:41:55.0915 1948 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:41:55.0977 1948 WUDFRd - ok 14:41:56.0087 1948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:41:56.0227 1948 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 14:41:56.0227 1948 \Device\Harddisk0\DR0 - detected TDSS File System (1) 14:41:56.0243 1948 Boot (0x1200) (821044d8cee32c5801136abd343cd114) \Device\Harddisk0\DR0\Partition0 14:41:56.0258 1948 \Device\Harddisk0\DR0\Partition0 - ok 14:41:56.0289 1948 Boot (0x1200) (f42e8501010de4291e4dba1d120af28d) \Device\Harddisk0\DR0\Partition1 14:41:56.0289 1948 \Device\Harddisk0\DR0\Partition1 - ok 14:41:56.0289 1948 ============================================================ 14:41:56.0289 1948 Scan finished 14:41:56.0289 1948 ============================================================ 14:41:56.0305 3476 Detected object count: 3 14:41:56.0305 3476 Actual detected object count: 3 14:42:12.0685 3476 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813 14:42:14.0760 3476 Backup copy not found, trying to cure infected file.. 14:42:14.0775 3476 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF) 14:42:14.0775 3476 C:\Windows\system32\Drivers\dfsc.sys - processing error 14:42:44.0369 3476 DfsC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure 14:42:44.0369 3476 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:42:44.0369 3476 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 14:42:44.0384 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 14:42:44.0384 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
-
I seem to having some problems with PING.exe and .com.b and .com_ files They keep spamming my task manager wich results to my processor running at 100%. Ive used TDSSKiller and this got rid of PING.exe. I wonder for how long it will stay away though. I found the suspecious .com files in System32 but no virus scanner detects them. (they are called a14t66j7U.com.b, a14t66j7U.com_, and a14t66j7U.exe) Ive read a different topic from someone with a similar problem and this guy Maniac gave them a custom OTL fix. (http://forums.malwarebytes.org/index.php?showtopic=101271) I posted there but my post got deleted.. Im kinda hoping this fix will work for me too but I need someone to help me with this. Thanks for reading and hopefully someone can help me out.
-
Hey i dont mean to barge in or hijack this topic but this was one of the more recent topics on this and i seem to be having the same problem. I was googling .com.b and .com_ caus i know it shouldnt be in System32 until i ran into this site. TP also seems to have issues with these .com files so i started following your solutions. Ive used TDSSKiller to stop PING.exe from starting up all the time and this worked for me. But now the .com files keep flooding my task manager and make my processor run at 100%. Ive seen the OTL fix that you gave to TP but i know it wont work for my laptop since its custom. So could you please give me a custom fix like that and/or maybe help me out in a different topic. Im asking here because you (Maniac) seem to have all solutions for this problem! So again sorry for barging in and thanks in advance.