Jump to content

Search the Community

Showing results for tags 'Trojan.dropper'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. What is Inlog Optimizer?The Malwarebytes research team has determined that Inlog Optimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.The settings provided by this particular one can result in the detection of several potentially unwanted modifications (PUMs).How do I know if I am infected with Inlog Optimizer?This is how the main screen of the system optimizer looks:You will find this icon in your taskbar:and see this type of screens during "operations":You may see this entry in your list of installed programs:How did Inlog Optimizer get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was installed by a Trojan.Dropper.How do I remove Inlog Optimizer?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Inlog Optimizer? No, Malwarebytes removes Inlog Optimizer completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Inlog Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Inlog Software) [File not signed] C:\Program Files (x86)\Inlog Software\Inlog Optimizer\InlogOptimizer.exe HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKCU\...\Policies\Explorer: [NoViewContextMenu] 0 C:\ProgramData\Optimizer C:\Program Files (x86)\Inlog Software (Inlog Software ) C:\Users\{username}\Desktop\setup.exe Inlog Optimizer 3.1 (HKLM-x32\...\Inlog Optimizer 3.1) (Version: 3.1 - Inlog Software) (Inlog Software) [File not signed] C:\Program Files (x86)\Inlog Software\Inlog Optimizer\InlogOptimizer.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Inlog Software\Inlog Optimizer Adds the file check.txt"="6/21/2019 8:57 AM, 1 bytes, A Adds the file InlogOptimizer.exe"="5/29/2019 1:47 PM, 1092096 bytes, A Adds the file Newtonsoft.Json.dll"="2/3/2019 8:13 AM, 526336 bytes, A Adds the file Uninstall.exe"="6/21/2019 8:57 AM, 99909 bytes, A Adds the file Uninstall.ini"="6/21/2019 8:57 AM, 2711 bytes, A Adds the folder C:\ProgramData\Optimizer Adds the file Optimizer.json"="6/21/2019 8:57 AM, 1265 bytes, A Adds the folder C:\ProgramData\Optimizer\ExtractedIcons Adds the folder C:\ProgramData\Optimizer\FavIcons Adds the folder C:\ProgramData\Optimizer\ReadyMadeMenus Adds the file DesktopShortcuts.reg"="6/21/2019 8:57 AM, 2617 bytes, A Adds the file InstallTakeOwnership.reg"="6/21/2019 8:57 AM, 644 bytes, A Adds the file PowerMenu.reg"="6/21/2019 8:57 AM, 2593 bytes, A Adds the file RemoveTakeOwnership.reg"="6/21/2019 8:57 AM, 124 bytes, A Adds the file SystemShortcuts.reg"="6/21/2019 8:57 AM, 5683 bytes, A Adds the file SystemTools.reg"="6/21/2019 8:57 AM, 3888 bytes, A Adds the file WindowsApps.reg"="6/21/2019 8:57 AM, 3976 bytes, A Adds the folder C:\ProgramData\Optimizer\Required Adds the file DisableOfficeTelemetryTasks.bat"="6/21/2019 8:57 AM, 302 bytes, A Adds the file DisableOfficeTelemetryTasks.reg"="6/21/2019 8:57 AM, 630 bytes, A Adds the file DisableTelemetryTasks.bat"="6/21/2019 8:57 AM, 3967 bytes, A Adds the file DisableXboxTasks.bat"="6/21/2019 8:57 AM, 270 bytes, A Adds the file EnableOfficeTelemetryTasks.bat"="6/21/2019 8:57 AM, 161 bytes, A Adds the file EnableOfficeTelemetryTasks.reg"="6/21/2019 8:57 AM, 448 bytes, A Adds the file EnableTelemetryTasks.bat"="6/21/2019 8:57 AM, 2104 bytes, A Adds the file EnableXboxTasks.bat"="6/21/2019 8:57 AM, 145 bytes, A Adds the file OneDrive_Uninstaller.cmd"="6/21/2019 8:57 AM, 846 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Inlog Optimizer 3.1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Inlog Software\Inlog Optimizer\Uninstall.exe" "DisplayName"="REG_SZ", "Inlog Optimizer 3.1" "DisplayVersion"="REG_SZ", "3.1" "EstimatedSize"="REG_DWORD", 2398 "InstallDate"="REG_SZ", "20190621" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Inlog Software\Inlog Optimizer\" "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\" "Language"="REG_DWORD", 1033 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Inlog Software" "UninstallString"="REG_SZ", "C:\Program Files (x86)\Inlog Software\Inlog Optimizer\Uninstall.exe" "VersionMajor"="REG_DWORD", 3 "VersionMinor"="REG_DWORD", 1 [HKEY_CURRENT_USER\Inlog Software] "Inlog Optimizer"="REG_SZ", "C:\Program Files (x86)\Inlog Software\Inlog Optimizer" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/21/19 Scan Time: 9:08 AM Log File: 54f22a62-93f3-11e9-8fe8-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11174 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236004 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 4 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\InlogOptimizer.exe, Quarantined, [3072], [698969],1.0.11174 Module: 1 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\InlogOptimizer.exe, Quarantined, [3072], [698969],1.0.11174 Registry Key: 1 PUP.Optional.InlogOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Inlog Optimizer 3.1, Quarantined, [3072], [698978],1.0.11174 Registry Value: 2 PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, [7079], [676881],1.0.11174 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, [7079], [676881],1.0.11174 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer, Quarantined, [3072], [698969],1.0.11174 PUP.Optional.InlogOptimizer, C:\PROGRAM FILES (X86)\INLOG SOFTWARE, Quarantined, [3072], [698969],1.0.11174 File: 6 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\check.txt, Quarantined, [3072], [698969],1.0.11174 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\InlogOptimizer.exe, Quarantined, [3072], [698969],1.0.11174 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\Newtonsoft.Json.dll, Quarantined, [3072], [698969],1.0.11174 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\Uninstall.exe, Quarantined, [3072], [698969],1.0.11174 PUP.Optional.InlogOptimizer, C:\Program Files (x86)\Inlog Software\Inlog Optimizer\Uninstall.ini, Quarantined, [3072], [698969],1.0.11174 Trojan.Dropper, C:\USERS\{username}\DESKTOP\SETUP.EXE, Quarantined, [749], [690163],1.0.11174 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is MoneyFriend? The Malwarebytes research team has determined that MoneyFriend is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by MoneyFriend? You may see this entry in your list of installed programs and features: and this proxy setting locked down by a policy: and these browser extensions/add-ons: How did MoneyFriend get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove MoneyFriend? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MoneyFriend? No, Malwarebytes removes MoneyFriend completely. If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the MoneyFriend entry. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the MoneyFriend adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: (Microsoft) C:\Windows\fhelper.exe (Groom-A-Zebu (tm) ) C:\Windows\vgagfx.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Restriction <======= ATTENTION AutoConfigURL: [.DEFAULT] => file://C:\Windows\System32\Drivers\iexplore.pac AutoConfigURL: [S-1-5-21-1350903546-318028887-1286703239-1003] => file://C:\Windows\System32\Drivers\iexplore.pac HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF NetworkProxy: "user_pref("extensions.enableScopes", 15);type", 4);user_pref("xpinstall.signatures.required", false FF Extension: Furniture Guru - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\jid1-aMet0JAAbFecLw@jetpack.xpi [2015-11-04] [not signed] FF Extension: Indiashopps - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\jid1-rrMTK7JqsxNOeQ@jetpack.xpi [2016-04-20] FF Extension: Furniture Guru - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-aMet0JAAbFecLw@jetpack.xpi [2015-11-04] [not signed] FF Extension: Indiashopps - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-rrMTK7JqsxNOeQ@jetpack.xpi [2016-04-20] CHR HKCU\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx R2 fhelper; C:\Windows\fhelper.exe [10240 2016-08-27] (Microsoft) [File not signed] C:\Windows\System32\Tasks\WinVDA C:\Windows\System32\Tasks\WinDriver C:\Program Files (x86)\MoneyFriend (Microsoft) C:\Windows\plotpix.exe (Microsoft) C:\Windows\fhelper.exe C:\Windows\default.cfg C:\Windows\loadermaster.exe C:\Windows\gruber.exe C:\Windows\bgpss.txt C:\Windows\gdwslk C:\Windows\jhndsn C:\Windows\mdkfpoud.bat C:\Windows\nitakihg.bat (Groom-A-Zebu (tm) ) C:\Windows\vgagfx.exe (Groom-A-Zebu (tm) ) C:\Windows\system32\mndhsj.exe C:\Windows\system32\Drivers\iexplore.pac MoneyFriend (HKLM-x32\...\MoneyFriend1.0) (Version: 1.0 - Pcom) Task: {01B17F3D-1CFF-4255-86FB-88B88C7DB473} - System32\Tasks\WinDriver => C:\Windows\slp.exe [2007-10-28] (www.commandline.co.uk) Task: {D3FD6F4E-A5AE-4F98-A0B7-9B171ADCA718} - System32\Tasks\WinVDA => C:\Windows\slp.exe [2007-10-28] (www.commandline.co.uk) Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/20/17 Scan Time: 2:04 PM Log File: mabmMoneyFriend.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2192 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 335571 Threats Detected: 89 Threats Quarantined: 89 Time Elapsed: 1 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Trojan.Dropper.Generic, C:\WINDOWS\FHELPER.EXE, Quarantined, [575], [355568],1.0.2192 Module: 1 Trojan.Dropper.Generic, C:\WINDOWS\FHELPER.EXE, Quarantined, [575], [355568],1.0.2192 Registry Key: 18 Trojan.Dropper.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fhelper, Delete-on-Reboot, [575], [355568],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\POLICIES\GOOGLE\CHROME, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\akhdblbjebmbllhinponghfmaekhlhob, Delete-on-Reboot, [9469], [408561],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pgoackgjjkpbkjoomkklkofbhpkbeboc, Delete-on-Reboot, [9468], [408566],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\akhdblbjebmbllhinponghfmaekhlhob, Delete-on-Reboot, [9469], [408561],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\msaver1.0.1.20, Delete-on-Reboot, [9469], [408584],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, HKCU\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgoackgjjkpbkjoomkklkofbhpkbeboc, Delete-on-Reboot, [9468], [408566],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinDriver, Delete-on-Reboot, [3964], [408578],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinVDA, Delete-on-Reboot, [3964], [408581],1.0.2192 PUP.Optional.MoneyFreind, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MoneyFriend1.0, Delete-on-Reboot, [9437], [408574],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\msaver1.0.1.20, Delete-on-Reboot, [9469], [408585],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\akhdblbjebmbllhinponghfmaekhlhob, Delete-on-Reboot, [9469], [408562],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgoackgjjkpbkjoomkklkofbhpkbeboc, Delete-on-Reboot, [9468], [408567],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01B17F3D-1CFF-4255-86FB-88B88C7DB473}, Delete-on-Reboot, [3964], [408577],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D3FD6F4E-A5AE-4F98-A0B7-9B171ADCA718}, Delete-on-Reboot, [3964], [408576],1.0.2192 Registry Value: 15 PUP.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [3964], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|5, Delete-on-Reboot, [9469], [408586],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKCU\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallWhitelist|5, Delete-on-Reboot, [9469], [408586],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|5, Delete-on-Reboot, [9469], [408587],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallWhitelist|5, Delete-on-Reboot, [9469], [408587],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01B17F3D-1CFF-4255-86FB-88B88C7DB473}|PATH, Delete-on-Reboot, [3964], [408577],1.0.2192 PUP.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D3FD6F4E-A5AE-4F98-A0B7-9B171ADCA718}|PATH, Delete-on-Reboot, [3964], [408576],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|5, Delete-on-Reboot, [9469], [408587],1.0.2192 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\ExtensionInstallWhitelist|5, Delete-on-Reboot, [9469], [408587],1.0.2192 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\_metadata, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AKHDBLBJEBMBLLHINPONGHFMAEKHLHOB, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\_metadata, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGOACKGJJKPBKJOOMKKLKOFBHPKBEBOC, Delete-on-Reboot, [9468], [408560],1.0.2192 File: 48 Trojan.Dropper.Generic, C:\WINDOWS\FHELPER.EXE, Delete-on-Reboot, [575], [355568],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\_metadata\computed_hashes.json, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\_metadata\verified_contents.json, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\background.js, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\deals.html, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\jquery.min.js, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\manifest.json, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\product_page.js, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\redir_page.js, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhdblbjebmbllhinponghfmaekhlhob\1.0.0.15_0\set128.png, Delete-on-Reboot, [9469], [408559],1.0.2192 PUP.Optional.MSoft.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, C:\USERS\{username}\NTUSER.POL, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Delete-on-Reboot, [9469], [-1],0.0.0 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\_metadata\verified_contents.json, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\jquery.min.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\allNeed.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\amazon.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\arrow1.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\background.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\deals.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\deals.html, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\FlipScript.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\FlipStyle.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\hide-left.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\hide-right.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\icon.ico, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\icon.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\jquery.easing.1.3.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\manifest.json, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\offer.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\product_page.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\reset.min.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\sidebar-exclusive.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\snapdeal.js, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\style.css, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\watch-price1.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\1.0.1.7_0\watch-price2.png, Delete-on-Reboot, [9468], [408560],1.0.2192 PUP.Optional.MoneyFreind, C:\USERS\{username}\DESKTOP\DEALZ2.EXE, Delete-on-Reboot, [9437], [408246],1.0.2192 PUP.Optional.ProxyHijacker, C:\WINDOWS\SYSTEM32\DRIVERS\IEXPLORE.PAC, Delete-on-Reboot, [3964], [408573],1.0.2192 RiskWare.CHP, C:\WINDOWS\SLP.EXE, Delete-on-Reboot, [16429], [278738],1.0.2192 Trojan.Dropper.Generic, C:\WINDOWS\PLOTPIX.EXE, Delete-on-Reboot, [575], [355568],1.0.2192 RiskWare.CHP, C:\WINDOWS\HREWNF.EXE, Delete-on-Reboot, [16429], [278738],1.0.2192 PUP.Optional.Dealz, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\JID1-RRMTK7JQSXNOEQ@JETPACK.XPI, Delete-on-Reboot, [617], [237667],1.0.2192 PUP.Optional.FurnitureGuru, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\JID1-AMET0JAABFECLW@JETPACK.XPI, Delete-on-Reboot, [9462], [408569],1.0.2192 PUP.Optional.IndiaShopps.ChrPRST, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\JID1-RRMTK7JQSXNOEQ@JETPACK.XPI, Delete-on-Reboot, [9468], [408563],1.0.2192 PUP.Optional.ProxyHijacker, C:\WINDOWS\SYSTEM32\TASKS\WINDRIVER, Delete-on-Reboot, [3964], [408579],1.0.2192 PUP.Optional.ProxyHijacker, C:\WINDOWS\SYSTEM32\TASKS\WINVDA, Delete-on-Reboot, [3964], [408582],1.0.2192 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Hello, I was directed to this forum because I have an outgoing IP Block detected by MalwareBytes: 2013/01/24 09:23:35 -0500 USER-PC user IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 50798, Process: firefox.exe) 2013/01/24 09:23:35 -0500 USER-PC user IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 50799, Process: firefox.exe) I originally had problems after downloading a free swf to video program. Both my Norton 360 and MBAM detected Trojans (Trojan.dropper, Trojan.Gen.2) and malware (BasicSeek.exe, basicseek110.exe), and I was getting redirects on Firefox to a site called isearchfantasticgames.com. I ran MBAM, TDSKiller and adwcleaner. I then took my computer to a local computer store and then ran combofix and hitmanpro. They told me that I got rid of anything that was on the computer, but today, a week later, I got redirected to the isearchfantasticgames site (well MBAM stopped it). I thought I was done with this, but I'm concerned that something is still on my computer. I don't want to wipe my computer if I don't have to. It's a pain to have to reload all my programs, especially Adobe. Thank you for your help, Lauren dds.txt attach.txt
  4. Greetings experts. I've gone through the removal of nearly the same Trojans and Rootkits as I'm finding on the latest system that I'm fixing, and I was very, very tempted to just go through my previous logs to fix this latest issue, but I also know that the fixes are done in a specific order with specific codes written for the machines being worked on, so I decided to go about this the safe way and not turn my friend's computer into a paper weight. So, I have run several Malwarebytes scans on this system (Dell Dimension C521 running Win 7 Pro - 32-bit), and I have been able to successfully remove all issues except for the Trojan.0access, Trojan.Dropper, Trojan.Small, Rootkit.0access and Rootkit.Zaccess. The deletion/quarantine shows as being successful in each log, but they're still there on the next run of Malwarebytes, so it looks like we need to go through the process again. I appreciate the guidance, as well as the reminder to not go about this on my own and assume I know what I'm doing since I've done this once before. Most recent Malwarebytes log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Angela :: ANGELA-PC [administrator] 9/20/2012 7:02:37 AM mbam-log-2012-09-20 (07-02-37).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 468662 Time elapsed: 1 hour(s), 58 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\80000000.@ (Trojan.Small) -> Quarantined and deleted successfully. (end)
  5. dear Ladies and Gentlemen, I have on my notebook MS Vista business IE 9 and Firefox 13: i have (perhaps after OS-update?) following error: ieframe.dll.acr_error Internet Explorer I get often/always on IE 9 res://ieframe.dll/acr_error.htm#,URL before: http://about:Tabs http://google.de after, 5 minutes later res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de this sites have now the title "Failed to restore sites" and the message on the IE "Internet Explorer has stopped working - close program" appears Alwil (Avast) Antivir found nothing If you want I can log the HijackThis file (nothing found) MBAW crashes in normal mode MBAW, quickscan in safe mode hat found only this Infizierte Dateien: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. english: infected files: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Successfully removed and placed in quarantine. This notebook has no others problems. My other PC doesn't have any problem. I have added DDS.TXT and ATTACH.txt thanks very much, funnybone . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by user_1 at 10:49:01 on 2012-08-03 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.2038.902 [GMT 2:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\TPHDEXLG.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE C:\xampplite\xampp-control.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [NPDTRAY] c:\progra~1\lenovo\npdirect\NPDTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt" mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [vspdfprsrv.exe] c:\program files\visagesoft\expert pdf 6\vspdfprsrv.exe --background mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\user_1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\user_1\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Inhaltsverzeichnis.onetoc2 StartupFolder: c:\users\user_1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xampp-~1.lnk - c:\xampplite\xampp-control.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DBE5A0B7-8ECC-47D5-9D47-83E967C4CB4B} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll FF - plugin: c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-1 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-1 353688] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-1 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-1 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-1 44808] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-22 179712] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-10 23152] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-11 16:29:36 -------- d-sh--w- C:\found.000 2012-07-08 09:46:24 -------- d-----w- c:\users\user_1\appdata\roaming\Malwarebytes 2012-07-08 09:46:11 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 09:46:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 09:46:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-08 08:19:50 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c6196aa-b507-4081-b290-ec3796a4005b}\offreg.dll 2012-07-06 22:29:15 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c6196aa-b507-4081-b290-ec3796a4005b}\mpengine.dll 2012-07-06 21:38:15 -------- d-----w- C:\HiJackThis . ==================== Find3M ==================== . 2012-08-03 08:46:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-03 08:46:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 10:51:08,09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume2 Install Date: 21.08.2008 22:58:32 System Uptime: 03.08.2012 07:35:37 (3 hours ago) . Motherboard: LENOVO | | 7650F7G Processor: Intel® Pentium® Dual CPU T2410 @ 2.00GHz | None | 800/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 143 GiB total, 4,691 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun-Miniportadapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 TrackPoint Device ID: ACPI\IBM3780\4&E8B9E42&0 Manufacturer: Lenovo Name: PS/2 TrackPoint PNP Device ID: ACPI\IBM3780\4&E8B9E42&0 Service: i8042prt . ==== System Restore Points =================== . RP971: 02.08.2012 22:29:33 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . . Access Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.2.2 - Deutsch Anzeige am Bildschirm avast! Free Antivirus Client Security Solution Conexant HD Audio Diskeeper Home Drag-to-Disc Ergänzung zu Productivity Center für ThinkPad eXPert PDF 6 Garmin City Navigator Europe NT 2010.20 Update Google Earth Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP Help Center Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Integrated Camera Intel® Graphics Media Accelerator Driver InterVideo Register Manager InterVideo WinDVD Java Auto Updater Java™ 6 Update 2 Java™ 6 Update 31 Konfiguration der Hot-Key-Funktionen für ThinkPad Lenovo Registration Lenovo System Interface Driver Lenovo ThinkVantage Toolbox Maintenance Manager Malwarebytes Anti-Malware Version 1.61.0.1400 Message Center Message Center Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (German) 2007 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Miranda IM 0.8.15 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Multimedia Center For Think Offerings NinjaLite V1.9 Picasa 3 Präsentationsdirektor Registry patch for Windows Vista USB S3 PM Enablement Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista Registry patch to improve USB device detection on resume from sleep for Windows Vista Rescue and Recovery RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Skype™ 4.2 Sonic Icons for Lenovo System Migration Assistant System Update ThinkPad-Dienstprogramm 'EasyEject' ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 ThinkPad Energie-Manager ThinkPad FullScreen Magnifier ThinkPad Mobility Center Customization ThinkPad Power Management Driver ThinkPad TrackPoint Driver ThinkVantage Access Connections ThinkVantage Productivity Center ThinkVantage System für aktiven Festplattenschutz ThinkVantage Technologies Welcome Message Total Commander (Remove or Repair) uMedia uTV Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 Wallpapers Windows Driver Package - Broadcom (b57nd60x) Net (05/09/2007 10.39.0.0) Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002) Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) Windows Live Toolbar Windows Media Player Firefox Plugin WinSCP 4.1.6 . ==== End Of File ===========================
  6. dear Ladies and Gentlemen, I have on my notebook MS Vista business IE 9 and Firefox 13: Before we beginn I would you know: Please give some short answers, first i'll got the overview: i have (perhaps after OS-update?) following error: ieframe.dll.acr_error Internet Explorer I get often/always on IE 9 res://ieframe.dll/acr_error.htm#,URL before: http://about:Tabs http://google.de after, 5 minutes later res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de this sites have now the title "Failed to restore sites" and the message on the IE "Internet Explorer has stopped working - close program" appears Alwil (Avast) Antivir found nothing If you want I can log the HijackThis file (nothing found) MBAW crashes in normal mode MBAW, quickscan in safe mode hat found only this Infizierte Dateien: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. english: infected files: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Successfully removed and placed in quarantine. This notebook has no others problems. My other PC doesn't have any problem. My ideas now: have I to run dds? see FAQ have I to run chameleon? see FAQ have I to run otl? and, If you can ... have I to change my passwords? can I use the files (jpgs, docs, xls, no OS-files) of the infected PC? perhaps i have to format the drive and setup a new OS? thanks very much, please, first I will get an overview. funnybone
  7. This is a continuation of http://forums.malwarebytes.org/index.php?showtopic=110776&hl=&fromsearch=1 which was mistakenly "taken over" by yours truly as a newbie to the forum. For clarity's sake, we continue the removal process here. I'm in the process of removing five trojans from a friend's computer: Trojan.Sirefef, Trojan.Small, Trojan.LameShield, Trojan.Dropper and Trojan.Zaccess, as well as Rootkit.0Access. I've determined from my forum searches that brought me to the aforementioned forum (to which I inadvertently responded to the very helpful gringo_pr's instructions) that the Trojan.Sirefef, Trojan.Small and Rootkit.0Access are responsible for causing her system to reboot continuously, only staying up for 1-2 minutes at the most before an alert message advising that Windows has encountered a critical error and will reboot in one minute appears. Continuing The latest FRST log is as follows: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 04 Ran by SYSTEM at 07-06-2012 15:50:49 Running from E:\ Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation) HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.) HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.) HKLM\...\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation) HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\Crys\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Crys\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Crys\...\Policies\system: [LogonHoursAction] 2 HKU\Crys\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent [x] HKU\Michael\...\Policies\system: [LogonHoursAction] 2 HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ================================ Services (Whitelisted) ================== 3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-04] (Adobe Systems Incorporated) 2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.) 2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.) 2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-12-27] (Acresso Software Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation) 4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia) 2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia) 3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies) 2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST [1213728 2008-01-08] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [221266 2009-07-31] (IDT, Inc.) 3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.) 2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] () 2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.) 2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC) 2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo) 2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x] 2 EvtEng; c:\Program Files\Intel\WiFi\bin\EvtEng.exe [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] 2 RegSrvc; c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x] 4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x] 4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ========================== Drivers (Whitelisted) ============= 3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [217136 2009-11-24] (Alps Electric Co., Ltd.) 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2009-02-26] (Intel® Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-07] (Malwarebytes Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 1 MpKsl77c026b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DDCD221-1D60-492B-91EB-92D7C46B40B6}\MpKsl77c026b2.sys [29904 2012-06-05] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation) 0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) 3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) 4 rimspci; C:\Windows\system32\drivers\rimspe86.sys [45056 2009-04-03] (REDC) 4 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [48640 2009-04-03] (REDC) 4 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-04-03] (REDC) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation) 2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-07 11:37 - 2012-06-07 11:38 - 00000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 00000000 __SHD C:\Config.Msi 2012-06-05 09:35 - 2012-06-07 13:38 - 3174215680 __ASH C:\hiberfil.sys 2012-06-05 09:10 - 2012-06-07 07:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-03 09:28 - 2012-06-03 09:28 - 00002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:27 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:27 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-06-02 16:31 - 2012-06-05 09:19 - 00000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-02 10:44 - 2012-06-02 10:44 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-26 09:20 - 2012-05-28 16:05 - 00010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 00000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-11 17:21 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-05-11 17:21 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-05-11 17:21 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-11 17:21 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-11 17:21 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-11 17:21 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-11 17:21 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-11 17:21 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-11 17:20 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-05-11 17:20 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-11 17:20 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ============ 3 Months Modified Files and Folders =============== 2012-06-07 13:39 - 2006-11-02 04:58 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-07 13:39 - 2006-11-02 04:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-07 13:38 - 2012-06-05 09:35 - 3174215680 __ASH C:\hiberfil.sys 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-07 11:52 - 2009-04-11 05:18 - 0279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-07 11:51 - 2010-09-20 14:50 - 0902938 ____A C:\Windows\ntbtlog.txt 2012-06-07 11:51 - 2010-08-14 12:20 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-07 11:51 - 2010-04-12 19:43 - 0000000 ____A C:\Users\Crys\AppData\Local\WavXMapDrive.bat 2012-06-07 11:43 - 2012-05-05 13:11 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-06-07 11:38 - 2012-06-07 11:37 - 0000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 0000000 __SHD C:\Config.Msi 2012-06-07 11:34 - 2010-08-14 12:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-07 07:46 - 2012-06-05 09:10 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-07 07:46 - 2012-03-29 07:24 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-05 09:33 - 2010-04-06 19:25 - 1944952 ____A C:\Windows\WindowsUpdate.log 2012-06-05 09:19 - 2012-06-02 16:31 - 0000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-05 09:17 - 2008-01-20 19:02 - 0055636 ____A C:\Windows\PFRO.log 2012-06-03 09:28 - 2012-06-03 09:28 - 0002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:28 - 2012-06-03 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:28 - 2006-11-02 02:33 - 0866950 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-03 09:21 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration 2012-06-03 09:19 - 2010-04-12 20:10 - 0000000 ____D C:\Users\All Users\Symantec 2012-06-02 16:54 - 2010-12-31 14:22 - 0000000 ____D C:\Windows\symbols 2012-06-02 16:27 - 2010-08-14 12:17 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Skype 2012-06-02 10:44 - 2012-06-02 10:44 - 0000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-28 16:05 - 2012-05-26 09:20 - 0010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 0000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-23 04:54 - 2010-04-07 01:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-16 06:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET 2012-05-13 12:42 - 2006-11-02 04:44 - 2303584 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-12 12:33 - 2010-05-25 08:02 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-05-12 12:29 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-05-12 12:03 - 2006-11-02 04:35 - 0000000 ____D C:\Windows\System32\XPSViewer 2012-05-07 05:16 - 2012-05-07 05:16 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Foxit Software 2012-05-07 05:13 - 2010-04-12 20:15 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-07 05:12 - 2012-05-07 05:12 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-05-05 13:11 - 2012-05-05 13:10 - 0000000 ___RD C:\Program Files\Skype 2012-05-05 13:11 - 2010-08-14 12:14 - 0000000 ____D C:\Users\All Users\Skype 2012-05-05 13:10 - 2012-05-05 13:10 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk 2012-05-05 13:10 - 2012-05-05 13:10 - 0000000 ____D C:\Program Files\Common Files\Skype 2012-05-04 16:46 - 2012-03-29 07:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-05-04 16:46 - 2011-05-15 11:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-04-29 06:37 - 2006-11-02 04:49 - 0147796 ____A C:\Windows\setupact.log 2012-04-20 07:51 - 2012-04-20 07:39 - 0034901 ____A C:\Users\Crys\Desktop\lyrics.docx 2012-04-04 13:56 - 2010-04-12 20:15 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-11 17:20 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-11 17:20 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-02 05:36 - 2012-05-11 17:20 - 2044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 11:57 - 2012-03-30 11:57 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-03-30 11:57 - 2012-03-09 12:53 - 0000000 ____D C:\Program Files\iTunes 2012-03-30 11:56 - 2012-03-30 11:56 - 0000000 ____D C:\Program Files\iPod 2012-03-30 11:56 - 2010-06-01 13:54 - 0000000 ____D C:\Program Files\Common Files\Apple 2012-03-30 04:39 - 2012-05-11 17:21 - 0914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 09:21 - 2012-03-29 09:21 - 313700803 ____A C:\Windows\MEMORY.DMP 2012-03-29 09:21 - 2012-03-29 09:21 - 0144744 ____A C:\Windows\Minidump\Mini032912-01.dmp 2012-03-29 09:21 - 2012-03-29 09:21 - 0000000 ____D C:\Windows\Minidump 2012-03-29 05:39 - 2012-05-11 17:21 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-28 06:07 - 2011-04-13 15:53 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-03-20 18:44 - 2012-03-20 18:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-20 18:44 - 2012-03-20 18:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-03-20 15:28 - 2012-05-11 17:21 - 0053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-15 09:25 - 2012-01-22 06:32 - 0008518 ____A C:\Users\Crys\Documents\Car Loan.xlsx ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-04-11 05:18] - [2012-06-07 11:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 3026.43 MB Available physical RAM: 2715.68 MB Total Pagefile: 2925.83 MB Available Pagefile: 2793.29 MB Total Virtual: 2047.88 MB Available Virtual: 1980.93 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:102.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.69 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 Online 3827 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 32 KB Partition 2 Primary 15 GB 40 MB Partition 3 Primary 218 GB 15 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3827 MB 16 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 3827 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-03 09:49 ======================= End Of Log ==========================
  8. Backdoor.Bot,Trojan.Dropper,BackdoorCerberus are these viruses I picked up something I should be "overly" concerned about. I did a scan deleted them, then did another scan later & it picked up new one's Im just concerned with keylogger's & "network jumping viruses"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.