Jump to content

PING.exe and .com.b


Pall

Recommended Posts

I seem to having some problems with PING.exe and .com.b and .com_ files

They keep spamming my task manager wich results to my processor running at 100%.

Ive used TDSSKiller and this got rid of PING.exe. I wonder for how long it will stay away though.

I found the suspecious .com files in System32 but no virus scanner detects them.

(they are called a14t66j7U.com.b, a14t66j7U.com_, and a14t66j7U.exe)

Ive read a different topic from someone with a similar problem and this guy Maniac gave them a custom OTL fix. (http://forums.malwarebytes.org/index.php?showtopic=101271)

I posted there but my post got deleted..

Im kinda hoping this fix will work for me too but I need someone to help me with this.

Thanks for reading and hopefully someone can help me out. :)

Link to post
Share on other sites

Hello Pall! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Your comment has been deleted by a moderator because its location is not there. Each case here considered individually.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Thanks for helping me out Maniac.

And Im sorry I didnt know I wasnt allowed to post in someone elses topic. :P

Anyways I ran TDSSKiller succesfully it found 3 threats and removed none.

Im having some issues with OTL though. It keeps freezing at Scanning Firefox Settings.

Ive tried booting in Safe Mode and trying to run the scan but it still freezes.

Im thinking about trying to remove Firefox but Ill wait for your reply before I do anything.

Heres the TDSSKiller log:

14:40:45.0309 3472 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

14:40:45.0403 3472 ============================================================

14:40:45.0403 3472 Current date / time: 2011/12/13 14:40:45.0403

14:40:45.0403 3472 SystemInfo:

14:40:45.0403 3472

14:40:45.0403 3472 OS Version: 6.1.7600 ServicePack: 0.0

14:40:45.0403 3472 Product type: Workstation

14:40:45.0403 3472 ComputerName: LAPTOP_FEMKE

14:40:45.0403 3472 UserName: femke

14:40:45.0403 3472 Windows directory: C:\Windows

14:40:45.0403 3472 System windows directory: C:\Windows

14:40:45.0403 3472 Processor architecture: Intel x86

14:40:45.0403 3472 Number of processors: 2

14:40:45.0403 3472 Page size: 0x1000

14:40:45.0403 3472 Boot type: Normal boot

14:40:45.0403 3472 ============================================================

14:40:46.0635 3472 Initialize success

14:40:58.0008 1948 ============================================================

14:40:58.0008 1948 Scan started

14:40:58.0008 1948 Mode: Manual; SigCheck; TDLFS;

14:40:58.0008 1948 ============================================================

14:40:58.0866 1948 .dfsc - ok

14:40:59.0724 1948 1394ohci (cf59585cf72f2471940def24a730f647) C:\Windows\system32\DRIVERS\1394ohci.sys

14:40:59.0849 1948 1394ohci - ok

14:41:00.0582 1948 ACPI (4984c69b47aedebef33eb90572160d30) C:\Windows\system32\DRIVERS\ACPI.sys

14:41:00.0707 1948 ACPI - ok

14:41:01.0175 1948 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

14:41:01.0253 1948 AcpiPmi - ok

14:41:01.0721 1948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

14:41:01.0767 1948 adp94xx - ok

14:41:02.0064 1948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

14:41:02.0126 1948 adpahci - ok

14:41:02.0391 1948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

14:41:02.0423 1948 adpu320 - ok

14:41:02.0672 1948 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

14:41:02.0750 1948 AFD - ok

14:41:02.0813 1948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

14:41:02.0813 1948 agp440 - ok

14:41:02.0906 1948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

14:41:02.0937 1948 aic78xx - ok

14:41:03.0047 1948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

14:41:03.0078 1948 aliide - ok

14:41:03.0125 1948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

14:41:03.0140 1948 amdagp - ok

14:41:03.0281 1948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

14:41:03.0296 1948 amdide - ok

14:41:03.0577 1948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

14:41:03.0624 1948 AmdK8 - ok

14:41:03.0733 1948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

14:41:03.0764 1948 AmdPPM - ok

14:41:03.0842 1948 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

14:41:03.0858 1948 amdsata - ok

14:41:03.0936 1948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

14:41:04.0014 1948 amdsbs - ok

14:41:04.0232 1948 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

14:41:04.0248 1948 amdxata - ok

14:41:04.0373 1948 AppID (a1136e9bee592df0814dbd2fa5695973) C:\Windows\system32\drivers\appid.sys

14:41:04.0451 1948 AppID - ok

14:41:04.0747 1948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

14:41:04.0763 1948 arc - ok

14:41:04.0981 1948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

14:41:05.0012 1948 arcsas - ok

14:41:05.0106 1948 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys

14:41:05.0168 1948 ASMMAP - ok

14:41:05.0387 1948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:41:05.0543 1948 AsyncMac - ok

14:41:05.0792 1948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

14:41:05.0808 1948 atapi - ok

14:41:06.0182 1948 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

14:41:06.0338 1948 athr - ok

14:41:06.0650 1948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

14:41:06.0744 1948 b06bdrv - ok

14:41:07.0087 1948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:41:07.0149 1948 b57nd60x - ok

14:41:07.0477 1948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:41:07.0555 1948 Beep - ok

14:41:07.0961 1948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

14:41:08.0007 1948 blbdrive - ok

14:41:08.0304 1948 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

14:41:08.0366 1948 bowser - ok

14:41:08.0694 1948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:41:08.0787 1948 BrFiltLo - ok

14:41:09.0084 1948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:41:09.0162 1948 BrFiltUp - ok

14:41:09.0567 1948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:41:09.0708 1948 Brserid - ok

14:41:10.0035 1948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:41:10.0113 1948 BrSerWdm - ok

14:41:10.0410 1948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:41:10.0472 1948 BrUsbMdm - ok

14:41:10.0737 1948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:41:10.0815 1948 BrUsbSer - ok

14:41:11.0034 1948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

14:41:11.0112 1948 BTHMODEM - ok

14:41:11.0393 1948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:41:11.0455 1948 cdfs - ok

14:41:11.0720 1948 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys

14:41:11.0814 1948 cdrom - ok

14:41:12.0126 1948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

14:41:12.0204 1948 circlass - ok

14:41:12.0469 1948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:41:12.0516 1948 CLFS - ok

14:41:12.0828 1948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

14:41:12.0890 1948 CmBatt - ok

14:41:13.0155 1948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

14:41:13.0171 1948 cmdide - ok

14:41:13.0545 1948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

14:41:13.0623 1948 CNG - ok

14:41:13.0935 1948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

14:41:13.0951 1948 Compbatt - ok

14:41:14.0232 1948 CompositeBus (44c8853fecd1147c86bbaae7ee0be4cf) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:41:14.0325 1948 CompositeBus - ok

14:41:14.0591 1948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

14:41:14.0606 1948 crcdisk - ok

14:41:15.0027 1948 CSC (dcb18d86f4f80926a59a9a3cf420a3cd) C:\Windows\system32\drivers\csc.sys

14:41:15.0121 1948 CSC - ok

14:41:15.0464 1948 DfsC (c84f40ca67fd827d7f2d5c325a5530e2) C:\Windows\system32\Drivers\dfsc.sys

14:41:15.0464 1948 DfsC ( Rootkit.Win32.ZAccess.h ) - infected

14:41:15.0464 1948 DfsC - detected Rootkit.Win32.ZAccess.h (0)

14:41:15.0870 1948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:41:15.0932 1948 discache - ok

14:41:16.0026 1948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

14:41:16.0041 1948 Disk - ok

14:41:16.0135 1948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:41:16.0166 1948 drmkaud - ok

14:41:16.0244 1948 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

14:41:16.0244 1948 dtsoftbus01 - ok

14:41:16.0665 1948 DXGKrnl (7f4d13f3f468f8ec3c698a154ac52c93) C:\Windows\System32\drivers\dxgkrnl.sys

14:41:16.0697 1948 DXGKrnl - ok

14:41:17.0399 1948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

14:41:17.0617 1948 ebdrv - ok

14:41:17.0835 1948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

14:41:17.0867 1948 elxstor - ok

14:41:17.0945 1948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

14:41:18.0007 1948 ErrDev - ok

14:41:18.0210 1948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:41:18.0257 1948 exfat - ok

14:41:18.0537 1948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:41:18.0662 1948 fastfat - ok

14:41:19.0005 1948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

14:41:19.0068 1948 fdc - ok

14:41:19.0177 1948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:41:19.0193 1948 FileInfo - ok

14:41:19.0255 1948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:41:19.0286 1948 Filetrace - ok

14:41:19.0333 1948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

14:41:19.0380 1948 flpydisk - ok

14:41:19.0427 1948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:41:19.0473 1948 FltMgr - ok

14:41:19.0583 1948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:41:19.0598 1948 FsDepends - ok

14:41:19.0614 1948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

14:41:19.0629 1948 Fs_Rec - ok

14:41:19.0676 1948 fvevol (0c0386c5b33812be2e7188e5e82621dc) C:\Windows\system32\DRIVERS\fvevol.sys

14:41:19.0707 1948 fvevol - ok

14:41:19.0926 1948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:41:19.0973 1948 gagp30kx - ok

14:41:20.0082 1948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:41:20.0144 1948 hcw85cir - ok

14:41:20.0238 1948 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

14:41:20.0285 1948 HdAudAddService - ok

14:41:20.0394 1948 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:41:20.0441 1948 HDAudBus - ok

14:41:20.0690 1948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

14:41:20.0893 1948 HidBatt - ok

14:41:21.0283 1948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

14:41:21.0361 1948 HidBth - ok

14:41:21.0455 1948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

14:41:21.0486 1948 HidIr - ok

14:41:21.0564 1948 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

14:41:21.0579 1948 HidUsb - ok

14:41:21.0657 1948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:41:21.0673 1948 HpSAMD - ok

14:41:21.0735 1948 HTTP (33bd3b302aaf1bae758b1a73d0279972) C:\Windows\system32\drivers\HTTP.sys

14:41:21.0829 1948 HTTP - ok

14:41:21.0954 1948 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

14:41:21.0985 1948 hwpolicy - ok

14:41:22.0172 1948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

14:41:22.0188 1948 i8042prt - ok

14:41:22.0375 1948 iaStorV (b9039a34c2f8769490dcc494e2402445) C:\Windows\system32\drivers\iaStorV.sys

14:41:22.0422 1948 iaStorV - ok

14:41:22.0562 1948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

14:41:22.0593 1948 iirsp - ok

14:41:22.0781 1948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

14:41:22.0827 1948 intelide - ok

14:41:22.0952 1948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:41:22.0983 1948 intelppm - ok

14:41:23.0171 1948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:41:23.0249 1948 IpFilterDriver - ok

14:41:23.0467 1948 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:41:23.0498 1948 IPMIDRV - ok

14:41:23.0561 1948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:41:23.0654 1948 IPNAT - ok

14:41:23.0685 1948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:41:23.0888 1948 IRENUM - ok

14:41:24.0044 1948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

14:41:24.0075 1948 isapnp - ok

14:41:24.0169 1948 iScsiPrt (97bd53b860bd1d3d0dbcf2fbbbe18710) C:\Windows\system32\DRIVERS\msiscsi.sys

14:41:24.0185 1948 iScsiPrt - ok

14:41:24.0263 1948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:41:24.0278 1948 kbdclass - ok

14:41:24.0434 1948 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

14:41:24.0497 1948 kbdhid - ok

14:41:24.0559 1948 KSecDD (06db9866e55a6d4af50a3ddaeacaea2a) C:\Windows\system32\Drivers\ksecdd.sys

14:41:24.0575 1948 KSecDD - ok

14:41:24.0637 1948 KSecPkg (509fc3c29f86d715dafc622c3a685ba1) C:\Windows\system32\Drivers\ksecpkg.sys

14:41:24.0653 1948 KSecPkg - ok

14:41:25.0261 1948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:41:25.0339 1948 lltdio - ok

14:41:25.0823 1948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:41:25.0869 1948 LSI_FC - ok

14:41:26.0057 1948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:41:26.0103 1948 LSI_SAS - ok

14:41:26.0306 1948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:41:26.0337 1948 LSI_SAS2 - ok

14:41:26.0618 1948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:41:26.0649 1948 LSI_SCSI - ok

14:41:26.0712 1948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:41:26.0759 1948 luafv - ok

14:41:26.0868 1948 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys

14:41:26.0915 1948 ManyCam - ok

14:41:27.0055 1948 MBAMSwissArmy - ok

14:41:27.0117 1948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

14:41:27.0149 1948 megasas - ok

14:41:27.0180 1948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

14:41:27.0211 1948 MegaSR - ok

14:41:27.0242 1948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:41:27.0305 1948 Modem - ok

14:41:27.0367 1948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:41:27.0398 1948 monitor - ok

14:41:27.0429 1948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:41:27.0445 1948 mouclass - ok

14:41:27.0507 1948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:41:27.0539 1948 mouhid - ok

14:41:27.0570 1948 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

14:41:27.0585 1948 mountmgr - ok

14:41:27.0663 1948 mpio (8a4a284ce21201f245e09f0021a3c8c7) C:\Windows\system32\DRIVERS\mpio.sys

14:41:27.0710 1948 mpio - ok

14:41:27.0773 1948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:41:27.0804 1948 mpsdrv - ok

14:41:27.0897 1948 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

14:41:27.0944 1948 MRxDAV - ok

14:41:27.0991 1948 mrxsmb (ae6248d356c6c1de1623f0610b7fb0a3) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:41:28.0038 1948 mrxsmb - ok

14:41:28.0100 1948 mrxsmb10 (6d8ab5e1ef631470014cb167c426a38f) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:41:28.0147 1948 mrxsmb10 - ok

14:41:28.0350 1948 mrxsmb20 (05fcf029fb6915df707222d3806c760a) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:41:28.0381 1948 mrxsmb20 - ok

14:41:28.0459 1948 msahci (4e00965bb3c471d52b07c9c3c59a82cf) C:\Windows\system32\DRIVERS\msahci.sys

14:41:28.0475 1948 msahci - ok

14:41:28.0521 1948 msdsm (c575749358de482326943bddf0beb64b) C:\Windows\system32\DRIVERS\msdsm.sys

14:41:28.0537 1948 msdsm - ok

14:41:28.0584 1948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:41:28.0631 1948 Msfs - ok

14:41:28.0911 1948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:41:28.0974 1948 mshidkmdf - ok

14:41:29.0052 1948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

14:41:29.0083 1948 msisadrv - ok

14:41:29.0177 1948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:41:29.0223 1948 MSKSSRV - ok

14:41:29.0333 1948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:41:29.0411 1948 MSPCLOCK - ok

14:41:29.0520 1948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:41:29.0567 1948 MSPQM - ok

14:41:29.0707 1948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:41:29.0723 1948 MsRPC - ok

14:41:29.0925 1948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

14:41:29.0941 1948 mssmbios - ok

14:41:30.0003 1948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:41:30.0066 1948 MSTEE - ok

14:41:30.0175 1948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

14:41:30.0206 1948 MTConfig - ok

14:41:30.0300 1948 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

14:41:30.0347 1948 MTsensor - ok

14:41:30.0425 1948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:41:30.0440 1948 Mup - ok

14:41:30.0565 1948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:41:30.0627 1948 NativeWifiP - ok

14:41:30.0799 1948 NDIS (3cb507ab001dffaca301cfe177631ccc) C:\Windows\system32\drivers\ndis.sys

14:41:30.0861 1948 NDIS - ok

14:41:30.0924 1948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:41:31.0033 1948 NdisCap - ok

14:41:31.0205 1948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:41:31.0251 1948 NdisTapi - ok

14:41:31.0314 1948 Ndisuio (bf6d06b889915b252333ee887479c5ac) C:\Windows\system32\DRIVERS\ndisuio.sys

14:41:31.0345 1948 Ndisuio - ok

14:41:31.0392 1948 NdisWan (50c5535b0c3c2f357d83037d1bcf9199) C:\Windows\system32\DRIVERS\ndiswan.sys

14:41:31.0470 1948 NdisWan - ok

14:41:31.0532 1948 NDProxy (f49fef57e1828e243679f1e9a0b5f291) C:\Windows\system32\drivers\NDProxy.sys

14:41:31.0595 1948 NDProxy - ok

14:41:31.0641 1948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:41:31.0704 1948 NetBIOS - ok

14:41:31.0782 1948 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

14:41:31.0844 1948 NetBT - ok

14:41:31.0969 1948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

14:41:31.0985 1948 nfrd960 - ok

14:41:32.0047 1948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:41:32.0125 1948 Npfs - ok

14:41:32.0390 1948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:41:32.0453 1948 nsiproxy - ok

14:41:32.0733 1948 Ntfs (a7266d82db9675afbded39695b69edac) C:\Windows\system32\drivers\Ntfs.sys

14:41:32.0889 1948 Ntfs - ok

14:41:33.0123 1948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:41:33.0170 1948 Null - ok

14:41:33.0373 1948 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

14:41:33.0435 1948 NVENETFD - ok

14:41:34.0434 1948 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:41:34.0808 1948 nvlddmkm - ok

14:41:34.0917 1948 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

14:41:34.0949 1948 nvraid - ok

14:41:35.0027 1948 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

14:41:35.0042 1948 nvstor - ok

14:41:35.0105 1948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

14:41:35.0120 1948 nv_agp - ok

14:41:35.0151 1948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

14:41:35.0183 1948 ohci1394 - ok

14:41:35.0276 1948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

14:41:35.0323 1948 Parport - ok

14:41:35.0370 1948 partmgr (f9b97abba2b00b9a30d75944e84ca309) C:\Windows\system32\drivers\partmgr.sys

14:41:35.0401 1948 partmgr - ok

14:41:35.0448 1948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

14:41:35.0463 1948 Parvdm - ok

14:41:35.0526 1948 pci (1d20a96c51832217dc0732b4e0f3d9b7) C:\Windows\system32\DRIVERS\pci.sys

14:41:35.0541 1948 pci - ok

14:41:35.0573 1948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

14:41:35.0588 1948 pciide - ok

14:41:35.0635 1948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

14:41:35.0651 1948 pcmcia - ok

14:41:35.0697 1948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:41:35.0713 1948 pcw - ok

14:41:35.0791 1948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:41:35.0885 1948 PEAUTH - ok

14:41:36.0353 1948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:41:36.0431 1948 PptpMiniport - ok

14:41:36.0774 1948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

14:41:36.0836 1948 Processor - ok

14:41:37.0273 1948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:41:37.0335 1948 Psched - ok

14:41:37.0585 1948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

14:41:37.0694 1948 ql2300 - ok

14:41:37.0928 1948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

14:41:37.0959 1948 ql40xx - ok

14:41:38.0271 1948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:41:38.0318 1948 QWAVEdrv - ok

14:41:38.0381 1948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:41:38.0427 1948 RasAcd - ok

14:41:38.0490 1948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:41:38.0537 1948 RasAgileVpn - ok

14:41:38.0599 1948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:41:38.0646 1948 Rasl2tp - ok

14:41:38.0693 1948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:41:38.0739 1948 RasPppoe - ok

14:41:38.0942 1948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:41:39.0145 1948 RasSstp - ok

14:41:39.0473 1948 rdbss (d0d5f258a906a9a7226d0ce648c62fd5) C:\Windows\system32\DRIVERS\rdbss.sys

14:41:39.0566 1948 rdbss - ok

14:41:39.0644 1948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

14:41:39.0675 1948 rdpbus - ok

14:41:39.0722 1948 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:41:39.0753 1948 RDPCDD - ok

14:41:39.0816 1948 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

14:41:39.0863 1948 RDPDR - ok

14:41:40.0159 1948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:41:40.0237 1948 RDPENCDD - ok

14:41:40.0315 1948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:41:40.0377 1948 RDPREFMP - ok

14:41:40.0471 1948 RDPWD (bc247aad6a56abb6b476d9286ce14f51) C:\Windows\system32\drivers\RDPWD.sys

14:41:40.0502 1948 RDPWD - ok

14:41:40.0565 1948 rdyboost (65db288f7372b1f632891fc32bf908b7) C:\Windows\system32\drivers\rdyboost.sys

14:41:40.0580 1948 rdyboost - ok

14:41:40.0783 1948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:41:40.0861 1948 rspndr - ok

14:41:40.0923 1948 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS

14:41:40.0970 1948 RTSTOR - ok

14:41:41.0079 1948 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

14:41:41.0126 1948 s3cap - ok

14:41:41.0298 1948 sbp2port (662b7f49cb295f15b5a1a36ad3ae9c2c) C:\Windows\system32\DRIVERS\sbp2port.sys

14:41:41.0345 1948 sbp2port - ok

14:41:41.0469 1948 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

14:41:41.0516 1948 scfilter - ok

14:41:41.0906 1948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:41:41.0969 1948 secdrv - ok

14:41:42.0062 1948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:41:42.0078 1948 Serenum - ok

14:41:42.0156 1948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

14:41:42.0203 1948 Serial - ok

14:41:42.0249 1948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

14:41:42.0296 1948 sermouse - ok

14:41:42.0343 1948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

14:41:42.0374 1948 sffdisk - ok

14:41:42.0405 1948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:41:42.0421 1948 sffp_mmc - ok

14:41:42.0468 1948 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:41:42.0499 1948 sffp_sd - ok

14:41:42.0577 1948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

14:41:42.0655 1948 sfloppy - ok

14:41:42.0780 1948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

14:41:42.0795 1948 sisagp - ok

14:41:42.0858 1948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:41:42.0873 1948 SiSRaid2 - ok

14:41:43.0061 1948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

14:41:43.0076 1948 SiSRaid4 - ok

14:41:43.0357 1948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:41:43.0435 1948 Smb - ok

14:41:44.0012 1948 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys

14:41:44.0137 1948 smserial - ok

14:41:44.0355 1948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:41:44.0418 1948 spldr - ok

14:41:44.0979 1948 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\Windows\System32\Drivers\sptd.sys

14:41:44.0979 1948 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7

14:41:44.0979 1948 sptd ( LockedFile.Multi.Generic ) - warning

14:41:44.0979 1948 sptd - detected LockedFile.Multi.Generic (1)

14:41:45.0494 1948 srv (110ad8cd36f173e917b1145950042b79) C:\Windows\system32\DRIVERS\srv.sys

14:41:45.0635 1948 srv - ok

14:41:46.0056 1948 srv2 (0460a195747ec2cb8d07b9634e85d637) C:\Windows\system32\DRIVERS\srv2.sys

14:41:46.0134 1948 srv2 - ok

14:41:46.0212 1948 srvnet (e461231d570586f158becc94c342cbe0) C:\Windows\system32\DRIVERS\srvnet.sys

14:41:46.0259 1948 srvnet - ok

14:41:46.0524 1948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

14:41:46.0555 1948 stexstor - ok

14:41:46.0711 1948 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

14:41:46.0758 1948 storflt - ok

14:41:46.0820 1948 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

14:41:46.0836 1948 storvsc - ok

14:41:46.0867 1948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

14:41:46.0883 1948 swenum - ok

14:41:47.0273 1948 Tcpip (93c444d118b184452132357c322124cd) C:\Windows\system32\drivers\tcpip.sys

14:41:47.0351 1948 Tcpip - ok

14:41:47.0928 1948 TCPIP6 (93c444d118b184452132357c322124cd) C:\Windows\system32\DRIVERS\tcpip.sys

14:41:47.0975 1948 TCPIP6 - ok

14:41:48.0177 1948 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

14:41:48.0224 1948 tcpipreg - ok

14:41:48.0302 1948 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

14:41:48.0349 1948 TDPIPE - ok

14:41:48.0396 1948 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

14:41:48.0443 1948 TDTCP - ok

14:41:48.0489 1948 tdx (4893eb2d4333da983fed1aef1fac24f6) C:\Windows\system32\DRIVERS\tdx.sys

14:41:48.0536 1948 tdx - ok

14:41:48.0567 1948 TermDD (c0d02b80867e31320d36ac551b72f0e9) C:\Windows\system32\DRIVERS\termdd.sys

14:41:48.0583 1948 TermDD - ok

14:41:48.0630 1948 tssecsrv (9dff45630df6e13b48bc01b8e799a781) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:41:48.0677 1948 tssecsrv - ok

14:41:48.0739 1948 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

14:41:48.0833 1948 tunnel - ok

14:41:48.0895 1948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

14:41:48.0911 1948 uagp35 - ok

14:41:48.0957 1948 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys

14:41:49.0004 1948 udfs - ok

14:41:49.0051 1948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:41:49.0067 1948 uliagpkx - ok

14:41:49.0113 1948 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys

14:41:49.0176 1948 umbus - ok

14:41:49.0238 1948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

14:41:49.0269 1948 UmPass - ok

14:41:49.0332 1948 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys

14:41:49.0379 1948 usbccgp - ok

14:41:49.0410 1948 usbcir (6eb45c02e2c8a5dbf9a119f76ae9bd95) C:\Windows\system32\DRIVERS\usbcir.sys

14:41:49.0425 1948 usbcir - ok

14:41:49.0472 1948 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys

14:41:49.0503 1948 usbehci - ok

14:41:49.0581 1948 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys

14:41:49.0628 1948 usbhub - ok

14:41:49.0675 1948 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\DRIVERS\usbohci.sys

14:41:49.0691 1948 usbohci - ok

14:41:49.0722 1948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

14:41:49.0753 1948 usbprint - ok

14:41:49.0815 1948 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:49.0862 1948 USBSTOR - ok

14:41:49.0940 1948 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys

14:41:49.0971 1948 usbuhci - ok

14:41:50.0065 1948 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys

14:41:50.0143 1948 usbvideo - ok

14:41:50.0221 1948 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

14:41:50.0268 1948 usb_rndisx - ok

14:41:50.0361 1948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:41:50.0377 1948 vdrvroot - ok

14:41:50.0424 1948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:41:50.0455 1948 vga - ok

14:41:50.0486 1948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:41:50.0533 1948 VgaSave - ok

14:41:50.0595 1948 vhdmp (2fd298650b5739dd59d21ce5ddaca031) C:\Windows\system32\DRIVERS\vhdmp.sys

14:41:50.0642 1948 vhdmp - ok

14:41:50.0720 1948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

14:41:50.0736 1948 viaagp - ok

14:41:50.0814 1948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

14:41:50.0845 1948 ViaC7 - ok

14:41:50.0907 1948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

14:41:50.0923 1948 viaide - ok

14:41:51.0219 1948 vmbus (cdfd6ba00b8859fbeeb1bce0f150de68) C:\Windows\system32\DRIVERS\vmbus.sys

14:41:51.0282 1948 vmbus - ok

14:41:51.0531 1948 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

14:41:51.0547 1948 VMBusHID - ok

14:41:51.0781 1948 volmgr (978ea60a508574116d468f9beb8593b3) C:\Windows\system32\DRIVERS\volmgr.sys

14:41:51.0812 1948 volmgr - ok

14:41:52.0124 1948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:41:52.0187 1948 volmgrx - ok

14:41:52.0343 1948 volsnap (5463c319d61e7510c67bc7b5506c5c20) C:\Windows\system32\DRIVERS\volsnap.sys

14:41:52.0405 1948 volsnap - ok

14:41:52.0748 1948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

14:41:52.0779 1948 vsmraid - ok

14:41:53.0013 1948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

14:41:53.0076 1948 vwifibus - ok

14:41:53.0232 1948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

14:41:53.0310 1948 vwififlt - ok

14:41:53.0403 1948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

14:41:53.0419 1948 WacomPen - ok

14:41:53.0513 1948 WANARP (db3b1965c2fb1476d95e413c3b7cacbb) C:\Windows\system32\DRIVERS\wanarp.sys

14:41:53.0575 1948 WANARP - ok

14:41:53.0575 1948 Wanarpv6 (db3b1965c2fb1476d95e413c3b7cacbb) C:\Windows\system32\DRIVERS\wanarp.sys

14:41:53.0591 1948 Wanarpv6 - ok

14:41:53.0653 1948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

14:41:53.0669 1948 Wd - ok

14:41:53.0840 1948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:41:53.0887 1948 Wdf01000 - ok

14:41:54.0199 1948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:41:54.0277 1948 WfpLwf - ok

14:41:54.0542 1948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:41:54.0589 1948 WIMMount - ok

14:41:55.0026 1948 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys

14:41:55.0088 1948 WinUsb - ok

14:41:55.0431 1948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:41:55.0478 1948 WmiAcpi - ok

14:41:55.0634 1948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:41:55.0681 1948 ws2ifsl - ok

14:41:55.0743 1948 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys

14:41:55.0775 1948 WudfPf - ok

14:41:55.0915 1948 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:41:55.0977 1948 WUDFRd - ok

14:41:56.0087 1948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:41:56.0227 1948 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:41:56.0227 1948 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:41:56.0243 1948 Boot (0x1200) (821044d8cee32c5801136abd343cd114) \Device\Harddisk0\DR0\Partition0

14:41:56.0258 1948 \Device\Harddisk0\DR0\Partition0 - ok

14:41:56.0289 1948 Boot (0x1200) (f42e8501010de4291e4dba1d120af28d) \Device\Harddisk0\DR0\Partition1

14:41:56.0289 1948 \Device\Harddisk0\DR0\Partition1 - ok

14:41:56.0289 1948 ============================================================

14:41:56.0289 1948 Scan finished

14:41:56.0289 1948 ============================================================

14:41:56.0305 3476 Detected object count: 3

14:41:56.0305 3476 Actual detected object count: 3

14:42:12.0685 3476 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813

14:42:14.0760 3476 Backup copy not found, trying to cure infected file..

14:42:14.0775 3476 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)

14:42:14.0775 3476 C:\Windows\system32\Drivers\dfsc.sys - processing error

14:42:44.0369 3476 DfsC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure

14:42:44.0369 3476 sptd ( LockedFile.Multi.Generic ) - skipped by user

14:42:44.0369 3476 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

14:42:44.0384 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:42:44.0384 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

In between the scan I got a pop-up saying something bout Rootkit.ZeroAccess and it automaticly restarted.

And the log seems to be in Dutch. If that gives you any problems please let me know.

Heres the log:

ComboFix 11-12-13.03 - femke 14-12-2011 23:51:00.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1919.1359 [GMT 1:00]

Gestart vanuit: c:\users\femke\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\2VeQniks.exe

c:\programdata\windows

c:\programdata\Windows\dumd.dat

c:\programdata\Windows\xdor.dat

c:\windows\$NtUninstallKB56154$\1516601663\@

c:\windows\$NtUninstallKB56154$\1516601663\bckfg.tmp

c:\windows\$NtUninstallKB56154$\1516601663\cfg.ini

c:\windows\$NtUninstallKB56154$\1516601663\Desktop.ini

c:\windows\$NtUninstallKB56154$\1516601663\keywords

c:\windows\$NtUninstallKB56154$\1516601663\kwrd.dll

c:\windows\$NtUninstallKB56154$\1516601663\L\xadqgnnk

c:\windows\$NtUninstallKB56154$\1516601663\U\00000001.@

c:\windows\$NtUninstallKB56154$\1516601663\U\00000002.@

c:\windows\$NtUninstallKB56154$\1516601663\U\00000004.@

c:\windows\$NtUninstallKB56154$\1516601663\U\80000000.@

c:\windows\$NtUninstallKB56154$\1516601663\U\80000004.@

c:\windows\$NtUninstallKB56154$\1516601663\U\80000032.@

c:\windows\$NtUninstallKB56154$\2536208358

c:\windows\$NtUninstallKB56154$ . . . . konden niet verwijderd worden

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-14 to 2011-12-14 ))))))))))))))))))))))))))))))

.

.

2011-12-12 20:35 . 2011-12-04 20:36 116224 ----a-w- c:\windows\system32\a14t66j7U.com

2011-12-10 12:54 . 2011-12-10 12:54 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\programdata\IObit

2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\program files\IObit

2011-12-10 04:51 . 2011-12-10 04:51 -------- d-----w- c:\users\femke\AppData\Local\PackageAware

2011-12-07 13:17 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-12-07 13:17 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-12-07 13:17 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-12-07 13:17 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2011-12-07 13:17 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\users\femke\AppData\Roaming\Malwarebytes

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\programdata\Malwarebytes

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-05 21:24 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 21:01 . 2011-12-10 17:52 -------- d-----w- c:\programdata\Norton

2011-12-04 19:04 . 2011-12-04 20:45 22528 ----a-w- c:\windows\system32\wsock32.dll

2011-12-04 18:34 . 2011-12-04 18:34 -------- d-----w- c:\users\femke\AppData\Local\SanctionedMedia

2011-12-01 22:54 . 2011-12-05 21:32 -------- d-----w- c:\users\femke\AppData\Roaming\Viuks

2011-12-01 22:54 . 2011-12-05 21:21 -------- d-----w- c:\users\femke\AppData\Roaming\Ososgo

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 05:53 . 2011-06-15 06:02 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-23 01:51 . 2011-10-23 01:51 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2011-02-13 232912]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RUN.CMD [2010-10-24 142]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fdewuqe]

2011-12-05 10:49 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 218688]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-13 c:\windows\Tasks\At1.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At10.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-13 c:\windows\Tasks\At11.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At12.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-10 c:\windows\Tasks\At13.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-10 c:\windows\Tasks\At14.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At15.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At16.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At17.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At18.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At19.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At2.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At20.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At21.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At22.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At23.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At24.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At25.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At26.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-09 c:\windows\Tasks\At27.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-09 c:\windows\Tasks\At28.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-13 c:\windows\Tasks\At29.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At3.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At30.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-13 c:\windows\Tasks\At31.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At32.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-13 c:\windows\Tasks\At33.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-13 c:\windows\Tasks\At34.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At35.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At36.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At37.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At38.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At39.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At4.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At40.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At41.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At42.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At43.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At44.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At45.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At46.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At47.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At48.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At5.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At6.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-14 c:\windows\Tasks\At7.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\At8.job

- c:\windows\system32\a14t66j7U.com_ [2011-12-04 20:36]

.

2011-12-13 c:\windows\Tasks\At9.job

- c:\windows\system32\a14t66j7U.com [2011-12-12 20:36]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\femke\AppData\Roaming\Mozilla\Firefox\Profiles\t1hdrefw.default\

FF - prefs.js: browser.startup.homepage - www.google.nl

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)

SafeBoot-44587636.sys

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]

"ImagePath"="\*"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\

.

[HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ea63857-c0b9-4247-8071-b7f22870224c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000127

"Therad"=dword:00000021

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\

.

[HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):e6,42,d5,90,10,23,b1,62,39,0f,88,32,21,9b,8d,8f,85,1d,51,c1,41,

02,fc,cf,97,8a,f8,0e,01,a4,70,54,dd,70,1c,2f,b6,a4,45,1d,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATKOSD2\ATKOSD2.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-15 00:09:25 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-14 23:09

.

Pre-Run: 23.577.083.904 bytes beschikbaar

Post-Run: 23.327.694.848 bytes beschikbaar

.

- - End Of File - - E20070F706CA12104AFB3D475AFEF308

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=101838

Collect::
c:\windows\system32\a14t66j7U.com
c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fdewuqe]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.dfsc]

AtJob::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

ComboFix 11-12-13.03 - femke 15-12-2011 14:34:53.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1919.1424 [GMT 1:00]

Gestart vanuit: c:\users\femke\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\femke\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

file zipped: c:\windows\system32\a14t66j7U.com

file zipped: c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\a14t66j7U.com

c:\windows\System32\config\systemprofile\AppData\Local\fdewuqe.dll

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At25.job

c:\windows\Tasks\At26.job

c:\windows\Tasks\At27.job

c:\windows\Tasks\At28.job

c:\windows\Tasks\At29.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At30.job

c:\windows\Tasks\At31.job

c:\windows\Tasks\At32.job

c:\windows\Tasks\At33.job

c:\windows\Tasks\At34.job

c:\windows\Tasks\At35.job

c:\windows\Tasks\At36.job

c:\windows\Tasks\At37.job

c:\windows\Tasks\At38.job

c:\windows\Tasks\At39.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At40.job

c:\windows\Tasks\At41.job

c:\windows\Tasks\At42.job

c:\windows\Tasks\At43.job

c:\windows\Tasks\At44.job

c:\windows\Tasks\At45.job

c:\windows\Tasks\At46.job

c:\windows\Tasks\At47.job

c:\windows\Tasks\At48.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-15 to 2011-12-15 ))))))))))))))))))))))))))))))

.

.

2011-12-15 13:42 . 2011-12-15 13:44 -------- d-----w- c:\users\femke\AppData\Local\temp

2011-12-15 13:42 . 2011-12-15 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-14 22:47 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-12-10 12:54 . 2011-12-10 12:54 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\programdata\IObit

2011-12-10 05:14 . 2011-12-10 05:14 -------- d-----w- c:\program files\IObit

2011-12-10 04:51 . 2011-12-10 04:51 -------- d-----w- c:\users\femke\AppData\Local\PackageAware

2011-12-07 13:17 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-12-07 13:17 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-12-07 13:17 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-12-07 13:17 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2011-12-07 13:17 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\users\femke\AppData\Roaming\Malwarebytes

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\programdata\Malwarebytes

2011-12-05 21:24 . 2011-12-05 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-05 21:24 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 21:01 . 2011-12-10 17:52 -------- d-----w- c:\programdata\Norton

2011-12-04 19:04 . 2011-12-04 20:45 22528 ----a-w- c:\windows\system32\wsock32.dll

2011-12-04 18:50 . 2011-12-04 20:36 116224 ----a-w- c:\windows\system32\a14t66j7U.com_

2011-12-04 18:34 . 2011-12-04 18:34 -------- d-----w- c:\users\femke\AppData\Local\SanctionedMedia

2011-12-01 22:54 . 2011-12-05 21:32 -------- d-----w- c:\users\femke\AppData\Roaming\Viuks

2011-12-01 22:54 . 2011-12-05 21:21 -------- d-----w- c:\users\femke\AppData\Roaming\Ososgo

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 05:53 . 2011-06-15 06:02 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-23 01:51 . 2011-10-23 01:51 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2011-02-13 232912]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RUN.CMD [2010-10-24 142]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 CFcatchme;CFcatchme;c:\users\femke\AppData\Local\Temp\CFcatchme.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 218688]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37]

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: E&xporteren naar Microsoft Excel - c:\program files\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\femke\AppData\Roaming\Mozilla\Firefox\Profiles\t1hdrefw.default\

FF - prefs.js: browser.startup.homepage - www.google.nl

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,05,a5,71,fd,53,d6,42,a7,b6,38,\

.

[HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ea63857-c0b9-4247-8071-b7f22870224c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000127

"Therad"=dword:00000021

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\

.

[HKEY_USERS\S-1-5-21-510140705-648462526-1029948936-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):e6,42,d5,90,10,23,b1,62,39,0f,88,32,21,9b,8d,8f,85,1d,51,c1,41,

02,fc,cf,97,8a,f8,0e,01,a4,70,54,dd,70,1c,2f,b6,a4,45,1d,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATKOSD2\ATKOSD2.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-15 14:49:29 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-15 13:49

ComboFix2.txt 2011-12-14 23:09

.

Pre-Run: 22.944.911.360 bytes beschikbaar

Post-Run: 22.832.017.408 bytes beschikbaar

.

- - End Of File - - BA9DAC3BCC2B4D49C655977685D2F8C5

Upload was successvol

Link to post
Share on other sites

(sorry meant to edit my last post but I couldnt)

a14t66j7U isnt completely gone from System32 yet. The one with .exe is gone right now but .com.b and .com_ are still there.

Ill keep an eye on it for the next few hours to see if .exe returns and to see if they still flood task manager.

Link to post
Share on other sites

a14t66j7U still keeps coming on task manager

The .exe file has not returned to System32 though.

And two others files appeared which are called:

2VeQniks.exe

2VeQniks.exe.b

They are both located in C:\ProgramData

The first one is flooding my task manager too now.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.