Jump to content

I'm stuck with mediashifting.com


Recommended Posts

Hello,

a week since my computer is infected by this malware... first it was poinskdll, now it's mediashifting... Plus, the proxy settings in Firefox are hijacked too: each time i start Firefox, I must change the settings to "automatically detect proxy settings" etc. to access the Internet. And iTunes doesnt seem to connect anymore...

Malwarebytes didn't see nothing... but here is the Log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Version de la base de données: 8392

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2011-12-24 11:03:43

mbam-log-2011-12-24 (11-03-43).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 178363

Temps écoulé: 4 minute(s), 2 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Link to post
Share on other sites

Hello proftis77 and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • FSS.txt
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites

Hello!

Seems the problems are fixed... except for the proxy setup in Firefox (but I'll try to fix it, I don't think it's a virus, but I you have an idea...)

Many, many, many thanks!!

Here are the log files:

Farbar Service Scanner

Ran by J (administrator) on 26-12-2011 at 06:49:45

Microsoft Windows XP Professional Service Pack 3 (X86)

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

IE proxy is enabled.

ProxyServer: http=127.0.0.1:58545

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

**** End of log ****

06:51:20.0609 3000 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

06:51:22.0609 3000 ============================================================

06:51:22.0609 3000 Current date / time: 2011/12/26 06:51:22.0609

06:51:22.0609 3000 SystemInfo:

06:51:22.0609 3000

06:51:22.0609 3000 OS Version: 5.1.2600 ServicePack: 3.0

06:51:22.0609 3000 Product type: Workstation

06:51:22.0609 3000 ComputerName: ORDI-E400DEBECC

06:51:22.0609 3000 UserName: J

06:51:22.0609 3000 Windows directory: C:\WINDOWS

06:51:22.0609 3000 System windows directory: C:\WINDOWS

06:51:22.0609 3000 Processor architecture: Intel x86

06:51:22.0609 3000 Number of processors: 2

06:51:22.0609 3000 Page size: 0x1000

06:51:22.0609 3000 Boot type: Normal boot

06:51:22.0609 3000 ============================================================

06:51:23.0843 3000 Initialize success

06:51:31.0203 3948 ============================================================

06:51:31.0203 3948 Scan started

06:51:31.0203 3948 Mode: Manual;

06:51:31.0203 3948 ============================================================

06:51:32.0687 3948 Abiosdsk - ok

06:51:32.0703 3948 abp480n5 - ok

06:51:32.0750 3948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:51:32.0765 3948 ACPI - ok

06:51:32.0796 3948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

06:51:32.0796 3948 ACPIEC - ok

06:51:32.0843 3948 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys

06:51:32.0859 3948 ADIHdAudAddService - ok

06:51:32.0875 3948 adpu160m - ok

06:51:32.0906 3948 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys

06:51:32.0906 3948 AEAudio - ok

06:51:32.0937 3948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

06:51:32.0937 3948 aec - ok

06:51:32.0984 3948 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

06:51:32.0984 3948 AFD - ok

06:51:33.0015 3948 Aha154x - ok

06:51:33.0031 3948 aic78u2 - ok

06:51:33.0046 3948 aic78xx - ok

06:51:33.0062 3948 AliIde - ok

06:51:33.0078 3948 amsint - ok

06:51:33.0109 3948 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:51:33.0109 3948 Arp1394 - ok

06:51:33.0140 3948 asc - ok

06:51:33.0156 3948 asc3350p - ok

06:51:33.0171 3948 asc3550 - ok

06:51:33.0203 3948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:51:33.0203 3948 AsyncMac - ok

06:51:33.0234 3948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

06:51:33.0234 3948 atapi - ok

06:51:33.0265 3948 Atdisk - ok

06:51:33.0421 3948 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:51:33.0453 3948 ati2mtag - ok

06:51:33.0468 3948 AtiHDAudioService (9f7b431c11bdcb79fc1bbe9de4f43b20) C:\WINDOWS\system32\drivers\AtihdXP3.sys

06:51:33.0468 3948 AtiHDAudioService - ok

06:51:33.0484 3948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:51:33.0484 3948 Atmarpc - ok

06:51:33.0531 3948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

06:51:33.0531 3948 audstub - ok

06:51:33.0562 3948 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

06:51:33.0562 3948 BANTExt - ok

06:51:33.0656 3948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

06:51:33.0656 3948 Beep - ok

06:51:33.0687 3948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

06:51:33.0687 3948 cbidf2k - ok

06:51:33.0734 3948 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

06:51:33.0734 3948 CCDECODE - ok

06:51:33.0750 3948 cd20xrnt - ok

06:51:33.0781 3948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

06:51:33.0781 3948 Cdaudio - ok

06:51:33.0812 3948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

06:51:33.0812 3948 Cdfs - ok

06:51:33.0828 3948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:51:33.0828 3948 Cdrom - ok

06:51:33.0843 3948 Changer - ok

06:51:33.0875 3948 CmdIde - ok

06:51:33.0906 3948 Cpqarray - ok

06:51:33.0968 3948 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys

06:51:33.0968 3948 CrystalSysInfo - ok

06:51:33.0984 3948 dac2w2k - ok

06:51:34.0000 3948 dac960nt - ok

06:51:34.0031 3948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

06:51:34.0031 3948 Disk - ok

06:51:34.0062 3948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

06:51:34.0093 3948 dmboot - ok

06:51:34.0109 3948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

06:51:34.0109 3948 dmio - ok

06:51:34.0140 3948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

06:51:34.0140 3948 dmload - ok

06:51:34.0171 3948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

06:51:34.0171 3948 DMusic - ok

06:51:34.0203 3948 dpti2o - ok

06:51:34.0218 3948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

06:51:34.0218 3948 drmkaud - ok

06:51:34.0250 3948 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

06:51:34.0265 3948 dtsoftbus01 - ok

06:51:34.0312 3948 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys

06:51:34.0312 3948 dvd43llh - ok

06:51:34.0375 3948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

06:51:34.0375 3948 Fastfat - ok

06:51:34.0390 3948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

06:51:34.0406 3948 Fdc - ok

06:51:34.0421 3948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

06:51:34.0421 3948 Fips - ok

06:51:34.0437 3948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:51:34.0437 3948 Flpydisk - ok

06:51:34.0468 3948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

06:51:34.0468 3948 FltMgr - ok

06:51:34.0484 3948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:51:34.0484 3948 Fs_Rec - ok

06:51:34.0515 3948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:51:34.0515 3948 Ftdisk - ok

06:51:34.0546 3948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

06:51:34.0546 3948 GEARAspiWDM - ok

06:51:34.0578 3948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:51:34.0578 3948 Gpc - ok

06:51:34.0609 3948 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:51:34.0609 3948 HDAudBus - ok

06:51:34.0656 3948 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:51:34.0656 3948 hidusb - ok

06:51:34.0687 3948 hpn - ok

06:51:34.0734 3948 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

06:51:34.0734 3948 HPZid412 - ok

06:51:34.0750 3948 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

06:51:34.0765 3948 HPZipr12 - ok

06:51:34.0781 3948 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

06:51:34.0781 3948 HPZius12 - ok

06:51:34.0828 3948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

06:51:34.0828 3948 HTTP - ok

06:51:34.0859 3948 i2omgmt - ok

06:51:34.0875 3948 i2omp - ok

06:51:34.0906 3948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

06:51:34.0906 3948 i8042prt - ok

06:51:34.0937 3948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

06:51:34.0937 3948 Imapi - ok

06:51:34.0953 3948 ini910u - ok

06:51:34.0984 3948 IntelIde - ok

06:51:35.0000 3948 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:51:35.0000 3948 intelppm - ok

06:51:35.0031 3948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

06:51:35.0031 3948 Ip6Fw - ok

06:51:35.0078 3948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:51:35.0078 3948 IpFilterDriver - ok

06:51:35.0109 3948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:51:35.0109 3948 IpInIp - ok

06:51:35.0140 3948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:51:35.0156 3948 IpNat - ok

06:51:35.0218 3948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:51:35.0218 3948 IPSec - ok

06:51:35.0265 3948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

06:51:35.0265 3948 IRENUM - ok

06:51:35.0296 3948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:51:35.0296 3948 isapnp - ok

06:51:35.0328 3948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:51:35.0328 3948 Kbdclass - ok

06:51:35.0437 3948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:51:35.0437 3948 kbdhid - ok

06:51:35.0484 3948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

06:51:35.0484 3948 kmixer - ok

06:51:35.0531 3948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

06:51:35.0531 3948 KSecDD - ok

06:51:35.0578 3948 lbrtfdc - ok

06:51:35.0609 3948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

06:51:35.0609 3948 mnmdd - ok

06:51:35.0671 3948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

06:51:35.0671 3948 Modem - ok

06:51:35.0718 3948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:51:35.0718 3948 Mouclass - ok

06:51:35.0750 3948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:51:35.0750 3948 mouhid - ok

06:51:35.0781 3948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

06:51:35.0781 3948 MountMgr - ok

06:51:35.0796 3948 mraid35x - ok

06:51:35.0828 3948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:51:35.0828 3948 MRxDAV - ok

06:51:35.0875 3948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:51:35.0890 3948 MRxSmb - ok

06:51:35.0921 3948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

06:51:35.0921 3948 Msfs - ok

06:51:35.0953 3948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:51:35.0968 3948 MSKSSRV - ok

06:51:35.0984 3948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:51:35.0984 3948 MSPCLOCK - ok

06:51:36.0015 3948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

06:51:36.0031 3948 MSPQM - ok

06:51:36.0078 3948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:51:36.0078 3948 mssmbios - ok

06:51:36.0109 3948 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

06:51:36.0109 3948 MSTEE - ok

06:51:36.0140 3948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

06:51:36.0140 3948 Mup - ok

06:51:36.0187 3948 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

06:51:36.0187 3948 NABTSFEC - ok

06:51:36.0234 3948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

06:51:36.0250 3948 NDIS - ok

06:51:36.0281 3948 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

06:51:36.0281 3948 NdisIP - ok

06:51:36.0312 3948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:51:36.0328 3948 NdisTapi - ok

06:51:36.0359 3948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:51:36.0359 3948 Ndisuio - ok

06:51:36.0406 3948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:51:36.0406 3948 NdisWan - ok

06:51:36.0453 3948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

06:51:36.0453 3948 NDProxy - ok

06:51:36.0468 3948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

06:51:36.0468 3948 NetBIOS - ok

06:51:36.0500 3948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

06:51:36.0500 3948 NetBT - ok

06:51:36.0546 3948 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:51:36.0546 3948 NIC1394 - ok

06:51:36.0593 3948 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

06:51:36.0609 3948 NPF - ok

06:51:36.0625 3948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

06:51:36.0625 3948 Npfs - ok

06:51:36.0765 3948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

06:51:36.0781 3948 Ntfs - ok

06:51:36.0828 3948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

06:51:36.0828 3948 Null - ok

06:51:36.0875 3948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:51:36.0875 3948 NwlnkFlt - ok

06:51:36.0906 3948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:51:36.0906 3948 NwlnkFwd - ok

06:51:36.0921 3948 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:51:36.0937 3948 ohci1394 - ok

06:51:36.0968 3948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

06:51:36.0984 3948 Parport - ok

06:51:37.0015 3948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

06:51:37.0015 3948 PartMgr - ok

06:51:37.0031 3948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

06:51:37.0046 3948 ParVdm - ok

06:51:37.0062 3948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

06:51:37.0062 3948 PCI - ok

06:51:37.0093 3948 PCIDump - ok

06:51:37.0109 3948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

06:51:37.0109 3948 PCIIde - ok

06:51:37.0156 3948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

06:51:37.0156 3948 Pcmcia - ok

06:51:37.0203 3948 PDCOMP - ok

06:51:37.0218 3948 PDFRAME - ok

06:51:37.0234 3948 PDRELI - ok

06:51:37.0265 3948 PDRFRAME - ok

06:51:37.0281 3948 perc2 - ok

06:51:37.0296 3948 perc2hib - ok

06:51:37.0343 3948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:51:37.0343 3948 PptpMiniport - ok

06:51:37.0375 3948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

06:51:37.0375 3948 PSched - ok

06:51:37.0406 3948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:51:37.0406 3948 Ptilink - ok

06:51:37.0421 3948 ql1080 - ok

06:51:37.0437 3948 Ql10wnt - ok

06:51:37.0453 3948 ql12160 - ok

06:51:37.0468 3948 ql1240 - ok

06:51:37.0500 3948 ql1280 - ok

06:51:37.0515 3948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:51:37.0515 3948 RasAcd - ok

06:51:37.0546 3948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:51:37.0546 3948 Rasl2tp - ok

06:51:37.0562 3948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:51:37.0562 3948 RasPppoe - ok

06:51:37.0593 3948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

06:51:37.0593 3948 Raspti - ok

06:51:37.0625 3948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:51:37.0625 3948 Rdbss - ok

06:51:37.0703 3948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:51:37.0703 3948 RDPCDD - ok

06:51:37.0750 3948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:51:37.0750 3948 rdpdr - ok

06:51:37.0812 3948 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

06:51:37.0812 3948 RDPWD - ok

06:51:37.0859 3948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

06:51:37.0859 3948 redbook - ok

06:51:37.0906 3948 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

06:51:37.0906 3948 RTLE8023xp - ok

06:51:37.0984 3948 SCDEmu (848f43f0cac97e9ed4893f869c878660) C:\WINDOWS\system32\drivers\SCDEmu.sys

06:51:37.0984 3948 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SCDEmu.sys. Real md5: 848f43f0cac97e9ed4893f869c878660, Fake md5: 9feb2026a460916d1a1198b460632630

06:51:37.0984 3948 SCDEmu ( Rootkit.Win32.ZAccess.aml ) - infected

06:51:37.0984 3948 SCDEmu - detected Rootkit.Win32.ZAccess.aml (0)

06:51:38.0015 3948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:51:38.0031 3948 Secdrv - ok

06:51:38.0078 3948 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

06:51:38.0093 3948 SenFiltService - ok

06:51:38.0125 3948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

06:51:38.0125 3948 serenum - ok

06:51:38.0156 3948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

06:51:38.0156 3948 Serial - ok

06:51:38.0187 3948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

06:51:38.0187 3948 Sfloppy - ok

06:51:38.0218 3948 Simbad - ok

06:51:38.0281 3948 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

06:51:38.0281 3948 SLIP - ok

06:51:38.0312 3948 Sparrow - ok

06:51:38.0343 3948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

06:51:38.0343 3948 splitter - ok

06:51:38.0359 3948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

06:51:38.0359 3948 sr - ok

06:51:38.0390 3948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

06:51:38.0406 3948 Srv - ok

06:51:38.0453 3948 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

06:51:38.0453 3948 streamip - ok

06:51:38.0484 3948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

06:51:38.0484 3948 swenum - ok

06:51:38.0531 3948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

06:51:38.0531 3948 swmidi - ok

06:51:38.0562 3948 symc810 - ok

06:51:38.0609 3948 symc8xx - ok

06:51:38.0625 3948 sym_hi - ok

06:51:38.0656 3948 sym_u3 - ok

06:51:38.0687 3948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

06:51:38.0687 3948 sysaudio - ok

06:51:38.0734 3948 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:51:38.0734 3948 Tcpip - ok

06:51:38.0781 3948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

06:51:38.0781 3948 TDPIPE - ok

06:51:38.0812 3948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

06:51:38.0812 3948 TDTCP - ok

06:51:38.0859 3948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

06:51:38.0859 3948 TermDD - ok

06:51:38.0890 3948 TosIde - ok

06:51:38.0921 3948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

06:51:38.0937 3948 Udfs - ok

06:51:38.0953 3948 ultra - ok

06:51:39.0000 3948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

06:51:39.0015 3948 Update - ok

06:51:39.0078 3948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

06:51:39.0078 3948 USBAAPL - ok

06:51:39.0125 3948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

06:51:39.0125 3948 usbaudio - ok

06:51:39.0140 3948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:51:39.0140 3948 usbccgp - ok

06:51:39.0171 3948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:51:39.0171 3948 usbehci - ok

06:51:39.0203 3948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:51:39.0203 3948 usbhub - ok

06:51:39.0234 3948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:51:39.0234 3948 usbprint - ok

06:51:39.0281 3948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:51:39.0281 3948 usbscan - ok

06:51:39.0312 3948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:51:39.0312 3948 USBSTOR - ok

06:51:39.0343 3948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:51:39.0343 3948 usbuhci - ok

06:51:39.0359 3948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

06:51:39.0359 3948 VgaSave - ok

06:51:39.0390 3948 ViaIde - ok

06:51:39.0406 3948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

06:51:39.0406 3948 VolSnap - ok

06:51:39.0484 3948 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\WINDOWS\system32\DRIVERS\VX3000.sys

06:51:39.0531 3948 VX3000 - ok

06:51:39.0609 3948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:51:39.0609 3948 Wanarp - ok

06:51:39.0640 3948 WDICA - ok

06:51:39.0687 3948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

06:51:39.0687 3948 wdmaud - ok

06:51:39.0765 3948 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

06:51:39.0765 3948 WSTCODEC - ok

06:51:39.0812 3948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:51:39.0812 3948 WudfPf - ok

06:51:39.0859 3948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:51:39.0859 3948 WudfRd - ok

06:51:39.0890 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

06:51:39.0906 3948 \Device\Harddisk0\DR0 - ok

06:51:39.0921 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

06:51:40.0015 3948 \Device\Harddisk1\DR1 - ok

06:51:40.0015 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

06:51:40.0203 3948 \Device\Harddisk2\DR2 - ok

06:51:40.0203 3948 Boot (0x1200) (affe87b98084b9638a6ac54296216afe) \Device\Harddisk1\DR1\Partition0

06:51:40.0203 3948 \Device\Harddisk1\DR1\Partition0 - ok

06:51:40.0234 3948 Boot (0x1200) (04f8b3c7a9c42fe447ca618861a21905) \Device\Harddisk1\DR1\Partition1

06:51:40.0234 3948 \Device\Harddisk1\DR1\Partition1 - ok

06:51:40.0234 3948 Boot (0x1200) (c201238801db8cf617e8a368f76002b4) \Device\Harddisk2\DR2\Partition0

06:51:40.0234 3948 \Device\Harddisk2\DR2\Partition0 - ok

06:51:40.0234 3948 ============================================================

06:51:40.0234 3948 Scan finished

06:51:40.0234 3948 ============================================================

06:51:40.0250 2308 Detected object count: 1

06:51:40.0250 2308 Actual detected object count: 1

06:52:27.0984 2308 Backup copy not found, trying to cure infected file..

06:52:28.0078 2308 C:\WINDOWS\system32\drivers\SCDEmu.sys - Cure failed (FFFFFFFF)

06:52:28.0078 2308 C:\WINDOWS\system32\drivers\SCDEmu.sys - processing error

06:52:29.0421 2308 C:\WINDOWS\system32\c_37373.nls - will be deleted on reboot

06:52:30.0500 2308 SCDEmu ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

06:52:41.0734 1844 Deinitialize success

---------------

ComboFix 11-12-25.03 - J 2011-12-26 7:28.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2362 [GMT -5:00]

Running from: c:\documents and settings\J\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\J\WINDOWS

c:\program files\LP

c:\program files\LP\633F\307.tmp

c:\program files\LP\633F\309.tmp

c:\program files\LP\633F\311.tmp

c:\windows\$NtUninstallKB52085$\1526492790\@

c:\windows\$NtUninstallKB52085$\1526492790\L\bobjmtno

c:\windows\$NtUninstallKB52085$\1526492790\loader.tlb

c:\windows\$NtUninstallKB52085$\1526492790\U\@00000001

c:\windows\$NtUninstallKB52085$\1526492790\U\@000000c0

c:\windows\$NtUninstallKB52085$\1526492790\U\@000000cb

c:\windows\$NtUninstallKB52085$\1526492790\U\@000000cf

c:\windows\$NtUninstallKB52085$\1526492790\U\@80000000

c:\windows\$NtUninstallKB52085$\1526492790\U\@800000c0

c:\windows\$NtUninstallKB52085$\1526492790\U\@800000cb

c:\windows\$NtUninstallKB52085$\1526492790\U\@800000cf

c:\windows\$NtUninstallKB52085$\2760944878

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

c:\windows\system32\tmp1EC.tmp

c:\windows\system32\tmp1ED.tmp

D:\AUTORUN.INF

c:\windows\$NtUninstallKB52085$ . . . . Failed to delete

.

c:\windows\system32\drivers\SCDEmu.sys . . . is infected!! . . . Failed to find a valid replacement.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{5CF5558C-228F-4957-8C13-3124EE50095D}\RP311\A0058810.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))

.

.

2011-12-24 17:45 . 2011-12-24 17:56 -------- d-----w- c:\program files\Sid Meier's Civilization V

2011-12-21 22:57 . 2011-12-21 22:57 -------- d-----w- c:\program files\CCleaner

2011-12-18 12:54 . 2011-12-18 12:54 -------- d-----w- c:\documents and settings\J\Application Data\Malwarebytes

2011-12-18 12:54 . 2011-12-18 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-18 12:54 . 2011-12-18 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-18 12:54 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 19:58 . 2011-12-17 19:58 -------- d-sh--w- c:\documents and settings\J\Local Settings\Application Data\5afc6e76

2011-12-17 19:56 . 2011-12-17 19:56 -------- d-----w- c:\windows\Maximum-Football

2011-12-17 19:56 . 2011-12-17 19:56 -------- d-----w- C:\Matrix Games

2011-12-17 19:55 . 2011-12-18 14:37 -------- d-----w- c:\program files\6A615

2011-12-17 19:54 . 2011-12-17 19:55 -------- d-----w- c:\documents and settings\J\Application Data\F416A

2011-12-13 01:16 . 2011-12-13 01:16 -------- d-----w- c:\program files\iPod

2011-11-28 23:07 . 2011-11-28 23:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2008-04-14 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 04:00 . 2011-11-20 04:00 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2011-11-01 16:07 . 2008-04-14 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 23:43 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-31 23:43 . 2008-04-23 00:16 832512 ----a-w- c:\windows\system32\wininet.dll

2011-10-31 23:43 . 2008-04-23 00:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-10-31 23:43 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll

2011-10-28 05:31 . 2008-04-14 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 04:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 11:13 . 2008-04-14 08:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2011-02-27 18:54 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2011-03-01 19:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2011-03-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-04-14 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-11-09 20:11 . 2011-03-23 23:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\J\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\J\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\J\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\J\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-11 98304]

"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]

"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-10-22 86016]

"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]

"agentantidote.exe"="c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe" [2009-10-18 600256]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\ConduitEngine" [X]

.

c:\documents and settings\J\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Hudl Remotes.lnk - c:\program files\Hudl\Hudl Remotes\HudlRemotes.exe [2011-8-10 228864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Documents and Settings\\J\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Hudl\\Hudl Remotes\\HudlRemotes.exe"=

"c:\\Documents and Settings\\J\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\J\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\ClamWin\\bin\\freshclam.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\J\\Desktop\\TDSSKiller.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-03-01 218688]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-02-28 101904]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;"c:\program files\Nero\Update\NASvc.exe" --> c:\program files\Nero\Update\NASvc.exe [?]

S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580818891-1177238915-1003Core.job

- c:\documents and settings\J\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 21:11]

.

2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580818891-1177238915-1003UA.job

- c:\documents and settings\J\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 21:11]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:58545

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1

FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\ozct1djp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58545

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-30069560.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-26 07:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3520)

c:\windows\system32\WININET.dll

c:\documents and settings\J\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-12-26 07:38:59 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-26 12:38

.

Pre-Run: 7 168 380 928 bytes free

Post-Run: 7 462 084 608 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 69A21BB9DC4467CF77EBF94F0A2BBE1A

06:51:20.0609 3000 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

06:51:22.0609 3000 ============================================================

06:51:22.0609 3000 Current date / time: 2011/12/26 06:51:22.0609

06:51:22.0609 3000 SystemInfo:

06:51:22.0609 3000

06:51:22.0609 3000 OS Version: 5.1.2600 ServicePack: 3.0

06:51:22.0609 3000 Product type: Workstation

06:51:22.0609 3000 ComputerName: ORDI-E400DEBECC

06:51:22.0609 3000 UserName: J

06:51:22.0609 3000 Windows directory: C:\WINDOWS

06:51:22.0609 3000 System windows directory: C:\WINDOWS

06:51:22.0609 3000 Processor architecture: Intel x86

06:51:22.0609 3000 Number of processors: 2

06:51:22.0609 3000 Page size: 0x1000

06:51:22.0609 3000 Boot type: Normal boot

06:51:22.0609 3000 ============================================================

06:51:23.0843 3000 Initialize success

06:51:31.0203 3948 ============================================================

06:51:31.0203 3948 Scan started

06:51:31.0203 3948 Mode: Manual;

06:51:31.0203 3948 ============================================================

06:51:32.0687 3948 Abiosdsk - ok

06:51:32.0703 3948 abp480n5 - ok

06:51:32.0750 3948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:51:32.0765 3948 ACPI - ok

06:51:32.0796 3948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

06:51:32.0796 3948 ACPIEC - ok

06:51:32.0843 3948 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys

06:51:32.0859 3948 ADIHdAudAddService - ok

06:51:32.0875 3948 adpu160m - ok

06:51:32.0906 3948 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys

06:51:32.0906 3948 AEAudio - ok

06:51:32.0937 3948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

06:51:32.0937 3948 aec - ok

06:51:32.0984 3948 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

06:51:32.0984 3948 AFD - ok

06:51:33.0015 3948 Aha154x - ok

06:51:33.0031 3948 aic78u2 - ok

06:51:33.0046 3948 aic78xx - ok

06:51:33.0062 3948 AliIde - ok

06:51:33.0078 3948 amsint - ok

06:51:33.0109 3948 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:51:33.0109 3948 Arp1394 - ok

06:51:33.0140 3948 asc - ok

06:51:33.0156 3948 asc3350p - ok

06:51:33.0171 3948 asc3550 - ok

06:51:33.0203 3948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:51:33.0203 3948 AsyncMac - ok

06:51:33.0234 3948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

06:51:33.0234 3948 atapi - ok

06:51:33.0265 3948 Atdisk - ok

06:51:33.0421 3948 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:51:33.0453 3948 ati2mtag - ok

06:51:33.0468 3948 AtiHDAudioService (9f7b431c11bdcb79fc1bbe9de4f43b20) C:\WINDOWS\system32\drivers\AtihdXP3.sys

06:51:33.0468 3948 AtiHDAudioService - ok

06:51:33.0484 3948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:51:33.0484 3948 Atmarpc - ok

06:51:33.0531 3948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

06:51:33.0531 3948 audstub - ok

06:51:33.0562 3948 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

06:51:33.0562 3948 BANTExt - ok

06:51:33.0656 3948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

06:51:33.0656 3948 Beep - ok

06:51:33.0687 3948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

06:51:33.0687 3948 cbidf2k - ok

06:51:33.0734 3948 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

06:51:33.0734 3948 CCDECODE - ok

06:51:33.0750 3948 cd20xrnt - ok

06:51:33.0781 3948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

06:51:33.0781 3948 Cdaudio - ok

06:51:33.0812 3948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

06:51:33.0812 3948 Cdfs - ok

06:51:33.0828 3948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:51:33.0828 3948 Cdrom - ok

06:51:33.0843 3948 Changer - ok

06:51:33.0875 3948 CmdIde - ok

06:51:33.0906 3948 Cpqarray - ok

06:51:33.0968 3948 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys

06:51:33.0968 3948 CrystalSysInfo - ok

06:51:33.0984 3948 dac2w2k - ok

06:51:34.0000 3948 dac960nt - ok

06:51:34.0031 3948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

06:51:34.0031 3948 Disk - ok

06:51:34.0062 3948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

06:51:34.0093 3948 dmboot - ok

06:51:34.0109 3948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

06:51:34.0109 3948 dmio - ok

06:51:34.0140 3948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

06:51:34.0140 3948 dmload - ok

06:51:34.0171 3948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

06:51:34.0171 3948 DMusic - ok

06:51:34.0203 3948 dpti2o - ok

06:51:34.0218 3948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

06:51:34.0218 3948 drmkaud - ok

06:51:34.0250 3948 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

06:51:34.0265 3948 dtsoftbus01 - ok

06:51:34.0312 3948 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys

06:51:34.0312 3948 dvd43llh - ok

06:51:34.0375 3948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

06:51:34.0375 3948 Fastfat - ok

06:51:34.0390 3948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

06:51:34.0406 3948 Fdc - ok

06:51:34.0421 3948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

06:51:34.0421 3948 Fips - ok

06:51:34.0437 3948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:51:34.0437 3948 Flpydisk - ok

06:51:34.0468 3948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

06:51:34.0468 3948 FltMgr - ok

06:51:34.0484 3948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:51:34.0484 3948 Fs_Rec - ok

06:51:34.0515 3948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:51:34.0515 3948 Ftdisk - ok

06:51:34.0546 3948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

06:51:34.0546 3948 GEARAspiWDM - ok

06:51:34.0578 3948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:51:34.0578 3948 Gpc - ok

06:51:34.0609 3948 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:51:34.0609 3948 HDAudBus - ok

06:51:34.0656 3948 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:51:34.0656 3948 hidusb - ok

06:51:34.0687 3948 hpn - ok

06:51:34.0734 3948 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

06:51:34.0734 3948 HPZid412 - ok

06:51:34.0750 3948 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

06:51:34.0765 3948 HPZipr12 - ok

06:51:34.0781 3948 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

06:51:34.0781 3948 HPZius12 - ok

06:51:34.0828 3948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

06:51:34.0828 3948 HTTP - ok

06:51:34.0859 3948 i2omgmt - ok

06:51:34.0875 3948 i2omp - ok

06:51:34.0906 3948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

06:51:34.0906 3948 i8042prt - ok

06:51:34.0937 3948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

06:51:34.0937 3948 Imapi - ok

06:51:34.0953 3948 ini910u - ok

06:51:34.0984 3948 IntelIde - ok

06:51:35.0000 3948 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:51:35.0000 3948 intelppm - ok

06:51:35.0031 3948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

06:51:35.0031 3948 Ip6Fw - ok

06:51:35.0078 3948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:51:35.0078 3948 IpFilterDriver - ok

06:51:35.0109 3948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:51:35.0109 3948 IpInIp - ok

06:51:35.0140 3948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:51:35.0156 3948 IpNat - ok

06:51:35.0218 3948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:51:35.0218 3948 IPSec - ok

06:51:35.0265 3948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

06:51:35.0265 3948 IRENUM - ok

06:51:35.0296 3948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:51:35.0296 3948 isapnp - ok

06:51:35.0328 3948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:51:35.0328 3948 Kbdclass - ok

06:51:35.0437 3948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:51:35.0437 3948 kbdhid - ok

06:51:35.0484 3948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

06:51:35.0484 3948 kmixer - ok

06:51:35.0531 3948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

06:51:35.0531 3948 KSecDD - ok

06:51:35.0578 3948 lbrtfdc - ok

06:51:35.0609 3948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

06:51:35.0609 3948 mnmdd - ok

06:51:35.0671 3948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

06:51:35.0671 3948 Modem - ok

06:51:35.0718 3948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:51:35.0718 3948 Mouclass - ok

06:51:35.0750 3948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:51:35.0750 3948 mouhid - ok

06:51:35.0781 3948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

06:51:35.0781 3948 MountMgr - ok

06:51:35.0796 3948 mraid35x - ok

06:51:35.0828 3948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:51:35.0828 3948 MRxDAV - ok

06:51:35.0875 3948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:51:35.0890 3948 MRxSmb - ok

06:51:35.0921 3948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

06:51:35.0921 3948 Msfs - ok

06:51:35.0953 3948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:51:35.0968 3948 MSKSSRV - ok

06:51:35.0984 3948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:51:35.0984 3948 MSPCLOCK - ok

06:51:36.0015 3948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

06:51:36.0031 3948 MSPQM - ok

06:51:36.0078 3948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:51:36.0078 3948 mssmbios - ok

06:51:36.0109 3948 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

06:51:36.0109 3948 MSTEE - ok

06:51:36.0140 3948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

06:51:36.0140 3948 Mup - ok

06:51:36.0187 3948 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

06:51:36.0187 3948 NABTSFEC - ok

06:51:36.0234 3948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

06:51:36.0250 3948 NDIS - ok

06:51:36.0281 3948 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

06:51:36.0281 3948 NdisIP - ok

06:51:36.0312 3948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:51:36.0328 3948 NdisTapi - ok

06:51:36.0359 3948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:51:36.0359 3948 Ndisuio - ok

06:51:36.0406 3948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:51:36.0406 3948 NdisWan - ok

06:51:36.0453 3948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

06:51:36.0453 3948 NDProxy - ok

06:51:36.0468 3948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

06:51:36.0468 3948 NetBIOS - ok

06:51:36.0500 3948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

06:51:36.0500 3948 NetBT - ok

06:51:36.0546 3948 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:51:36.0546 3948 NIC1394 - ok

06:51:36.0593 3948 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

06:51:36.0609 3948 NPF - ok

06:51:36.0625 3948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

06:51:36.0625 3948 Npfs - ok

06:51:36.0765 3948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

06:51:36.0781 3948 Ntfs - ok

06:51:36.0828 3948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

06:51:36.0828 3948 Null - ok

06:51:36.0875 3948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:51:36.0875 3948 NwlnkFlt - ok

06:51:36.0906 3948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:51:36.0906 3948 NwlnkFwd - ok

06:51:36.0921 3948 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:51:36.0937 3948 ohci1394 - ok

06:51:36.0968 3948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

06:51:36.0984 3948 Parport - ok

06:51:37.0015 3948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

06:51:37.0015 3948 PartMgr - ok

06:51:37.0031 3948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

06:51:37.0046 3948 ParVdm - ok

06:51:37.0062 3948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

06:51:37.0062 3948 PCI - ok

06:51:37.0093 3948 PCIDump - ok

06:51:37.0109 3948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

06:51:37.0109 3948 PCIIde - ok

06:51:37.0156 3948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

06:51:37.0156 3948 Pcmcia - ok

06:51:37.0203 3948 PDCOMP - ok

06:51:37.0218 3948 PDFRAME - ok

06:51:37.0234 3948 PDRELI - ok

06:51:37.0265 3948 PDRFRAME - ok

06:51:37.0281 3948 perc2 - ok

06:51:37.0296 3948 perc2hib - ok

06:51:37.0343 3948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:51:37.0343 3948 PptpMiniport - ok

06:51:37.0375 3948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

06:51:37.0375 3948 PSched - ok

06:51:37.0406 3948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:51:37.0406 3948 Ptilink - ok

06:51:37.0421 3948 ql1080 - ok

06:51:37.0437 3948 Ql10wnt - ok

06:51:37.0453 3948 ql12160 - ok

06:51:37.0468 3948 ql1240 - ok

06:51:37.0500 3948 ql1280 - ok

06:51:37.0515 3948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:51:37.0515 3948 RasAcd - ok

06:51:37.0546 3948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:51:37.0546 3948 Rasl2tp - ok

06:51:37.0562 3948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:51:37.0562 3948 RasPppoe - ok

06:51:37.0593 3948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

06:51:37.0593 3948 Raspti - ok

06:51:37.0625 3948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:51:37.0625 3948 Rdbss - ok

06:51:37.0703 3948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:51:37.0703 3948 RDPCDD - ok

06:51:37.0750 3948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:51:37.0750 3948 rdpdr - ok

06:51:37.0812 3948 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

06:51:37.0812 3948 RDPWD - ok

06:51:37.0859 3948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

06:51:37.0859 3948 redbook - ok

06:51:37.0906 3948 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

06:51:37.0906 3948 RTLE8023xp - ok

06:51:37.0984 3948 SCDEmu (848f43f0cac97e9ed4893f869c878660) C:\WINDOWS\system32\drivers\SCDEmu.sys

06:51:37.0984 3948 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SCDEmu.sys. Real md5: 848f43f0cac97e9ed4893f869c878660, Fake md5: 9feb2026a460916d1a1198b460632630

06:51:37.0984 3948 SCDEmu ( Rootkit.Win32.ZAccess.aml ) - infected

06:51:37.0984 3948 SCDEmu - detected Rootkit.Win32.ZAccess.aml (0)

06:51:38.0015 3948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:51:38.0031 3948 Secdrv - ok

06:51:38.0078 3948 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

06:51:38.0093 3948 SenFiltService - ok

06:51:38.0125 3948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

06:51:38.0125 3948 serenum - ok

06:51:38.0156 3948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

06:51:38.0156 3948 Serial - ok

06:51:38.0187 3948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

06:51:38.0187 3948 Sfloppy - ok

06:51:38.0218 3948 Simbad - ok

06:51:38.0281 3948 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

06:51:38.0281 3948 SLIP - ok

06:51:38.0312 3948 Sparrow - ok

06:51:38.0343 3948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

06:51:38.0343 3948 splitter - ok

06:51:38.0359 3948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

06:51:38.0359 3948 sr - ok

06:51:38.0390 3948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

06:51:38.0406 3948 Srv - ok

06:51:38.0453 3948 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

06:51:38.0453 3948 streamip - ok

06:51:38.0484 3948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

06:51:38.0484 3948 swenum - ok

06:51:38.0531 3948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

06:51:38.0531 3948 swmidi - ok

06:51:38.0562 3948 symc810 - ok

06:51:38.0609 3948 symc8xx - ok

06:51:38.0625 3948 sym_hi - ok

06:51:38.0656 3948 sym_u3 - ok

06:51:38.0687 3948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

06:51:38.0687 3948 sysaudio - ok

06:51:38.0734 3948 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:51:38.0734 3948 Tcpip - ok

06:51:38.0781 3948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

06:51:38.0781 3948 TDPIPE - ok

06:51:38.0812 3948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

06:51:38.0812 3948 TDTCP - ok

06:51:38.0859 3948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

06:51:38.0859 3948 TermDD - ok

06:51:38.0890 3948 TosIde - ok

06:51:38.0921 3948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

06:51:38.0937 3948 Udfs - ok

06:51:38.0953 3948 ultra - ok

06:51:39.0000 3948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

06:51:39.0015 3948 Update - ok

06:51:39.0078 3948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

06:51:39.0078 3948 USBAAPL - ok

06:51:39.0125 3948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

06:51:39.0125 3948 usbaudio - ok

06:51:39.0140 3948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:51:39.0140 3948 usbccgp - ok

06:51:39.0171 3948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:51:39.0171 3948 usbehci - ok

06:51:39.0203 3948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:51:39.0203 3948 usbhub - ok

06:51:39.0234 3948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:51:39.0234 3948 usbprint - ok

06:51:39.0281 3948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:51:39.0281 3948 usbscan - ok

06:51:39.0312 3948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:51:39.0312 3948 USBSTOR - ok

06:51:39.0343 3948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:51:39.0343 3948 usbuhci - ok

06:51:39.0359 3948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

06:51:39.0359 3948 VgaSave - ok

06:51:39.0390 3948 ViaIde - ok

06:51:39.0406 3948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

06:51:39.0406 3948 VolSnap - ok

06:51:39.0484 3948 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\WINDOWS\system32\DRIVERS\VX3000.sys

06:51:39.0531 3948 VX3000 - ok

06:51:39.0609 3948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:51:39.0609 3948 Wanarp - ok

06:51:39.0640 3948 WDICA - ok

06:51:39.0687 3948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

06:51:39.0687 3948 wdmaud - ok

06:51:39.0765 3948 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

06:51:39.0765 3948 WSTCODEC - ok

06:51:39.0812 3948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:51:39.0812 3948 WudfPf - ok

06:51:39.0859 3948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:51:39.0859 3948 WudfRd - ok

06:51:39.0890 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

06:51:39.0906 3948 \Device\Harddisk0\DR0 - ok

06:51:39.0921 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

06:51:40.0015 3948 \Device\Harddisk1\DR1 - ok

06:51:40.0015 3948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

06:51:40.0203 3948 \Device\Harddisk2\DR2 - ok

06:51:40.0203 3948 Boot (0x1200) (affe87b98084b9638a6ac54296216afe) \Device\Harddisk1\DR1\Partition0

06:51:40.0203 3948 \Device\Harddisk1\DR1\Partition0 - ok

06:51:40.0234 3948 Boot (0x1200) (04f8b3c7a9c42fe447ca618861a21905) \Device\Harddisk1\DR1\Partition1

06:51:40.0234 3948 \Device\Harddisk1\DR1\Partition1 - ok

06:51:40.0234 3948 Boot (0x1200) (c201238801db8cf617e8a368f76002b4) \Device\Harddisk2\DR2\Partition0

06:51:40.0234 3948 \Device\Harddisk2\DR2\Partition0 - ok

06:51:40.0234 3948 ============================================================

06:51:40.0234 3948 Scan finished

06:51:40.0234 3948 ============================================================

06:51:40.0250 2308 Detected object count: 1

06:51:40.0250 2308 Actual detected object count: 1

06:52:27.0984 2308 Backup copy not found, trying to cure infected file..

06:52:28.0078 2308 C:\WINDOWS\system32\drivers\SCDEmu.sys - Cure failed (FFFFFFFF)

06:52:28.0078 2308 C:\WINDOWS\system32\drivers\SCDEmu.sys - processing error

06:52:29.0421 2308 C:\WINDOWS\system32\c_37373.nls - will be deleted on reboot

06:52:30.0500 2308 SCDEmu ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

06:52:41.0734 1844 Deinitialize success

Link to post
Share on other sites

Many, many, many thanks!!

No problem! :)

Seems the problems are fixed... except for the proxy setup in Firefox (but I'll try to fix it, I don't think it's a virus, but I you have an idea...)

Let's hold off on all that for now until we can verify you're clean. There's still some remnants I'd like to make sure are gone first ;).

Please re-run TDSSKiller and ComboFix (in that order, preferably) and post me the new logs they create. The instructions & download links are in my first post. Let me know how it goes ;).

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.