Jump to content

automated mails sent from hotmail


djm68

Recommended Posts

Hello,

I was directed to the expert forum with the issue I have.

I ran into heavy privacy abuse as I may call it.

During the past hour many automated mails about a new version of world of warcraft, all with the same title and contents, were sent from my hotmail address to several other addresses.

I am not a gamer and I don't have the game or an illegal version installed on my pc.

Is this a matter of 'just' an infected pc or is something else going on?

I haven't been able to change my password yet sinds the reference e-mail is outdated and the confirmation mails to recent addresses don't come through.

The spam like mails are even sent while I am not logged in!

These are the dds.txt contents

DDS (Ver_10-10-10.03) - NTFSx86

Run by dieter at 20:25:34,86 on ma 18-10-2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.2046.884 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files\PhenomMsrTweaker\PhenomMsrTweaker.exe

E:\programma's\1. BASIS PROGRAMMA'S NA NIEUWE WINDOWS INSTALLATIE\NetworkIndicator.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

E:\programma's\ANTI VIRUS, SPYWARE, ADWARE, ETC\clean up software major geeks\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\dieter\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

uRun: [PhenomMsrTweaker.exe] c:\program files\phenommsrtweaker\PhenomMsrTweaker.exe

uRun: [NetworkIndicator.exe] e:\programma's\1. basis programma's na nieuwe windows installatie\NetworkIndicator.exe

uRun: [AdobeBridge]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\ymf0tf4n.default\

FF - prefs.js: browser.search.selectedEngine - bol.com

FF - prefs.js: browser.startup.homepage - www.google.nl

FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\abn amro e.dentifier2\mozilla\npBECON.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-10-5 361216]

R2 PhenomMsrTweaker;PhenomMsrTweaker service;c:\program files\phenommsrtweaker\PhenomMsrTweakerService.exe [2010-6-3 158720]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-17 277536]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\phenommsrtweaker\WinRing0.sys [2010-6-3 14416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-17 1343400]

=============== Created Last 30 ================

2010-10-18 18:06:03 -------- d-----w- c:\users\dieter\appdata\roaming\MailWasherFree

2010-10-18 18:06:03 -------- d-----w- c:\program files\FireTrust

2010-10-18 18:04:16 -------- d-----w- c:\users\dieter\appdata\roaming\Malwarebytes

2010-10-18 18:04:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 18:04:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 18:04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 18:04:08 -------- d-----w- c:\progra~2\Malwarebytes

2010-10-18 13:08:18 -------- d-----w- c:\program files\common files\ScanSoft Shared

2010-10-18 13:07:56 -------- d-----w- c:\program files\ScanSoft

2010-10-18 13:06:29 -------- d-----w- c:\program files\common files\CANON

2010-10-18 13:05:41 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP87.DLL

2010-10-18 13:05:41 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD87.DLL

2010-10-18 13:05:41 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1_CNMPD87.DLL

2010-10-18 13:05:21 197632 ----a-w- c:\windows\system32\CNMLM87.DLL

2010-10-18 13:05:14 106496 ----a-w- c:\windows\system32\cnco600.dll

2010-10-18 13:05:13 57344 ----a-w- c:\windows\system32\CNCI600.DLL

2010-10-18 13:05:13 135168 ----a-w- c:\windows\system32\CNCL600.DLL

2010-10-18 13:05:12 1298432 ----a-w- c:\windows\system32\CNCC600.DLL

2010-10-18 13:04:13 -------- d-----w- c:\program files\Canon

2010-10-18 10:41:20 -------- d-----w- c:\program files\Microsoft

2010-10-18 10:41:02 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-10-18 05:32:43 24576 ----a-r- c:\windows\system32\AsIO.dll

2010-10-18 05:32:43 11296 ----a-r- c:\windows\system32\drivers\AsIO.sys

2010-10-18 05:32:37 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys

2010-10-18 05:32:37 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys

2010-10-18 05:32:37 -------- d-----w- c:\program files\ASUS

2010-10-18 05:32:06 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2010-10-18 05:32:06 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2010-10-18 05:32:05 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2010-10-18 05:32:05 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2010-10-17 23:56:17 -------- d-----w- c:\windows\Panther

2010-10-17 19:46:49 -------- d-----w- c:\program files\common files\PX Storage Engine

2010-10-17 19:46:26 -------- d-----w- c:\program files\common files\DivX Shared

2010-10-17 19:45:40 -------- d-----w- c:\users\dieter\appdata\local\Google

2010-10-17 19:45:33 -------- d-----w- c:\program files\DivX

2010-10-17 19:45:08 -------- d-----w- c:\progra~2\DivX

2010-10-17 19:42:21 165376 ----a-w- c:\windows\system32\unrar.dll

2010-10-17 19:42:20 839680 ----a-w- c:\windows\system32\lameACM.acm

2010-10-17 19:42:20 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-10-17 19:42:20 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-10-17 19:42:20 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-10-17 19:42:20 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-10-17 19:42:20 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-10-17 19:42:18 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-10-17 19:31:51 -------- d-----w- c:\program files\Total Video Converter

2010-10-17 19:21:51 -------- d-----w- c:\users\dieter\appdata\local\ATI

2010-10-17 19:18:37 10632 ----a-w- c:\windows\system32\drivers\amdide.sys

2010-10-17 19:18:35 7680 ----a-w- c:\windows\system32\drivers\AtiPcie.sys

2010-10-17 19:18:33 -------- d-----w- c:\program files\common files\ATI Technologies

2010-10-17 19:18:09 372736 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-10-17 18:37:31 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe

2010-10-17 18:19:22 -------- d-----w- c:\users\dieter\Library

2010-10-17 18:19:22 -------- d-----w- c:\users\dieter\appdata\roaming\com.adobe.ExMan

2010-10-17 18:11:50 -------- d-----w- c:\program files\common files\Macrovision Shared

2010-10-17 17:51:48 -------- d-----w- c:\users\dieter\Tracing

2010-10-17 17:42:30 3181568 ----a-w- c:\windows\system32\mf.dll

2010-10-17 17:42:30 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-10-17 17:42:29 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-10-17 17:41:15 -------- d-----w- c:\users\dieter\appdata\local\Windows Live

2010-10-17 17:41:14 -------- d-----w- c:\program files\common files\Windows Live

2010-10-17 17:13:22 -------- d-----w- c:\users\dieter\dwhelper

2010-10-17 17:11:28 -------- d-----w- c:\users\dieter\appdata\roaming\AVS4YOU

2010-10-17 17:11:27 -------- d-----w- c:\progra~2\AVS4YOU

2010-10-17 17:09:38 -------- d-----w- c:\program files\common files\AVSMedia

2010-10-17 17:09:17 974848 ----a-w- c:\windows\system32\mfc70.dll

2010-10-17 17:09:17 487424 ----a-w- c:\windows\system32\msvcp70.dll

2010-10-17 17:09:17 344064 ----a-w- c:\windows\system32\msvcr70.dll

2010-10-17 17:09:17 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-10-17 17:09:17 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2010-10-17 17:09:17 -------- d-----w- c:\program files\AVS4YOU

2010-10-17 16:44:00 -------- d-----w- c:\program files\ABN AMRO e.dentifier2

2010-10-17 16:37:28 -------- d-----w- c:\program files\Unlocker

2010-10-17 16:26:30 -------- d-----w- c:\users\dieter\appdata\roaming\Auslogics

2010-10-17 16:26:21 -------- d-----w- c:\program files\Auslogics

2010-10-17 16:22:47 -------- d-----w- c:\program files\CCleaner

2010-10-17 16:09:02 -------- d-----w- c:\users\dieter\appdata\local\Adobe

2010-10-17 15:58:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-17 15:58:07 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2010-10-17 15:48:43 -------- d-----r- C:\Sandbox

2010-10-17 15:48:11 -------- d-----w- c:\program files\Sandboxie

2010-10-17 15:45:47 -------- d-----w- c:\program files\IObit

2010-10-17 15:40:22 -------- d-----w- c:\program files\PhenomMsrTweaker

2010-10-17 15:32:29 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll

2010-10-17 15:32:28 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2010-10-17 15:32:22 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-10-17 15:32:22 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-10-17 15:31:49 -------- d-----w- c:\program files\Kaspersky Lab

2010-10-17 15:31:49 -------- d-----w- c:\progra~2\Kaspersky Lab

2010-10-17 15:26:14 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-10-17 15:26:06 -------- d-----w- c:\windows\PCHEALTH

2010-10-17 15:26:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-10-17 15:24:45 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-17 15:24:22 -------- d-----w- c:\users\dieter\appdata\local\Microsoft Help

2010-10-17 15:22:26 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-17 15:22:26 -------- d-----w- c:\program files\MagicDisc

2010-10-17 15:19:28 -------- d-----w- c:\users\dieter\appdata\roaming\Azureus

2010-10-17 15:19:14 -------- d-----w- c:\program files\Vuze

2010-10-17 15:19:12 -------- d-----w- c:\program files\Conduit

2010-10-17 15:19:11 -------- d-----w- c:\program files\ConduitEngine

2010-10-17 15:19:10 -------- d-----w- c:\program files\Vuze_Remote

2010-10-17 15:17:29 -------- d-----w- c:\windows\system32\Adobe

2010-10-17 15:10:58 -------- d-----w- c:\program files\VS Revo Group

2010-10-17 14:48:53 -------- d-----w- c:\users\dieter\appdata\roaming\IObit

2010-10-17 14:47:01 -------- d-----w- c:\windows\nl-NL

2010-10-17 14:47:00 -------- d-----w- c:\windows\system32\nl

2010-10-17 14:47:00 -------- d-----w- c:\windows\system32\0413

2010-10-17 14:46:57 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-17 14:46:57 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL

2010-10-17 14:46:57 -------- d-----w- c:\windows\system32\drivers\nl-NL

2010-10-17 14:46:54 -------- d-----w- c:\windows\system32\wbem\nl-NL

2010-10-17 14:44:51 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\nl-nl\LXKPTPRC.DLL.mui

2010-10-17 14:44:27 -------- d-----w- c:\windows\system32\Wat

2010-10-17 14:42:33 -------- d-----w- c:\users\dieter\appdata\local\Mozilla

2010-10-17 14:38:06 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f5a57b72-9189-4914-b0a2-274686a6e682}\mpengine.dll

2010-10-17 14:38:06 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-10-17 14:37:40 -------- d-----w- c:\progra~2\Kaspersky Lab ZAO

2010-10-17 14:37:28 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-10-17 14:36:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-10-17 14:36:39 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-10-17 14:36:39 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-10-17 14:36:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-10-17 14:36:39 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-10-17 14:34:17 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-10-17 14:30:36 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-10-17 14:30:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-17 14:30:36 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-10-17 14:30:26 132608 ----a-w- c:\windows\system32\cabview.dll

2010-10-17 14:23:49 94208 ----a-w- c:\windows\system32\RTNUninst32.dll

2010-10-17 14:23:49 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2010-10-17 14:23:49 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2010-10-17 14:23:25 -------- d-----w- c:\program files\Realtek

2010-10-17 14:09:39 -------- d-----w- c:\program files\ATI

2010-10-17 14:08:57 -------- d-----w- c:\program files\ATI Technologies

2010-10-17 14:08:32 -------- d-----w- c:\windows\system32\wbem\Performance

2010-10-17 14:08:30 -------- d-----w- c:\program files\VIA

2010-10-17 14:08:17 -------- d-sh--w- c:\windows\Installer

2010-10-17 14:04:56 -------- d-sh--w- C:\Recovery

2010-10-17 14:00:12 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL

2010-10-17 13:59:07 0 ----a-w- c:\windows\ativpsrm.bin

2010-10-05 19:27:04 228024 ----a-w- c:\windows\system32\klogon.dll

2010-10-02 18:40:48 -------- d-----w- C:\c57c2a19d822d0b176a2c0dc886f

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-18 05:58:02 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-08-18 05:58:02 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 20:26:33,22 ===============

attach.zip

mbam_log_2010_10_18__20_22_35_.txt

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.