Jump to content

Can't get rid of virus


Recommended Posts

Hello,

I'm in quite a snag since I've been stuck with a virus for a few days which I cant get rid off. An aditional pro lem os that no virussoftware Ive used seems to able to odentify the culprit (malwarebytes, dr web live cd, panda).

Its a autorun virus that has infected a flashdrive and external hardrive. I was able to clean if of both those drives. But ofcourse when I insert them in my pc again they get infected again. So the real problem is to delete the viris from the pc.

The virus first makes all folders invisible on my flasdrive and then makes shortcuts to them which go through an .exe file which is put in folder named recycler on the flashdrive. So i end up with al my folders replaced by shortcuts whoch route me throigh the infected .exd file. There is also an autorun.inf file. an additional problem that also might be related to this provlem is that al websites of virus sofgware developers are down according to my webbrowser ( this is why i'm typing this On my ipod touch, hence the typos :P)

I followed the steps (as mentioned in the "I got infected" thread") and here are my results.

Malwarebytes quick scan came up clean (log see below). I also did a full scan, which also showed nothing, except for a few false positives that I'm 100% sure of are not mailicious. After that I ran a full scan of the c:/ partition with Panda Cloud antivirus (had also done a full scan with dr. web before that) wich found a few things, which I cleaned but the problem wans't gone after that. (It also found " a suspicious file c:/windows/system32/lcptr.dll", I couldn't find any information about this file so I didn't take any further action).

After that I ran DDS (log below) and GMER Rootkit Scanner (log attached as per instructions)

Thanks in advance for your help.

Kind regards, Lieven.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7529

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24/08/2011 18:45:34

mbam-log-2011-08-24 (18-45-34).txt

Scan type: Quick scan

Objects scanned: 165077

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________________________________________

(added this myself to make the distinction between the logs clearer)

DDS LOG

________________________________________________________________________________________________

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by Lieven at 18:52:25 on 2011-08-24

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3070.2144 [GMT 2:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dokan\DokanLibrary\mounter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxeecoms.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\system32\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lexmark Pro700 Series\lxeemon.exe

C:\Program Files\Lexmark Pro700 Series\ezprint.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=127.0.0.1:60505

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

uRun: [Google Update] "c:\users\lieven\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Google Update] "c:\users\lieven\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"

mRun: [bonus.SSR.FR10] "c:\program files\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

StartupFolder: c:\users\lieven\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\lieven\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: NoAutorun = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{923D0EA4-990A-46B5-81F0-675ADEE681A8} : DhcpNameServer = 134.58.126.3 134.58.127.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\2454335303433334F575946494 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\2626F68723D236534643 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\350756564645F6573686345353531343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : NameServer = 195.238.2.21,195.238.2.22

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

Hosts: 74.208.73.101 www.qvc.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lieven\appdata\roaming\mozilla\firefox\profiles\9mjqrv0d.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60505

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: c:\users\lieven\appdata\roaming\mozilla\firefox\profiles\9mjqrv0d.default\extensions\{8042d186-724d-4937-9be4-41b362b1f46e}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\lieven\appdata\roaming\mozilla\firefox\profiles\9mjqrv0d.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\users\lieven\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-18 232512]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 126024]

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\ce\NetworkLicenseServer.exe [2010-5-7 814344]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-9 176128]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]

R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84992]

R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 11776]

R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143624]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-18 4869488]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-18 416112]

R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2009-6-23 487936]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-5-20 314368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2011-3-4 193192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-8-5 13224]

S3 RMWPService;RMWPService;c:\program files\reference manager 12\webpublisher\thirdparty\apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-8-5 155344]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-18 16240]

.

=============== Created Last 30 ================

.

2011-08-24 12:05:29 -------- d-----w- c:\users\lieven\appdata\roaming\Panda Security

2011-08-24 12:02:41 -------- d-----w- c:\program files\Toolbar Cleaner

2011-08-24 12:02:37 -------- d-----w- c:\users\lieven\appdata\local\panda2_0dn

2011-08-24 12:02:36 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-08-24 12:02:13 -------- d-----w- c:\programdata\Panda Security

2011-08-24 12:02:13 -------- d-----w- c:\program files\Panda Security

2011-08-24 12:01:42 -------- d-----w- C:\temp

2011-08-24 09:47:31 552960 ----a-w- c:\users\lieven\appdata\roaming\1749.tmp

2011-08-21 19:42:17 -------- d-----w- c:\users\lieven\DoctorWeb

2011-08-20 22:21:30 -------- d-----w- c:\users\lieven\appdata\local\Kolor

2011-08-20 22:21:06 -------- d-----w- c:\program files\Kolor

2011-08-18 08:26:13 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-18 08:26:08 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-08-18 07:56:39 -------- d-----w- c:\users\lieven\appdata\roaming\Canneverbe Limited

2011-08-18 07:56:39 -------- d-----w- c:\programdata\Canneverbe Limited

2011-08-14 14:41:12 -------- d-----w- c:\users\lieven\appdata\roaming\Adobe Mini Bridge CS5

2011-08-14 14:41:11 -------- d-----w- c:\users\lieven\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-08-13 21:06:13 -------- d-----w- c:\programdata\Protexis

2011-08-13 21:05:35 -------- d-----w- c:\program files\common files\Corel

2011-08-13 21:05:25 -------- d-----w- c:\program files\common files\Protexis

2011-08-13 21:05:24 -------- d-----w- c:\programdata\Corel

2011-08-13 21:04:13 -------- d-----w- c:\program files\Corel

2011-08-13 21:01:06 -------- d-----w- c:\program files\common files\Akamai

2011-08-13 20:27:48 -------- d-----w- c:\programdata\Corel Painter 12

2011-08-13 17:52:13 -------- d-----w- c:\users\lieven\appdata\roaming\portalgraphics

2011-08-13 17:52:12 -------- d-----w- c:\program files\portalgraphics

2011-08-13 17:52:06 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-13 17:52:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-08-13 17:52:06 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-08-13 17:28:40 -------- d-----w- c:\users\lieven\appdata\roaming\Crayon Physics Deluxe

2011-08-12 19:27:22 3756 ----a-w- C:\STFE823.tmp

2011-08-12 18:42:59 3770 ----a-w- C:\STF435B.tmp

2011-08-12 18:39:43 -------- d-----w- c:\users\lieven\appdata\roaming\AtomZombieData

2011-08-12 14:54:34 -------- d-----w- c:\users\lieven\appdata\roaming\HDRsoft

2011-08-12 14:54:34 -------- d-----w- c:\program files\PhotomatixPro4

2011-08-05 19:57:50 -------- d-----w- c:\users\lieven\appdata\local\ALK_Technologies

2011-08-05 19:57:24 -------- d-----w- c:\users\lieven\appdata\roaming\ALK Technologies

2011-08-05 19:56:31 -------- d-----w- c:\users\lieven\appdata\local\Downloaded Installations

2011-08-05 15:00:05 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-08-05 15:00:05 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-08-05 15:00:05 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-08-05 14:56:18 -------- d-----w- c:\programdata\Sony Ericsson

2011-08-05 14:56:18 -------- d-----w- c:\program files\Sony Ericsson

2011-08-05 07:37:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-05 07:37:05 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-08-24 16:51:39 552960 ----a-w- c:\users\lieven\appdata\roaming\Uxxmxg.exe

2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 10:12:48 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2011-06-20 08:00:40 35517493 ----a-w- c:\programdata\SPL35DF.tmp

2011-06-20 07:53:24 62122710 ----a-w- c:\programdata\SPL957C.tmp

2011-06-01 13:10:40 44544 ----a-w- c:\windows\system32\agremove.exe

.

============= FINISH: 18:55:58,79 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Sounds like a worm on your flash drive.

Plug it in, then do the following:

Please update MBAM, run a Full Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hey, i've run into a little problem when running combofix. Whenever I start a program or want to open a file i get the message "illegal operation attempted on a registry key that has been marked for deletion." is this normal and should I just reboot to fix it or is there dometholg that went wrong ? I'm pretty sure that I followed all the steps in the combofx guide correctly.

Link to post
Share on other sites

Okay, here are the logs. The full malwarebytes scan did not detect the malware on the usb drive. It did detect some other stuff though(of wich I'm pretty sure they are false positives). Panda did detect the malware files on the usb drive (which it didn't do the previous times I plugged it in and scanned it, so that's an improvement) but couldn't identify it. Panda also didn't find any infection on my system.

(I've also zipped and attached all the logs which might make for easier viewing if you prefer this :))

Thanks for your help so far.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7594

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

29/08/2011 11:15:14

mbam-log-2011-08-29 (11-15-01).txt

Scan type: Full scan (C:\|D:\|H:\|J:\|)

Objects scanned: 441177

Time elapsed: 2 hour(s), 13 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Lieven\downloads\applications\creative suite 5 master collection + keygen [gr420]\adobe_cs5_activator.exe (RiskWare.Tool.CK) -> No action taken.

c:\Users\Lieven\downloads\applications\essential.data.tools.photorescue.pro.v6.1.568.winall.incl.keygen.and.patch-brd\Keygen\Keygen.exe (Trojan.Agent.CK) -> No action taken.

c:\Users\Lieven\downloads\applications\hot-m.com__idm_20ultraedit_20v14.00_20plus_\idm ultraedit v14.00 plus 1\keygen.exe (Trojan.Dropper.PGen) -> No action taken.

c:\Users\Lieven\downloads\photomatix.pro.v4.1.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.

c:\program files\mIRC\mirc.7.1x-patch.exe (PUP.Hacktool.Patcher) -> No action taken.

c:\program files\essential data tools\photorescue pro\Keygen.exe (Trojan.Agent.CK) -> No action taken.

d:\program files\noitu love 2\uninstall.exe (Malware.Packer.Krunchy) -> No action taken.

d:\program files\super meat boy\uninstall.exe (Malware.Packer.Krunchy) -> No action taken.

d:\program files\Ubisoft\anno_1404_crack\anno1404_crack.exe (Trojan.Bancos) -> No action taken.

d:\Users\Lieven\downloads\corel.painter.v12.0.0.502.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.

-----------------------------------------

ComboFix 11-08-29.01 - Lieven 29/08/2011 11:48:58.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3070.1738 [GMT 2:00]

Gestart vanuit: c:\users\Lieven\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL35DF.tmp

c:\programdata\SPL5840.tmp

c:\programdata\SPL957C.tmp

c:\users\Lieven\AppData\Roaming\1749.tmp

c:\users\Lieven\AppData\Roaming\53B6.D0E

c:\users\Lieven\AppData\Roaming\A796.tmp

c:\users\Lieven\AppData\Roaming\chrtmp

c:\users\Lieven\AppData\Roaming\F181.tmp

c:\users\Lieven\AppData\Roaming\Uxxmxg.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-29 ))))))))))))))))))))))))))))))

.

.

2011-08-24 12:05 . 2011-08-24 12:05 -------- d-----w- c:\users\Lieven\AppData\Roaming\Panda Security

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\program files\Toolbar Cleaner

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\users\Lieven\AppData\Local\panda2_0dn

2011-08-24 12:02 . 2011-08-28 14:03 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\program files\Panda Security

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\programdata\Panda Security

2011-08-24 12:01 . 2011-08-24 12:02 -------- d-----w- C:\temp

2011-08-21 19:42 . 2011-08-21 19:42 -------- d-----w- c:\users\Lieven\DoctorWeb

2011-08-21 15:32 . 2011-08-21 19:29 -------- d-----w- c:\users\Lieven\AppData\Roaming\dvdcss

2011-08-20 22:21 . 2011-08-20 22:21 -------- d-----w- c:\users\Lieven\AppData\Local\Kolor

2011-08-20 22:21 . 2011-08-20 22:21 -------- d-----w- c:\program files\Kolor

2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\users\Lieven\AppData\Roaming\U3

2011-08-18 08:26 . 2011-08-18 08:26 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-18 08:26 . 2011-08-18 08:26 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\users\Lieven\AppData\Roaming\Canneverbe Limited

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\programdata\Canneverbe Limited

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\program files\CDBurnerXP

2011-08-14 14:41 . 2011-08-14 14:41 -------- d-----w- c:\users\Lieven\AppData\Roaming\Adobe Mini Bridge CS5

2011-08-14 14:41 . 2011-08-14 14:41 -------- d-----w- c:\users\Lieven\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-08-13 21:06 . 2011-08-13 21:06 -------- d-----w- c:\programdata\Protexis

2011-08-13 21:06 . 2011-08-13 21:06 -------- d-----w- c:\users\Lieven\AppData\Roaming\Corel

2011-08-13 21:05 . 2011-08-13 21:05 -------- d-----w- c:\program files\Common Files\Corel

2011-08-13 21:05 . 2011-08-13 21:05 -------- d-----w- c:\program files\Common Files\Protexis

2011-08-13 21:05 . 2011-08-13 21:06 -------- d-----w- c:\programdata\Corel

2011-08-13 21:04 . 2011-08-13 21:04 -------- d-----w- c:\program files\Corel

2011-08-13 21:01 . 2011-08-29 10:17 -------- d-----w- c:\program files\Common Files\Akamai

2011-08-13 20:27 . 2011-08-13 21:01 -------- d-----w- c:\programdata\Corel Painter 12

2011-08-13 17:52 . 2011-08-13 17:52 -------- d-----w- c:\users\Lieven\AppData\Roaming\portalgraphics

2011-08-13 17:52 . 2011-08-13 19:54 -------- d-----w- c:\program files\portalgraphics

2011-08-13 17:52 . 2011-08-13 17:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-13 17:52 . 2011-08-13 17:52 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-08-13 17:52 . 2011-08-13 17:52 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-08-13 17:28 . 2011-08-13 17:36 -------- d-----w- c:\users\Lieven\AppData\Roaming\Crayon Physics Deluxe

2011-08-12 19:27 . 2011-08-12 19:27 3756 ----a-w- C:\STFE823.tmp

2011-08-12 18:42 . 2011-08-12 18:42 3770 ----a-w- C:\STF435B.tmp

2011-08-12 18:39 . 2011-08-12 18:40 -------- d-----w- c:\users\Lieven\AppData\Roaming\AtomZombieData

2011-08-12 14:54 . 2011-08-12 14:54 -------- d-----w- c:\program files\PhotomatixPro4

2011-08-12 14:54 . 2011-08-12 14:54 -------- d-----w- c:\users\Lieven\AppData\Roaming\HDRsoft

2011-08-05 19:57 . 2011-08-05 19:57 -------- d-----w- c:\users\Lieven\AppData\Local\ALK_Technologies

2011-08-05 19:57 . 2011-08-05 19:57 -------- d-----w- c:\users\Lieven\AppData\Roaming\ALK Technologies

2011-08-05 19:56 . 2011-08-05 19:56 -------- d-----w- c:\users\Lieven\AppData\Local\Downloaded Installations

2011-08-05 15:00 . 2011-08-05 15:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-08-05 15:00 . 2011-08-05 15:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-08-05 15:00 . 2011-08-05 15:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-08-05 14:56 . 2011-08-05 14:59 -------- d-----w- c:\programdata\Sony Ericsson

2011-08-05 14:56 . 2011-08-05 14:59 -------- d-----w- c:\program files\Sony Ericsson

2011-08-05 07:37 . 2011-08-05 07:37 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-05 07:37 . 2011-08-05 07:37 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 17:52 . 2011-04-12 10:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-04-12 10:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 10:12 . 2011-07-05 10:12 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2011-06-01 13:10 . 2011-03-08 15:31 44544 ----a-w- c:\windows\system32\agremove.exe

2011-08-20 08:52 . 2011-04-12 10:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]

.

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]

"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2011-01-23 770728]

"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2011-01-23 148280]

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2011-03-11 941320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592]

.

c:\users\Lieven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoAutorun"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [2010-04-14 193192]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-05 13224]

R3 RMWPService;RMWPService;c:\program files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-28 20537]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-27 691696]

S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 232512]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]

S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-05 84992]

S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]

S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 598696]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-07-05 143624]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]

S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2009-06-23 487936]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730195871-63194615-2505279519-1001Core.job

- c:\users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 16:56]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730195871-63194615-2505279519-1001UA.job

- c:\users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 16:56]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyServer = http=127.0.0.1:60505

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 134.58.126.3 134.58.127.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737: NameServer = 195.238.2.21,195.238.2.22

FF - ProfilePath - c:\users\Lieven\AppData\Roaming\Mozilla\Firefox\Profiles\9mjqrv0d.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60505

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Uxxmxg - c:\users\Lieven\AppData\Roaming\Uxxmxg.exe

AddRemove-Postal 2_is1 - d:\program files\Valve\Portal 2\unins000.exe

AddRemove-{C9F06F5D-D521-43D5-AEB7-79176DC6CCDE}_is1 - c:\program files\Phone Disk\unins000.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4624)

c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll

c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Tablet\Pen\Pen_TouchUser.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Tablet\Pen\Pen_TabletUser.exe

c:\windows\system32\conhost.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\sppsvc.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2011-08-29 12:23:44 - machine werd herstart

ComboFix-quarantined-files.txt 2011-08-29 10:23

.

Pre-Run: 4.938.944.512 bytes free

Post-Run: 4.792.500.224 bytes free

.

- - End Of File - - D4691D7AEC17398897174CB14A6A6ECF

-------------------------------------------------------------------

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by Lieven at 22:56:06 on 2011-09-01

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3070.2173 [GMT 2:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dokan\DokanLibrary\mounter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxeecoms.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\system32\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Lexmark Pro700 Series\lxeemon.exe

C:\Program Files\Lexmark Pro700 Series\ezprint.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=127.0.0.1:60505

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"

mRun: [bonus.SSR.FR10] "c:\program files\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

StartupFolder: c:\users\lieven\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\lieven\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: NoAutorun = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{923D0EA4-990A-46B5-81F0-675ADEE681A8} : DhcpNameServer = 134.58.126.3 134.58.127.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\2454335303433334F575946494 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\2626F68723D236534643 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\350756564645F6573686345353531343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : NameServer = 195.238.2.21,195.238.2.22

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lieven\appdata\roaming\mozilla\firefox\profiles\9mjqrv0d.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60505

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\users\lieven\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-18 232512]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 126024]

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\ce\NetworkLicenseServer.exe [2010-5-7 814344]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-9 176128]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]

R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84992]

R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 11776]

R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143624]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-18 4869488]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-18 416112]

R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2009-6-23 487936]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-5-20 314368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2011-3-4 193192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-8-5 13224]

S3 RMWPService;RMWPService;c:\program files\reference manager 12\webpublisher\thirdparty\apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-8-5 155344]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-18 16240]

.

=============== Created Last 30 ================

.

2011-08-29 10:17:47 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-29 10:16:09 -------- d-----w- c:\users\lieven\appdata\local\temp

2011-08-29 09:47:19 98816 ----a-w- c:\windows\sed.exe

2011-08-29 09:47:19 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 09:47:19 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 09:47:19 208896 ----a-w- c:\windows\MBR.exe

2011-08-29 09:47:11 -------- d-----w- C:\ComboFix

2011-08-24 12:05:29 -------- d-----w- c:\users\lieven\appdata\roaming\Panda Security

2011-08-24 12:02:41 -------- d-----w- c:\program files\Toolbar Cleaner

2011-08-24 12:02:37 -------- d-----w- c:\users\lieven\appdata\local\panda2_0dn

2011-08-24 12:02:36 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-08-24 12:02:13 -------- d-----w- c:\programdata\Panda Security

2011-08-24 12:02:13 -------- d-----w- c:\program files\Panda Security

2011-08-24 12:01:42 -------- d-----w- C:\temp

2011-08-21 19:42:17 -------- d-----w- c:\users\lieven\DoctorWeb

2011-08-20 22:21:30 -------- d-----w- c:\users\lieven\appdata\local\Kolor

2011-08-20 22:21:06 -------- d-----w- c:\program files\Kolor

2011-08-18 08:26:13 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-18 08:26:08 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-08-18 07:56:39 -------- d-----w- c:\users\lieven\appdata\roaming\Canneverbe Limited

2011-08-18 07:56:39 -------- d-----w- c:\programdata\Canneverbe Limited

2011-08-14 14:41:12 -------- d-----w- c:\users\lieven\appdata\roaming\Adobe Mini Bridge CS5

2011-08-14 14:41:11 -------- d-----w- c:\users\lieven\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-08-13 21:06:13 -------- d-----w- c:\programdata\Protexis

2011-08-13 21:05:35 -------- d-----w- c:\program files\common files\Corel

2011-08-13 21:05:25 -------- d-----w- c:\program files\common files\Protexis

2011-08-13 21:05:24 -------- d-----w- c:\programdata\Corel

2011-08-13 21:04:13 -------- d-----w- c:\program files\Corel

2011-08-13 21:01:06 -------- d-----w- c:\program files\common files\Akamai

2011-08-13 20:27:48 -------- d-----w- c:\programdata\Corel Painter 12

2011-08-13 17:52:13 -------- d-----w- c:\users\lieven\appdata\roaming\portalgraphics

2011-08-13 17:52:12 -------- d-----w- c:\program files\portalgraphics

2011-08-13 17:52:06 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-13 17:52:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-08-13 17:52:06 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-08-13 17:28:40 -------- d-----w- c:\users\lieven\appdata\roaming\Crayon Physics Deluxe

2011-08-12 19:27:22 3756 ----a-w- C:\STFE823.tmp

2011-08-12 18:42:59 3770 ----a-w- C:\STF435B.tmp

2011-08-12 18:39:43 -------- d-----w- c:\users\lieven\appdata\roaming\AtomZombieData

2011-08-12 14:54:34 -------- d-----w- c:\users\lieven\appdata\roaming\HDRsoft

2011-08-12 14:54:34 -------- d-----w- c:\program files\PhotomatixPro4

2011-08-05 19:57:50 -------- d-----w- c:\users\lieven\appdata\local\ALK_Technologies

2011-08-05 19:57:24 -------- d-----w- c:\users\lieven\appdata\roaming\ALK Technologies

2011-08-05 19:56:31 -------- d-----w- c:\users\lieven\appdata\local\Downloaded Installations

2011-08-05 15:00:05 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-08-05 15:00:05 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-08-05 15:00:05 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-08-05 14:56:18 -------- d-----w- c:\programdata\Sony Ericsson

2011-08-05 14:56:18 -------- d-----w- c:\program files\Sony Ericsson

2011-08-05 07:37:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-05 07:37:05 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 10:12:48 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

.

============= FINISH: 22:59:35,69 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hardly false positives.

Please read this:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

Link to post
Share on other sites

Ok I removed all files and associated programs that I think you meant by your previous post. I will not make any excuses for the presence of these files on my hardrive, because frankly there are none. I also want to mention that these files have been sitting on my hardrive for quite a while and none of them have been downloaded recently to virus/worm problem (I'm just saying this because it might help you with diagnosing the problem). I will now rerun the previous scans and diagnostic tools and proceed to post the logs. If you see in the logs I'm going to post next time any evidence of files you wanted me to remove please do tell me so and I will remove them.

Kind regards.

Link to post
Share on other sites

Ok here are the logs. On a side note, I also did a full scan with Malwarebytes a few days ago and it gave me some its I haven't seen before (I added this log in the attached .zip file) but I think this are files hat are being quarantined by Panda Cloud antivirus (but I'm not sure). I also noted the the problem which made me start this thread seams to be gone now: I plugged in a clean usb-stick and it didn't get infected (at least it didn't seam to get infected) but nonetheless I'm not really sure the problem is really gone (I also haven't succeeded in effectively cleaning an infected usb drive it seams, although I thought I did this before)

Thanks for the help so far.

ComboFix 11-09-12.03 - Lieven 12/09/2011 22:33:01.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3070.2019 [GMT 2:00]

Gestart vanuit: c:\users\Lieven\Desktop\Virus 3\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\mfc100deu.dll

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\ERDNT\cache\userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-12 to 2011-09-12 ))))))))))))))))))))))))))))))

.

.

2011-09-12 20:49 . 2011-09-12 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-03 19:09 . 2011-09-03 19:09 -------- d-----w- c:\program files\CDisplay

2011-08-29 10:16 . 2011-09-12 20:50 -------- d-----w- c:\users\Lieven\AppData\Local\temp

2011-08-24 12:05 . 2011-08-24 12:05 -------- d-----w- c:\users\Lieven\AppData\Roaming\Panda Security

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\program files\Toolbar Cleaner

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\users\Lieven\AppData\Local\panda2_0dn

2011-08-24 12:02 . 2011-09-12 20:50 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\program files\Panda Security

2011-08-24 12:02 . 2011-08-24 12:02 -------- d-----w- c:\programdata\Panda Security

2011-08-24 12:01 . 2011-08-24 12:02 -------- d-----w- C:\temp

2011-08-21 19:42 . 2011-08-21 19:42 -------- d-----w- c:\users\Lieven\DoctorWeb

2011-08-21 15:32 . 2011-08-21 19:29 -------- d-----w- c:\users\Lieven\AppData\Roaming\dvdcss

2011-08-20 22:21 . 2011-08-20 22:21 -------- d-----w- c:\users\Lieven\AppData\Local\Kolor

2011-08-20 22:21 . 2011-08-20 22:21 -------- d-----w- c:\program files\Kolor

2011-08-20 08:36 . 2011-08-20 08:36 -------- d-----w- c:\users\Lieven\AppData\Roaming\U3

2011-08-18 08:26 . 2011-08-18 08:26 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-18 08:26 . 2011-08-18 08:26 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\users\Lieven\AppData\Roaming\Canneverbe Limited

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\programdata\Canneverbe Limited

2011-08-18 07:56 . 2011-08-18 07:56 -------- d-----w- c:\program files\CDBurnerXP

2011-08-14 14:41 . 2011-08-14 14:41 -------- d-----w- c:\users\Lieven\AppData\Roaming\Adobe Mini Bridge CS5

2011-08-14 14:41 . 2011-08-14 14:41 -------- d-----w- c:\users\Lieven\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-08-13 21:06 . 2011-08-13 21:06 -------- d-----w- c:\programdata\Protexis

2011-08-13 21:06 . 2011-08-13 21:06 -------- d-----w- c:\users\Lieven\AppData\Roaming\Corel

2011-08-13 21:05 . 2011-08-13 21:05 -------- d-----w- c:\program files\Common Files\Corel

2011-08-13 21:05 . 2011-08-13 21:05 -------- d-----w- c:\program files\Common Files\Protexis

2011-08-13 21:05 . 2011-08-13 21:06 -------- d-----w- c:\programdata\Corel

2011-08-13 21:04 . 2011-08-13 21:04 -------- d-----w- c:\program files\Corel

2011-08-13 21:01 . 2011-09-12 20:50 -------- d-----w- c:\program files\Common Files\Akamai

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-13 17:52 . 2011-08-13 17:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-13 17:52 . 2011-08-13 17:52 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-08-13 17:52 . 2011-08-13 17:52 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-08-12 19:27 . 2011-08-12 19:27 3756 ----a-w- C:\STFE823.tmp

2011-08-12 18:42 . 2011-08-12 18:42 3770 ----a-w- C:\STF435B.tmp

2011-08-05 15:00 . 2011-08-05 15:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-08-05 15:00 . 2011-08-05 15:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-08-05 15:00 . 2011-08-05 15:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-08-01 11:23 . 2011-08-01 11:23 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2011-07-06 17:52 . 2011-04-12 10:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-04-12 10:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-08 09:21 . 2011-04-12 10:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]

.

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]

"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2011-01-23 770728]

"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2011-01-23 148280]

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2011-03-11 941320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592]

.

c:\users\Lieven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoAutorun"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [2010-04-14 193192]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-05 13224]

R3 RMWPService;RMWPService;c:\program files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-28 20537]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-27 691696]

S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-18 232512]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]

S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 176128]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-05 84992]

S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]

S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 598696]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-08-01 143624]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]

S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2009-06-23 487936]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730195871-63194615-2505279519-1001Core.job

- c:\users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 16:56]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730195871-63194615-2505279519-1001UA.job

- c:\users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 16:56]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyServer = http=127.0.0.1:60505

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737: NameServer = 195.238.2.21,195.238.2.22

FF - ProfilePath - c:\users\Lieven\AppData\Roaming\Mozilla\Firefox\Profiles\9mjqrv0d.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60505

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(396)

c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll

c:\users\Lieven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Tablet\Pen\Pen_TabletUser.exe

c:\program files\Tablet\Pen\Pen_TouchUser.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2011-09-12 22:56:53 - machine werd herstart

ComboFix-quarantined-files.txt 2011-09-12 20:56

ComboFix2.txt 2011-08-29 10:23

.

Pre-Run: 1.606.504.448 bytes free

Post-Run: 1.544.495.104 bytes free

.

- - End Of File - - 424F0B7405F540AC1095081FC489DBD2

___________________________________________________________________________________

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7704

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/09/2011 23:10:07

mbam-log-2011-09-12 (23-10-07).txt

Scan type: Quick scan

Objects scanned: 172235

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________________________

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by Lieven at 23:10:57 on 2011-09-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3070.2138 [GMT 2:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dokan\DokanLibrary\mounter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxeecoms.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\system32\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Lexmark Pro700 Series\lxeemon.exe

C:\Program Files\Lexmark Pro700 Series\ezprint.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=127.0.0.1:60505

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"

mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"

mRun: [bonus.SSR.FR10] "c:\program files\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

StartupFolder: c:\users\lieven\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\lieven\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: NoAutorun = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{923D0EA4-990A-46B5-81F0-675ADEE681A8} : DhcpNameServer = 134.58.126.3 134.58.127.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\2626F68723D236534643 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\350756564645F6573686345353531343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : NameServer = 195.238.2.21,195.238.2.22

TCP: Interfaces\{BF85D068-29E5-4CAC-A39A-597A8AB5992C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lieven\appdata\roaming\mozilla\firefox\profiles\9mjqrv0d.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60505

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\users\lieven\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-18 232512]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 126024]

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\ce\NetworkLicenseServer.exe [2010-5-7 814344]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-9 176128]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]

R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84992]

R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 11776]

R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143624]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-2-18 4869488]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-2-18 416112]

R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2009-6-23 487936]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-5-20 314368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2011-3-4 193192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-8-5 13224]

S3 RMWPService;RMWPService;c:\program files\reference manager 12\webpublisher\thirdparty\apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-8-5 155344]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-2-18 16240]

.

=============== Created Last 30 ================

.

2011-09-12 20:55:07 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-12 20:31:41 -------- d-----w- C:\ComboFix

2011-09-03 19:09:22 -------- d-----w- c:\program files\CDisplay

2011-08-29 10:16:09 -------- d-----w- c:\users\lieven\appdata\local\temp

2011-08-29 09:47:19 98816 ----a-w- c:\windows\sed.exe

2011-08-29 09:47:19 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 09:47:19 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 09:47:19 208896 ----a-w- c:\windows\MBR.exe

2011-08-24 12:05:29 -------- d-----w- c:\users\lieven\appdata\roaming\Panda Security

2011-08-24 12:02:41 -------- d-----w- c:\program files\Toolbar Cleaner

2011-08-24 12:02:37 -------- d-----w- c:\users\lieven\appdata\local\panda2_0dn

2011-08-24 12:02:36 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-08-24 12:02:13 -------- d-----w- c:\programdata\Panda Security

2011-08-24 12:02:13 -------- d-----w- c:\program files\Panda Security

2011-08-24 12:01:42 -------- d-----w- C:\temp

2011-08-21 19:42:17 -------- d-----w- c:\users\lieven\DoctorWeb

2011-08-20 22:21:30 -------- d-----w- c:\users\lieven\appdata\local\Kolor

2011-08-20 22:21:06 -------- d-----w- c:\program files\Kolor

2011-08-18 08:26:13 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-08-18 08:26:08 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-08-18 07:56:39 -------- d-----w- c:\users\lieven\appdata\roaming\Canneverbe Limited

2011-08-18 07:56:39 -------- d-----w- c:\programdata\Canneverbe Limited

2011-08-14 14:41:12 -------- d-----w- c:\users\lieven\appdata\roaming\Adobe Mini Bridge CS5

2011-08-14 14:41:11 -------- d-----w- c:\users\lieven\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.

==================== Find3M ====================

.

2011-08-13 17:52:06 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-13 17:52:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-08-13 17:52:06 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-08-12 19:27:22 3756 ----a-w- C:\STFE823.tmp

2011-08-12 18:42:59 3770 ----a-w- C:\STF435B.tmp

2011-08-05 15:00:05 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2011-08-05 15:00:05 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2011-08-05 15:00:05 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-08-01 11:23:23 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 23:14:01,70 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.