Jump to content

Browser Hijacked


Zeus2011

Recommended Posts

My browsers Google chrome and IE8 got hijacked. Google links get redirected. for a short time i can see a fresh-weather....something. Cant find anything. Made scans with Spybot, Malwarebyte and Avira. Nothing special. Cant find anything in the hijack log. Maybe you can help.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:07:58, on 29.09.2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe

C:\Program Files\Sage\Sage50\Prog\LiveUpdService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

c:\program files\lenovo\system update\suservice.exe

c:\program files\teamviewer\version6\TeamViewer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\teamviewer\version6\TeamViewer_Desktop.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TeamViewer\Version6\tv_w32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alt-N Technologies\ComAgent\ComAgent.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\FSRremoS.EXE

C:\WINDOWS\system32\Pelmiced.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\TEMP\Zeus\Hijack\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.intranet.prevent-soraton.ch:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = update.microsoft.com;*.update.microsoft.com;*.windowsupdate.com;activex.microsoft.com;codecs.microsoft.com;c.microsoft.com;<local>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ComAgent.lnk = C:\Program Files\Alt-N Technologies\ComAgent\ComAgent.exe

O4 - Global Startup: Lotus-Laufwerk zuordnen.lnk = C:\Lotus\Lotus.cmd

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://mail.infopart.ch/dwa85W.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://symantec-uk.webex.com/client/T26L10NSP49EP23/support/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.prevent-soraton.ch

O17 - HKLM\Software\..\Telephony: DomainName = intranet.prevent-soraton.ch

O17 - HKLM\System\CCS\Services\Tcpip\..\{62382BEA-624C-4D76-931D-125AC2F9D99D}: Domain = intranet.prevent-soraton.ch

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.prevent-soraton.ch

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lotus Notes-Diagnose (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Lotus Notes - Gemeinsame Anmeldung (Lotus Notes Single Logon) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Pervasive PSQL Relational Engine (Pervasive.SQL (relational)) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe

O23 - Service: Pervasive PSQL Transactional Engine (Pervasive.SQL (transactional)) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe

O23 - Service: Sentinel RMS License Manager - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe

O23 - Service: Sesam LiveUpdate Service - Sage Schweiz AG - C:\Program Files\Sage\Sage50\Prog\LiveUpdService.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--

End of file - 14767 bytes

Link to post
Share on other sites

Hi and Welcome to the Malwarebytes' forum.

First, disable Spybot's TeaTimer or any fixes we make in HjiackThis will be reversed. This is a two step process.

First:

- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)

- Choose Exit Spybot S&D Resident

Second:

- Open Spybot S&D

- Click Mode, check Advanced Mode

- Go To Left Panel, Click Tools, then also in left panel, click Resident

Please LEAVE TEATIMER OFF while I am helping you, or it will reverse all our beneficial fixes.

Download DDS and save it to your desktop from here

dds_scr.gif

Disable any script blocking programs you may have installed (such as Norton script blocking), and then double-click dss.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please copy and paste both logs into your next reply (do NOT attach them).

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Thx for your fast answer here we go:

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by RZ at 9:26:01 on 2011-09-30

Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.3327.2525 [GMT 2:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe

C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Pervasive Software\PSQL\bin\NTDBSMGR.EXE

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe

C:\Program Files\Sage\Sage50\Prog\LiveUpdService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

c:\program files\lenovo\system update\suservice.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe

C:\WINDOWS\Explorer.EXE

c:\program files\teamviewer\version6\TeamViewer.exe

C:\Program Files\TeamViewer\Version6\tv_w32.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\Pelmiced.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alt-N Technologies\ComAgent\ComAgent.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = proxy.intranet.prevent-soraton.ch:80

uInternet Settings,ProxyOverride = update.microsoft.com;*.update.microsoft.com;*.windowsupdate.com;activex.microsoft.com;codecs.microsoft.com;c.microsoft.com;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\comagent.lnk - c:\program files\alt-n technologies\comagent\ComAgent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotus-~1.lnk - c:\lotus\Lotus.cmd

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://mail.infopart.ch/dwa85W.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://symantec-uk.webex.com/client/T26L10NSP49EP23/support/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 88.84.0.2 88.84.0.34

TCP: Interfaces\{62382BEA-624C-4D76-931D-125AC2F9D99D} : DhcpNameServer = 88.84.0.2 88.84.0.34

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-10 11608]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-6-10 340136]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-6-10 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-10 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-10 428200]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-10 66616]

R2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\program files\ibm\lotus\notes\nsd.exe [2008-12-6 3315080]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-29 366152]

R2 Pervasive.SQL (relational);Pervasive PSQL Relational Engine;c:\program files\pervasive software\psql\bin\w3sqlmgr.exe [2009-11-17 36640]

R2 Pervasive.SQL (transactional);Pervasive PSQL Transactional Engine;c:\program files\pervasive software\psql\bin\ntbtrv.exe [2009-11-17 111904]

R2 Sentinel RMS License Manager;Sentinel RMS License Manager;c:\program files\common files\safenet sentinel\sentinel rms license manager\winnt\lservnt.exe [2008-11-20 782336]

R2 Sesam LiveUpdate Service;Sesam LiveUpdate Service;c:\program files\sage\sage50\prog\LiveUpdService.exe [2010-1-7 176128]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-31 2280312]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-29 22216]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-23 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

.

=============== Created Last 30 ================

.

2011-09-29 13:46:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 13:46:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 11:38:01 -------- d-sha-r- C:\cmdcons

2011-09-29 11:34:53 98816 ----a-w- c:\windows\sed.exe

2011-09-29 11:34:53 518144 ----a-w- c:\windows\SWREG.exe

2011-09-29 11:34:53 256000 ----a-w- c:\windows\PEV.exe

2011-09-29 11:34:53 208896 ----a-w- c:\windows\MBR.exe

2011-09-29 08:19:48 -------- d-----w- c:\documents and settings\rz\application data\Malwarebytes

2011-09-29 08:19:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-20 08:22:07 -------- d-----w- C:\_Batch

2011-09-16 14:14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-16 14:04:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-16 13:39:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-16 13:39:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-09-12 11:33:59 -------- d-----w- c:\documents and settings\rz\Client Security Solution

2011-09-05 07:06:36 -------- d-----w- c:\windows\ShellNew

2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-16 05:31:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

1998-10-07 16:16:46 148480 ------w- c:\program files\UNWISE.EXE

.

============= FINISH: 9:27:01.96 ===============

TDSSKILLER LOG:

09:19:39.0484 5236 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

09:19:39.0625 5236 ============================================================

09:19:39.0625 5236 Current date / time: 2011/09/30 09:19:39.0625

09:19:39.0625 5236 SystemInfo:

09:19:39.0625 5236

09:19:39.0625 5236 OS Version: 5.1.2600 ServicePack: 3.0

09:19:39.0625 5236 Product type: Workstation

09:19:39.0625 5236 ComputerName: CHPRSOCB

09:19:39.0625 5236 UserName: RZ

09:19:39.0625 5236 Windows directory: C:\WINDOWS

09:19:39.0625 5236 System windows directory: C:\WINDOWS

09:19:39.0625 5236 Processor architecture: Intel x86

09:19:39.0625 5236 Number of processors: 2

09:19:39.0625 5236 Page size: 0x1000

09:19:39.0625 5236 Boot type: Normal boot

09:19:39.0625 5236 ============================================================

09:19:40.0609 5236 Initialize success

09:19:46.0937 4836 ============================================================

09:19:46.0937 4836 Scan started

09:19:46.0937 4836 Mode: Manual;

09:19:46.0937 4836 ============================================================

09:19:47.0343 4836 Abiosdsk - ok

09:19:47.0375 4836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

09:19:47.0390 4836 abp480n5 - ok

09:19:47.0437 4836 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

09:19:47.0453 4836 ac97intc - ok

09:19:47.0484 4836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:19:47.0484 4836 ACPI - ok

09:19:47.0640 4836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:19:47.0640 4836 ACPIEC - ok

09:19:47.0671 4836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

09:19:47.0671 4836 adpu160m - ok

09:19:47.0734 4836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:19:47.0750 4836 aec - ok

09:19:47.0890 4836 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

09:19:47.0890 4836 AFD - ok

09:19:47.0937 4836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:19:47.0937 4836 agp440 - ok

09:19:48.0062 4836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

09:19:48.0062 4836 agpCPQ - ok

09:19:48.0078 4836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

09:19:48.0093 4836 Aha154x - ok

09:19:48.0140 4836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

09:19:48.0140 4836 aic78u2 - ok

09:19:48.0218 4836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

09:19:48.0218 4836 aic78xx - ok

09:19:48.0312 4836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

09:19:48.0312 4836 AliIde - ok

09:19:48.0421 4836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

09:19:48.0421 4836 alim1541 - ok

09:19:48.0546 4836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

09:19:48.0546 4836 amdagp - ok

09:19:48.0593 4836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

09:19:48.0593 4836 amsint - ok

09:19:48.0609 4836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

09:19:48.0625 4836 asc - ok

09:19:48.0640 4836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

09:19:48.0656 4836 asc3350p - ok

09:19:48.0656 4836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

09:19:48.0671 4836 asc3550 - ok

09:19:48.0718 4836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:19:48.0718 4836 AsyncMac - ok

09:19:48.0875 4836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:19:48.0875 4836 atapi - ok

09:19:48.0875 4836 Atdisk - ok

09:19:48.0984 4836 ati2mtag (2f24aff9e8409821aafa005d3706b583) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:19:49.0015 4836 ati2mtag - ok

09:19:49.0156 4836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:19:49.0156 4836 Atmarpc - ok

09:19:49.0187 4836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:19:49.0187 4836 audstub - ok

09:19:49.0265 4836 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

09:19:49.0265 4836 avgio - ok

09:19:49.0421 4836 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:19:49.0421 4836 avgntflt - ok

09:19:49.0484 4836 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:19:49.0484 4836 avipbb - ok

09:19:49.0625 4836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:19:49.0640 4836 Beep - ok

09:19:49.0734 4836 catchme - ok

09:19:49.0859 4836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

09:19:49.0875 4836 cbidf - ok

09:19:49.0875 4836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:19:49.0875 4836 cbidf2k - ok

09:19:49.0937 4836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:19:49.0937 4836 CCDECODE - ok

09:19:49.0937 4836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

09:19:49.0953 4836 cd20xrnt - ok

09:19:49.0968 4836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:19:49.0968 4836 Cdaudio - ok

09:19:50.0078 4836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:19:50.0078 4836 Cdfs - ok

09:19:50.0093 4836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:19:50.0093 4836 Cdrom - ok

09:19:50.0203 4836 Changer - ok

09:19:50.0234 4836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

09:19:50.0234 4836 CmdIde - ok

09:19:50.0296 4836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

09:19:50.0296 4836 Cpqarray - ok

09:19:50.0437 4836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

09:19:50.0437 4836 dac2w2k - ok

09:19:50.0515 4836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

09:19:50.0515 4836 dac960nt - ok

09:19:50.0578 4836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:19:50.0578 4836 Disk - ok

09:19:50.0656 4836 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

09:19:50.0671 4836 DLABOIOM - ok

09:19:50.0875 4836 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

09:19:50.0875 4836 DLACDBHM - ok

09:19:50.0953 4836 DLADResN (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS

09:19:50.0953 4836 DLADResN - ok

09:19:50.0968 4836 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

09:19:50.0968 4836 DLAIFS_M - ok

09:19:50.0984 4836 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

09:19:50.0984 4836 DLAOPIOM - ok

09:19:50.0984 4836 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

09:19:50.0984 4836 DLAPoolM - ok

09:19:51.0031 4836 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

09:19:51.0046 4836 DLARTL_N - ok

09:19:51.0125 4836 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

09:19:51.0125 4836 DLAUDFAM - ok

09:19:51.0187 4836 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

09:19:51.0187 4836 DLAUDF_M - ok

09:19:51.0343 4836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:19:51.0343 4836 dmboot - ok

09:19:51.0359 4836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:19:51.0375 4836 dmio - ok

09:19:51.0500 4836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:19:51.0500 4836 dmload - ok

09:19:51.0546 4836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:19:51.0562 4836 DMusic - ok

09:19:51.0687 4836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

09:19:51.0703 4836 dpti2o - ok

09:19:51.0765 4836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:19:51.0781 4836 drmkaud - ok

09:19:51.0921 4836 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

09:19:51.0921 4836 DRVMCDB - ok

09:19:51.0921 4836 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

09:19:51.0937 4836 DRVNDDM - ok

09:19:51.0953 4836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

09:19:51.0953 4836 E100B - ok

09:19:52.0093 4836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:19:52.0093 4836 Fastfat - ok

09:19:52.0125 4836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:19:52.0125 4836 Fdc - ok

09:19:52.0234 4836 FilterService - ok

09:19:52.0296 4836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:19:52.0296 4836 Fips - ok

09:19:52.0453 4836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:19:52.0453 4836 Flpydisk - ok

09:19:52.0500 4836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:19:52.0500 4836 FltMgr - ok

09:19:52.0640 4836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:19:52.0640 4836 Fs_Rec - ok

09:19:52.0656 4836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:19:52.0656 4836 Ftdisk - ok

09:19:52.0812 4836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:19:52.0812 4836 Gpc - ok

09:19:52.0921 4836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:19:52.0937 4836 HDAudBus - ok

09:19:52.0953 4836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:19:52.0953 4836 HidUsb - ok

09:19:53.0078 4836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

09:19:53.0078 4836 hpn - ok

09:19:53.0109 4836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:19:53.0125 4836 HTTP - ok

09:19:53.0234 4836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

09:19:53.0234 4836 i2omgmt - ok

09:19:53.0265 4836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

09:19:53.0265 4836 i2omp - ok

09:19:53.0390 4836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:19:53.0406 4836 i8042prt - ok

09:19:53.0468 4836 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

09:19:53.0468 4836 iaStor - ok

09:19:53.0593 4836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:19:53.0609 4836 Imapi - ok

09:19:53.0671 4836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

09:19:53.0671 4836 ini910u - ok

09:19:53.0859 4836 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:19:53.0890 4836 IntcAzAudAddService - ok

09:19:54.0015 4836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:19:54.0015 4836 IntelIde - ok

09:19:54.0062 4836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:19:54.0062 4836 intelppm - ok

09:19:54.0093 4836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:19:54.0093 4836 Ip6Fw - ok

09:19:54.0203 4836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:19:54.0203 4836 IpFilterDriver - ok

09:19:54.0218 4836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:19:54.0234 4836 IpInIp - ok

09:19:54.0328 4836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:19:54.0328 4836 IpNat - ok

09:19:54.0375 4836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:19:54.0390 4836 IPSec - ok

09:19:54.0515 4836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:19:54.0515 4836 IRENUM - ok

09:19:54.0546 4836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:19:54.0546 4836 isapnp - ok

09:19:54.0593 4836 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

09:19:54.0593 4836 Iviaspi - ok

09:19:54.0625 4836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:19:54.0625 4836 Kbdclass - ok

09:19:54.0656 4836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:19:54.0656 4836 kbdhid - ok

09:19:54.0703 4836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:19:54.0703 4836 kmixer - ok

09:19:54.0765 4836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:19:54.0765 4836 KSecDD - ok

09:19:54.0875 4836 lbrtfdc - ok

09:19:54.0890 4836 LVRS - ok

09:19:54.0890 4836 LVUVC - ok

09:19:54.0937 4836 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

09:19:54.0937 4836 MBAMProtector - ok

09:19:55.0093 4836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:19:55.0093 4836 mnmdd - ok

09:19:55.0140 4836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:19:55.0156 4836 Modem - ok

09:19:55.0265 4836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:19:55.0265 4836 Mouclass - ok

09:19:55.0312 4836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:19:55.0328 4836 mouhid - ok

09:19:55.0468 4836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:19:55.0468 4836 MountMgr - ok

09:19:55.0500 4836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

09:19:55.0500 4836 mraid35x - ok

09:19:55.0640 4836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:19:55.0640 4836 MRxDAV - ok

09:19:55.0671 4836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:19:55.0687 4836 MRxSmb - ok

09:19:55.0812 4836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:19:55.0812 4836 Msfs - ok

09:19:55.0953 4836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:19:55.0953 4836 MSKSSRV - ok

09:19:55.0968 4836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:19:55.0968 4836 MSPCLOCK - ok

09:19:56.0093 4836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:19:56.0093 4836 MSPQM - ok

09:19:56.0140 4836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:19:56.0140 4836 mssmbios - ok

09:19:56.0265 4836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:19:56.0265 4836 MSTEE - ok

09:19:56.0296 4836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:19:56.0312 4836 Mup - ok

09:19:56.0468 4836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:19:56.0468 4836 NABTSFEC - ok

09:19:56.0562 4836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:19:56.0578 4836 NDIS - ok

09:19:56.0734 4836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:19:56.0734 4836 NdisIP - ok

09:19:56.0765 4836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:19:56.0765 4836 NdisTapi - ok

09:19:56.0890 4836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:19:56.0906 4836 Ndisuio - ok

09:19:56.0921 4836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:19:56.0921 4836 NdisWan - ok

09:19:57.0062 4836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:19:57.0062 4836 NDProxy - ok

09:19:57.0109 4836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:19:57.0109 4836 NetBIOS - ok

09:19:57.0218 4836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:19:57.0234 4836 NetBT - ok

09:19:57.0250 4836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:19:57.0250 4836 Npfs - ok

09:19:57.0265 4836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:19:57.0281 4836 Ntfs - ok

09:19:57.0296 4836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:19:57.0296 4836 Null - ok

09:19:57.0484 4836 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:19:57.0500 4836 nv - ok

09:19:57.0656 4836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:19:57.0671 4836 NwlnkFlt - ok

09:19:57.0703 4836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:19:57.0718 4836 NwlnkFwd - ok

09:19:57.0781 4836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:19:57.0781 4836 Parport - ok

09:19:57.0890 4836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:19:57.0906 4836 PartMgr - ok

09:19:57.0968 4836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:19:57.0968 4836 ParVdm - ok

09:19:58.0000 4836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:19:58.0000 4836 PCI - ok

09:19:58.0109 4836 PCIDump - ok

09:19:58.0125 4836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:19:58.0125 4836 PCIIde - ok

09:19:58.0171 4836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:19:58.0171 4836 Pcmcia - ok

09:19:58.0187 4836 PDCOMP - ok

09:19:58.0187 4836 PDFRAME - ok

09:19:58.0203 4836 PDRELI - ok

09:19:58.0203 4836 PDRFRAME - ok

09:19:58.0250 4836 pelmouse (bd71f603c9aa0754c96e7557ee0001f9) C:\WINDOWS\system32\DRIVERS\pelmouse.sys

09:19:58.0250 4836 pelmouse - ok

09:19:58.0359 4836 pelusblf (25c36dccbe713f62bd9d24dd5c554b4e) C:\WINDOWS\system32\DRIVERS\pelusblf.sys

09:19:58.0375 4836 pelusblf - ok

09:19:58.0437 4836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

09:19:58.0437 4836 perc2 - ok

09:19:58.0578 4836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

09:19:58.0593 4836 perc2hib - ok

09:19:58.0703 4836 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

09:19:58.0703 4836 pmem - ok

09:19:58.0765 4836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:19:58.0765 4836 PptpMiniport - ok

09:19:58.0906 4836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:19:58.0906 4836 Processor - ok

09:19:58.0953 4836 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys

09:19:58.0953 4836 psadd - ok

09:19:59.0093 4836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:19:59.0093 4836 PSched - ok

09:19:59.0125 4836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:19:59.0125 4836 Ptilink - ok

09:19:59.0156 4836 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:19:59.0156 4836 PxHelp20 - ok

09:19:59.0218 4836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

09:19:59.0218 4836 ql1080 - ok

09:19:59.0312 4836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

09:19:59.0328 4836 Ql10wnt - ok

09:19:59.0328 4836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

09:19:59.0343 4836 ql12160 - ok

09:19:59.0343 4836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

09:19:59.0343 4836 ql1240 - ok

09:19:59.0359 4836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

09:19:59.0359 4836 ql1280 - ok

09:19:59.0390 4836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:19:59.0390 4836 RasAcd - ok

09:19:59.0546 4836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:19:59.0546 4836 Rasl2tp - ok

09:19:59.0593 4836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:19:59.0593 4836 RasPppoe - ok

09:19:59.0656 4836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:19:59.0656 4836 Raspti - ok

09:19:59.0687 4836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:19:59.0687 4836 Rdbss - ok

09:19:59.0843 4836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:19:59.0843 4836 RDPCDD - ok

09:19:59.0937 4836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:19:59.0937 4836 rdpdr - ok

09:20:00.0078 4836 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:20:00.0078 4836 RDPWD - ok

09:20:00.0125 4836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:20:00.0125 4836 redbook - ok

09:20:00.0265 4836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:20:00.0265 4836 Secdrv - ok

09:20:00.0296 4836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:20:00.0296 4836 serenum - ok

09:20:00.0453 4836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:20:00.0453 4836 Serial - ok

09:20:00.0546 4836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:20:00.0546 4836 Sfloppy - ok

09:20:00.0656 4836 Simbad - ok

09:20:00.0718 4836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:20:00.0718 4836 sisagp - ok

09:20:00.0843 4836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:20:00.0843 4836 SLIP - ok

09:20:00.0875 4836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

09:20:00.0875 4836 Sparrow - ok

09:20:00.0968 4836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:20:00.0968 4836 splitter - ok

09:20:00.0984 4836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:20:01.0000 4836 sr - ok

09:20:01.0140 4836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:20:01.0140 4836 Srv - ok

09:20:01.0187 4836 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:20:01.0203 4836 ssmdrv - ok

09:20:01.0328 4836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:20:01.0328 4836 streamip - ok

09:20:01.0375 4836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:20:01.0375 4836 swenum - ok

09:20:01.0531 4836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:20:01.0531 4836 swmidi - ok

09:20:01.0562 4836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

09:20:01.0562 4836 symc810 - ok

09:20:01.0593 4836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

09:20:01.0593 4836 symc8xx - ok

09:20:01.0625 4836 SymIM - ok

09:20:01.0625 4836 SymIMMP - ok

09:20:01.0656 4836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

09:20:01.0656 4836 sym_hi - ok

09:20:01.0656 4836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

09:20:01.0671 4836 sym_u3 - ok

09:20:01.0703 4836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:20:01.0718 4836 sysaudio - ok

09:20:01.0843 4836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:20:01.0859 4836 Tcpip - ok

09:20:01.0890 4836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:20:01.0890 4836 TDPIPE - ok

09:20:02.0000 4836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:20:02.0000 4836 TDTCP - ok

09:20:02.0015 4836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:20:02.0015 4836 TermDD - ok

09:20:02.0156 4836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

09:20:02.0156 4836 TosIde - ok

09:20:02.0203 4836 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

09:20:02.0203 4836 tvtfilter - ok

09:20:02.0343 4836 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

09:20:02.0343 4836 TVTI2C - ok

09:20:02.0359 4836 TVTPktFilter - ok

09:20:02.0390 4836 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys

09:20:02.0390 4836 tvtumon - ok

09:20:02.0437 4836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:20:02.0453 4836 Udfs - ok

09:20:02.0593 4836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

09:20:02.0609 4836 ultra - ok

09:20:02.0703 4836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:20:02.0703 4836 Update - ok

09:20:02.0765 4836 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:20:02.0765 4836 usbaudio - ok

09:20:02.0906 4836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:20:02.0906 4836 usbccgp - ok

09:20:02.0953 4836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:20:02.0953 4836 usbehci - ok

09:20:03.0078 4836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:20:03.0078 4836 usbhub - ok

09:20:03.0125 4836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:20:03.0125 4836 USBSTOR - ok

09:20:03.0265 4836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:20:03.0265 4836 usbuhci - ok

09:20:03.0312 4836 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

09:20:03.0328 4836 usbvideo - ok

09:20:03.0453 4836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:20:03.0453 4836 VgaSave - ok

09:20:03.0625 4836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

09:20:03.0625 4836 viaagp - ok

09:20:03.0656 4836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:20:03.0656 4836 ViaIde - ok

09:20:03.0781 4836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:20:03.0781 4836 VolSnap - ok

09:20:03.0812 4836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:20:03.0812 4836 Wanarp - ok

09:20:03.0906 4836 WDICA - ok

09:20:03.0953 4836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:20:03.0953 4836 wdmaud - ok

09:20:04.0015 4836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:20:04.0015 4836 WS2IFSL - ok

09:20:04.0140 4836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:20:04.0156 4836 WSTCODEC - ok

09:20:04.0187 4836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:20:04.0187 4836 WudfPf - ok

09:20:04.0343 4836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:20:04.0343 4836 WudfRd - ok

09:20:04.0421 4836 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

09:20:04.0421 4836 yukonwxp - ok

09:20:04.0437 4836 MBR (0x1B8) (7b611618d69d8a39a21c85e627379a6c) \Device\Harddisk0\DR0

09:20:04.0437 4836 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

09:20:04.0437 4836 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

09:20:04.0437 4836 Boot (0x1200) (9828a22caf7d6192a26f57d5600c0267) \Device\Harddisk0\DR0\Partition0

09:20:04.0437 4836 \Device\Harddisk0\DR0\Partition0 - ok

09:20:04.0437 4836 ============================================================

09:20:04.0437 4836 Scan finished

09:20:04.0437 4836 ============================================================

09:20:04.0437 5556 Detected object count: 1

09:20:04.0437 5556 Actual detected object count: 1

09:21:08.0578 5556 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

09:21:08.0578 5556 \Device\Harddisk0\DR0 - ok

09:21:08.0578 5556 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

09:21:39.0203 5032 Deinitialize success

Conclusion:

As far i can say my system is clean and working fine. Thank you so much. Anything to do left?

Link to post
Share on other sites

You're welcome and good job! You were infected with a widespread rootkit variant of the Alureon trojan that infects the MBR (Master Boot Record) of the host computer and is a common cause for browser redirection. This variant is aka TDL4, and TDSSKiller successfully removed it and restored your MBR to the XP standard. You can read more about TDL4 here in this article I wrote for my blog:i

http://secure-computer-solutions.com/blog/2010/10/why_you_should_backup_your_mbr.html

In answer to your questions - this section of the TDSSKIller log showed me you were infected here:

09:20:04.0437 4836 MBR (0x1B8) (7b611618d69d8a39a21c85e627379a6c) \Device\Harddisk0\DR0

09:20:04.0437 4836 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

09:20:04.0437 4836 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

09:20:04.0437 4836 Boot (0x1200) (9828a22caf7d6192a26f57d5600c0267) \Device\Harddisk0\DR0\Partition0

09:20:04.0437 4836 \Device\Harddisk0\DR0\Partition0 - ok

09:20:04.0437 4836 ============================================================

09:20:04.0437 4836 Scan finished

09:20:04.0437 4836 ============================================================

09:20:04.0437 5556 Detected object count: 1

09:20:04.0437 5556 Actual detected object count: 1

09:21:08.0578 5556 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

09:21:08.0578 5556 \Device\Harddisk0\DR0 - ok

09:21:08.0578 5556 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

09:21:39.0203 5032 Deinitialize success

This is a very specific "hidden" infection that needs special dedicated programs to locate and remove it. Only certain antirootkit programs can do that and antivirus programs are usually not successful. Perhaps they might pick it up in a boot scan but probably not. Avira has a specialized tool for this but I would not use it now because tampering with the MBR more than you need to can be dangerous:

http://www.avira.com/en/support-download-antivir-boot-sector-repair-tool

Your antivirus is one of the best so keep it!

Your computer appears to be disinfected now but we have a few steps to finish up.

First, you can safely remove TDSSKiller from its download location.

Secondly, set a new system restore point so you have a new "clean" baseline established that you can revert back to in the event your need to use it:

http://support.microsoft.com/kb/948247

Here's some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC to be vulnerable, by using the Secunia Online Software Inspector (OSI) . Just click the "Start Scanner" button to receive a detailed report. This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, and many others are commonly targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to.

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. Make sure you have the latest critical updates from the Windows Update Website. Windows Updates are your first line of defense against malware.

Finally, please follow the suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

Happy Surfing!

Link to post
Share on other sites

Any time! Glad to be of help!!

Can you point me in any direction why this user system got infected? The antivirus was uptodate anytime. So maybe some user action was involved? Does the infection comes per mail or from infected internetsites? How can we exclude such infections in future?

Many thx

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.