logger, Combofix og MBAM

[MathiasN1]

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Databaseversjon: 7231

 

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 7.0.6001.18000

 

22.07.2011 19:10:30

mbam-log-2011-07-22 (19-10-30).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 158251

Tid tilbakelagt: 3 minutt(er), 0 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 19

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hI01602FaCeP01602 (Trojan.FakeAlert) -> Value: hI01602FaCeP01602 -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

c:\programdata\hi01602facep01602\hi01602facep01602.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\603A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\8B6F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\setup1327590368.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\setup1533700832.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\setup1724212608.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\cong tam tran\AppData\Local\Temp\setup962857856.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\Bqf.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\Bqg.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\Bqh .exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\Bqi.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\Windows\Fonts\giaxggkd4.com (Malware.Generic) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc146.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc1914693.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc43.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

 

 

 

 

 

Combofix

ComboFix 11-07-22.02 - Cong Tam Tran 22.07.2011 19:44:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3069.1710 [GMT 2:00]

Kjører fra: c:\users\Cong Tam Tran\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com\Updater\Updater.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

c:\program files\Common Files\Java\Java Update\jusched.exe

c:\program files\DivX\DivX Update\DivXUpdate.exe

c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

c:\program files\QuickTime\QTTask.exe

c:\program files\Windows Live\Messenger\msnmsgr.exe

c:\users\Cong Tam Tran\Desktop\Malwarebytes' Anti-Malware\mbam .exe

c:\users\Cong Tam Tran\Desktop\Malwarebytes' Anti-Malware\mbam.exe

c:\windows\PixArt\PAC207\Monitor.exe

c:\windows\system32\config\systemprofile\AppData\Local\mcradic.dll

c:\windows\system32\no

c:\windows\system32\no\AuthFWSnapIn.Resources.dll

c:\windows\system32\no\AuthFWWizFwk.Resources.dll

c:\windows\system32\no\Narrator.resources.dll

f:\programmer\iTunesHelper.exe

f:\programmer\Malwarebytes' Anti-Malware\mbam.exe

.

 <pre>
c:\program files\Ask.com\Updater\Updater .exe --->c:\program files\Ask.com\Updater\Updater.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe --->c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files\Common Files\Java\Java Update\jusched .exe --->c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DivX\DivX Update\DivXUpdate .exe --->c:\program files\DivX\DivX Update\DivXUpdate.exe
c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader .exe --->c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
c:\program files\QuickTime\QTTask .exe --->c:\program files\QuickTime\QTTask.exe
c:\program files\Windows Live\Messenger\msnmsgr .exe --->c:\program files\Windows Live\Messenger\msnmsgr.exe
</pre> 

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-06-22 til 2011-07-22 )))))))))))))))))))))))))))))))))

.

.

2011-07-22 17:50 . 2011-07-22 17:50 -------- d-----w- c:\users\Cong Tam Tran\AppData\Local\temp

2011-07-22 17:50 . 2011-07-22 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-22 17:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 17:03 . 2011-07-22 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 17:03 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-21 17:05 . 2011-07-22 17:10 -------- d-----w- c:\programdata\hI01602FaCeP01602

2011-07-21 17:05 . 2011-07-21 17:05 -------- d-----w- c:\windows\Sun

2011-07-14 17:14 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 17:14 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-14 17:14 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-06-29 10:55 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:58 . 2011-06-18 06:48 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 12:49 . 2011-06-18 06:48 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 12:49 . 2011-06-18 06:48 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 12:49 . 2011-06-18 06:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 12:49 . 2011-06-18 06:47 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 12:49 . 2011-06-18 06:47 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

<pre>
c:\windows\PixArt\Pac207\Monitor .exe
c:\windows\WindowsMobile\wmdSync .exe
</pre>

.

[Dr.Geek]

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800

 

Skanntype: Hurtigsøk

 

 

Hai,

 

Malwarebytes viser en sterk infisert system. Loggene viser også at ditt system ikke er updatet.

 

Gjør følgende:

 

> Gjennomfør en Fullstendig Søk/Scan med Malwarebytes Anti Malware, fjern funnene og post logg.

 

> Post hele loggen av ditt scan med Combofix. Loggen som du postet er ikke fullstendig.

 

> Scan med disse spesielle scanner, fjern funnene og post alle logger:

 

http://support.kaspersky.com/faq/?qid=208280684

http://www.surfright.nl/en (HitmanPro)

 

Etter det gjennomfør et Windows Update og et Updatescan med Secunia> http://secunia.com/vulnerability_scanning/personal/ Update all Software

[MathiasN1]

MBAM FULL SKANN

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Databaseversjon: 7327

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

30.07.2011 20:32:03

mbam-log-2011-07-30 (20-32-03).txt

 

Skanntype: Full skann (C:\|D:\|F:\|)

Objekter skannet: 371347

Tid tilbakelagt: 1 time®, 11 minutt(er), 57 sekund(er)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 2

 

Minneprosesser infisert:

c:\Windows\temp\CDE9.tmp (Trojan.Downloader) -> 2328 -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4 (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41\7b8b18e9-1e10fd4f (Trojan.Downloader.MB) -> Quarantined and deleted successfully.

c:\Windows\temp\CDE9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

COMBOFIX

 

ComboFix 11-07-22.02 - 22.07.2011 19:44:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3069.1710 [GMT 2:00]

Kjører fra: c:\users\Cong Tam Tran\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com\Updater\Updater.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

c:\program files\Common Files\Java\Java Update\jusched.exe

c:\program files\DivX\DivX Update\DivXUpdate.exe

c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

c:\program files\QuickTime\QTTask.exe

c:\program files\Windows Live\Messenger\msnmsgr.exe

c:\users\Cong Tam Tran\Desktop\Malwarebytes' Anti-Malware\mbam .exe

c:\users\Cong Tam Tran\Desktop\Malwarebytes' Anti-Malware\mbam.exe

c:\windows\PixArt\PAC207\Monitor.exe

c:\windows\system32\config\systemprofile\AppData\Local\mcradic.dll

c:\windows\system32\no

c:\windows\system32\no\AuthFWSnapIn.Resources.dll

c:\windows\system32\no\AuthFWWizFwk.Resources.dll

c:\windows\system32\no\Narrator.resources.dll

f:\programmer\iTunesHelper.exe

f:\programmer\Malwarebytes' Anti-Malware\mbam.exe

.

 <pre>
c:\program files\Ask.com\Updater\Updater .exe --->c:\program files\Ask.com\Updater\Updater.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe --->c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files\Common Files\Java\Java Update\jusched .exe --->c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DivX\DivX Update\DivXUpdate .exe --->c:\program files\DivX\DivX Update\DivXUpdate.exe
c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader .exe --->c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
c:\program files\QuickTime\QTTask .exe --->c:\program files\QuickTime\QTTask.exe
c:\program files\Windows Live\Messenger\msnmsgr .exe --->c:\program files\Windows Live\Messenger\msnmsgr.exe
</pre> 

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-06-22 til 2011-07-22 )))))))))))))))))))))))))))))))))

.

.

2011-07-22 17:50 . 2011-07-22 17:50 -------- d-----w- c:\users\Cong Tam Tran\AppData\Local\temp

2011-07-22 17:50 . 2011-07-22 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-22 17:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 17:03 . 2011-07-22 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 17:03 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-21 17:05 . 2011-07-22 17:10 -------- d-----w- c:\programdata\hI01602FaCeP01602

2011-07-21 17:05 . 2011-07-21 17:05 -------- d-----w- c:\windows\Sun

2011-07-14 17:14 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-07-14 17:14 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-14 17:14 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-06-29 10:55 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:58 . 2011-06-18 06:48 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 12:49 . 2011-06-18 06:48 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 12:49 . 2011-06-18 06:48 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 12:49 . 2011-06-18 06:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 12:49 . 2011-06-18 06:47 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 12:49 . 2011-06-18 06:47 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

<pre>
c:\windows\PixArt\Pac207\Monitor .exe
c:\windows\WindowsMobile\wmdSync .exe
</pre>

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

2011-01-17 14:54 175912 ----a-w- c:\program files\TVersitybar\prxtbTVe0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2011-07-22 39428]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"iTunesHelper"="f:\programmer\iTunesHelper.exe" [N/A]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"Malwarebytes Anti-Malware (reboot)"="f:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [N/A]

"Malwarebytes' Anti-Malware (reboot)"="c:\users\Cong Tam Tran\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Cong Tam Tran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\users\Cong Tam Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Cong Tam Tran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\users\Cong Tam Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

f:\programmer\iTunesHelper.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-02-20 20:44 1242448 ----a-w- f:\programmer\Steam.exe

.

R0 ibqu;ibqu;c:\windows\System32\drivers\shdpjsw.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 135664]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 135664]

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Akamai REG_MULTI_SZ Akamai

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:30]

.

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:30]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.se/ig/dell?hl=en&client=dell-row&channel=se&ibd=5090130

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Cong Tam Tran\AppData\Roaming\Mozilla\Firefox\Profiles\o863sen5.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: YouTube mp3: [email protected] - %profile%\extensions\[email protected]

FF - Ext: TVersitybar Community Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - %profile%\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}

FF - Ext: Foxit PDF Creator Toolbar: [email protected] - %profile%\extensions\[email protected]

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - TOMME PEKERE FJERNET - - - -

.

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - f:\programmer\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-22 19:50

Windows 6.0.6001 Service Pack 1 NTFS

.

skanner skjulte prosesser ...

.

skanner skjulte autostart-oppføringer ...

.

skanner skjulte filer ...

.

skanning vellykket

skjulte filer: 0

.

**************************************************************************

.

Tidspunkt ferdig: 2011-07-22 19:53:38

ComboFix-quarantined-files.txt 2011-07-22 17:53

.

Pre-Run: 205 779 972 096 byte ledig

Post-Run: 205 730 594 816 byte ledig

.

- - End Of File - - CB268C9EA566A9790D2C7574FF8899B9

 

 

 

 

TDSKILLER

 

20:37:10.0157 3092 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/07/30 20:37:10.0282 3092 ================================================================================

2011/07/30 20:37:10.0282 3092 SystemInfo:

2011/07/30 20:37:10.0282 3092

2011/07/30 20:37:10.0282 3092 OS Version: 6.0.6001 ServicePack: 1.0

2011/07/30 20:37:10.0282 3092 Product type: Workstation

2011/07/30 20:37:10.0282 3092 ComputerName: CONGTAMTRAN-PC

2011/07/30 20:37:10.0282 3092 UserName: Cong Tam Tran

2011/07/30 20:37:10.0282 3092 Windows directory: C:\Windows

2011/07/30 20:37:10.0282 3092 System windows directory: C:\Windows

2011/07/30 20:37:10.0282 3092 Processor architecture: Intel x86

2011/07/30 20:37:10.0282 3092 Number of processors: 2

2011/07/30 20:37:10.0282 3092 Page size: 0x1000

2011/07/30 20:37:10.0282 3092 Boot type: Normal boot

2011/07/30 20:37:10.0282 3092 ================================================================================

2011/07/30 20:37:11.0265 3092 Initialize success

2011/07/30 20:37:26.0288 1876 ================================================================================

2011/07/30 20:37:26.0288 1876 Scan started

2011/07/30 20:37:26.0288 1876 Mode: Manual;

2011/07/30 20:37:26.0288 1876 ================================================================================

2011/07/30 20:37:27.0130 1876 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys

2011/07/30 20:37:27.0193 1876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/07/30 20:37:27.0364 1876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/07/30 20:37:27.0551 1876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/07/30 20:37:27.0598 1876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/07/30 20:37:27.0723 1876 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

2011/07/30 20:37:27.0785 1876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/07/30 20:37:27.0848 1876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/30 20:37:27.0910 1876 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/07/30 20:37:27.0941 1876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/07/30 20:37:28.0019 1876 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/07/30 20:37:28.0051 1876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/07/30 20:37:28.0082 1876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/07/30 20:37:28.0160 1876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/07/30 20:37:28.0207 1876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/07/30 20:37:28.0472 1876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/30 20:37:28.0550 1876 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

2011/07/30 20:37:28.0721 1876 atikmdag (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/30 20:37:28.0862 1876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/07/30 20:37:28.0909 1876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/07/30 20:37:28.0955 1876 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/30 20:37:28.0987 1876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/30 20:37:29.0018 1876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/30 20:37:29.0080 1876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/30 20:37:29.0127 1876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/30 20:37:29.0470 1876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/30 20:37:29.0548 1876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/30 20:37:29.0579 1876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/30 20:37:29.0782 1876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/30 20:37:29.0798 1876 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/30 20:37:29.0845 1876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/07/30 20:37:29.0876 1876 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys

2011/07/30 20:37:29.0923 1876 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/07/30 20:37:29.0938 1876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

2011/07/30 20:37:29.0954 1876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/07/30 20:37:29.0985 1876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/07/30 20:37:30.0110 1876 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

2011/07/30 20:37:30.0172 1876 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/07/30 20:37:30.0203 1876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/07/30 20:37:30.0250 1876 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/30 20:37:30.0359 1876 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/07/30 20:37:30.0422 1876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/30 20:37:30.0484 1876 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/07/30 20:37:30.0547 1876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/07/30 20:37:30.0625 1876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/07/30 20:37:30.0718 1876 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/07/30 20:37:30.0734 1876 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/07/30 20:37:30.0796 1876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/30 20:37:30.0827 1876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/07/30 20:37:30.0859 1876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/07/30 20:37:30.0905 1876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/30 20:37:30.0937 1876 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/07/30 20:37:30.0968 1876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/30 20:37:30.0999 1876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/30 20:37:31.0046 1876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/30 20:37:31.0108 1876 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/07/30 20:37:31.0139 1876 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/30 20:37:31.0186 1876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/30 20:37:31.0264 1876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/30 20:37:31.0342 1876 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/30 20:37:31.0373 1876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/07/30 20:37:31.0436 1876 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/30 20:37:31.0483 1876 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys

2011/07/30 20:37:31.0545 1876 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2011/07/30 20:37:31.0592 1876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/07/30 20:37:31.0654 1876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/30 20:37:31.0717 1876 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

2011/07/30 20:37:31.0763 1876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/07/30 20:37:31.0873 1876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/30 20:37:31.0951 1876 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/30 20:37:32.0013 1876 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

2011/07/30 20:37:32.0060 1876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/30 20:37:32.0091 1876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/30 20:37:32.0138 1876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/30 20:37:32.0169 1876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/30 20:37:32.0231 1876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/07/30 20:37:32.0278 1876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/07/30 20:37:32.0372 1876 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/30 20:37:32.0528 1876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/30 20:37:32.0575 1876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/30 20:37:32.0621 1876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/30 20:37:32.0684 1876 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/30 20:37:32.0762 1876 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/30 20:37:32.0824 1876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/30 20:37:32.0887 1876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/30 20:37:32.0965 1876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/30 20:37:33.0027 1876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/30 20:37:33.0058 1876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/07/30 20:37:33.0089 1876 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/07/30 20:37:33.0121 1876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/07/30 20:37:33.0214 1876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/07/30 20:37:33.0292 1876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/07/30 20:37:33.0323 1876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/30 20:37:33.0370 1876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/30 20:37:33.0479 1876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/30 20:37:33.0495 1876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/07/30 20:37:33.0604 1876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/07/30 20:37:33.0791 1876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/30 20:37:33.0854 1876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/30 20:37:33.0901 1876 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/07/30 20:37:33.0947 1876 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/30 20:37:33.0963 1876 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/30 20:37:33.0994 1876 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/30 20:37:34.0025 1876 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

2011/07/30 20:37:34.0041 1876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/07/30 20:37:34.0088 1876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/07/30 20:37:34.0166 1876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/07/30 20:37:34.0275 1876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/30 20:37:34.0353 1876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/30 20:37:34.0384 1876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/07/30 20:37:34.0415 1876 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/07/30 20:37:34.0447 1876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/30 20:37:34.0603 1876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/07/30 20:37:34.0696 1876 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/07/30 20:37:34.0743 1876 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/30 20:37:34.0805 1876 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

2011/07/30 20:37:34.0837 1876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/30 20:37:34.0852 1876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/30 20:37:35.0227 1876 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/30 20:37:35.0258 1876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/07/30 20:37:35.0273 1876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/30 20:37:35.0320 1876 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/30 20:37:35.0383 1876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/30 20:37:35.0476 1876 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/07/30 20:37:35.0507 1876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/30 20:37:35.0570 1876 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/07/30 20:37:35.0617 1876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/30 20:37:35.0648 1876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/07/30 20:37:35.0679 1876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/07/30 20:37:35.0710 1876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/07/30 20:37:35.0741 1876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/07/30 20:37:35.0866 1876 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/07/30 20:37:35.0975 1876 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS

2011/07/30 20:37:36.0038 1876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/07/30 20:37:36.0069 1876 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/07/30 20:37:36.0100 1876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/07/30 20:37:36.0147 1876 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/07/30 20:37:36.0256 1876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/07/30 20:37:36.0287 1876 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/30 20:37:36.0350 1876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/30 20:37:36.0490 1876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/30 20:37:36.0506 1876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/07/30 20:37:36.0568 1876 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/30 20:37:36.0646 1876 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2011/07/30 20:37:36.0740 1876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/07/30 20:37:36.0787 1876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/30 20:37:36.0833 1876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/30 20:37:36.0958 1876 R300 (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/30 20:37:37.0083 1876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/30 20:37:37.0114 1876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/30 20:37:37.0145 1876 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/30 20:37:37.0161 1876 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/30 20:37:37.0192 1876 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/30 20:37:37.0208 1876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/30 20:37:37.0270 1876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/07/30 20:37:37.0286 1876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/30 20:37:37.0333 1876 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/07/30 20:37:37.0567 1876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/30 20:37:37.0613 1876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/30 20:37:37.0660 1876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/30 20:37:37.0691 1876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/07/30 20:37:37.0738 1876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/07/30 20:37:37.0769 1876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/07/30 20:37:37.0816 1876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/07/30 20:37:37.0863 1876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/30 20:37:37.0894 1876 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/30 20:37:37.0910 1876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/30 20:37:37.0941 1876 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys

2011/07/30 20:37:37.0988 1876 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2011/07/30 20:37:38.0035 1876 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2011/07/30 20:37:38.0159 1876 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys

2011/07/30 20:37:38.0300 1876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/07/30 20:37:38.0331 1876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/07/30 20:37:38.0362 1876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/07/30 20:37:38.0471 1876 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/07/30 20:37:38.0549 1876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/07/30 20:37:38.0768 1876 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

2011/07/30 20:37:38.0924 1876 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/30 20:37:39.0017 1876 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/30 20:37:39.0111 1876 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys

2011/07/30 20:37:39.0189 1876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/30 20:37:39.0314 1876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/30 20:37:39.0345 1876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/30 20:37:39.0407 1876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/30 20:37:39.0595 1876 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2011/07/30 20:37:39.0907 1876 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/30 20:37:40.0219 1876 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/30 20:37:40.0265 1876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/07/30 20:37:40.0312 1876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/07/30 20:37:40.0343 1876 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/30 20:37:40.0390 1876 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/30 20:37:40.0546 1876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/30 20:37:40.0609 1876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/30 20:37:40.0640 1876 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/30 20:37:40.0702 1876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/07/30 20:37:40.0733 1876 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/30 20:37:40.0811 1876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/30 20:37:40.0858 1876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/07/30 20:37:40.0874 1876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/30 20:37:40.0889 1876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/30 20:37:40.0921 1876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/30 20:37:40.0999 1876 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/07/30 20:37:41.0045 1876 usbccgp (79a58d49e042e80f1909d8ed0a3c47a8) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/30 20:37:41.0092 1876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/30 20:37:41.0139 1876 usbehci (8bd8e10a930235a67a10346d5f5029e2) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/30 20:37:41.0186 1876 usbhub (5146760ca7ea58e4dd5e2e1d418d7011) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/30 20:37:41.0248 1876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/07/30 20:37:41.0295 1876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/30 20:37:41.0357 1876 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/30 20:37:41.0389 1876 usbuhci (0d815d51fd8ea5f9cb6b85c122cddbf6) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/30 20:37:41.0467 1876 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/07/30 20:37:41.0545 1876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/30 20:37:41.0576 1876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/07/30 20:37:41.0591 1876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/07/30 20:37:41.0654 1876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/07/30 20:37:41.0685 1876 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/07/30 20:37:41.0701 1876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/07/30 20:37:41.0732 1876 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/07/30 20:37:41.0747 1876 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/07/30 20:37:41.0779 1876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/07/30 20:37:41.0981 1876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/30 20:37:42.0044 1876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/30 20:37:42.0059 1876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/30 20:37:42.0122 1876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/07/30 20:37:42.0184 1876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/30 20:37:42.0340 1876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/30 20:37:42.0465 1876 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/30 20:37:42.0527 1876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/30 20:37:42.0590 1876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/30 20:37:42.0652 1876 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

2011/07/30 20:37:42.0668 1876 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/30 20:37:42.0683 1876 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1

2011/07/30 20:37:49.0703 1876 Boot (0x1200) (dcb9790ee97081109b07d4f2bdc7d3e5) \Device\Harddisk0\DR0\Partition0

2011/07/30 20:37:49.0735 1876 Boot (0x1200) (bbc3ab672622d0c0e6bc20806172a7a0) \Device\Harddisk0\DR0\Partition1

2011/07/30 20:37:49.0766 1876 Boot (0x1200) (65902503680a4dd213f4d16684f4be34) \Device\Harddisk1\DR1\Partition0

2011/07/30 20:37:49.0766 1876 ================================================================================

2011/07/30 20:37:49.0766 1876 Scan finished

2011/07/30 20:37:49.0766 1876 ================================================================================

2011/07/30 20:37:49.0797 0796 Detected object count: 1

2011/07/30 20:37:49.0797 0796 Actual detected object count: 1

2011/07/30 20:38:16.0723 0796 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/30 20:38:16.0723 0796 \Device\Harddisk0\DR0 - ok

2011/07/30 20:38:16.0723 0796 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/30 20:38:22.0994 3952 Deinitialize success

[Dr.Geek]

Hai

 

Du hadde infisert MBR (TDSS Killer viser det) og CF viser Rookit Driver > shdpjsw.sys

Dette er veldig dype og vaskelige infeksjoner.

 

Jeg anbefaler her pä det sterkeste at du installerer Windows pä nytt og skriver MBR ny, i denne prosessen + formater alle Hardisker og USB Medier som var tilkoblet til det infiserte systemet.

Etter det forandrer alle passord!

 

Maskinen din egner seg i denne tilstanden IKKE til Online Banking/Online Kjöp...

 

Vil du heller rense, gjör som nede beskrevet. Dette skjer pä eget ansvar og garantere IKKE en 100% clean maskin!

 

1.

Start Notepad und kopier akkurat denne teksten in det hvite feltet:

 

KILL ALL::

 

Driver::

ibqu

 

Files::

c:\windows\System32\drivers\shdpjsw.sys

c:\programdata\hI01602FaCeP01602

 

 

1. Lagre denne filen med navn: cfscript.txt pä ditt desktop

 

2. Deaktiver din Antivirus Guard + Firewall.

 

3. Klikk pä filen og dra denne pä Combofix symbolet, som ligger pä ditt desktop. (se vedlagt bilde)

 

4. Combofix starter og scanner. Post loggen av scan.

 

 

2. Scan med HitmanPro. > http://www.surfright.nl/en Post log

 

3. Post OTL Log (Fjern brukernavn og personlig info fra det)

>

Download OTL to your desktop.

[*]Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

[*]When the window appears, underneath Output at the top change it to Minimal Output.

[*]Under the Standard Registry box change it to All.

[*]Check the boxes beside LOP Check and Purity Check.

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.