Jump to content

epoclick.com redirect


Januar

Recommended Posts

Sorry if I walk into this discussion. But I have exactly the same problem.

I am on WindowsXP and something cause my browser to redirect to epoclick.com occasionaly. Furthermore certain websites are blocked. This is the case for this forum too, and I could only access this thread form a different PC.

My virus scanner is not showing anything. The redirects are independent of browser (happen on IE, FF, and Safari).

Can I follow the instructions in this thread too and post the results or will thsi mix things up for you?

Link to post
Share on other sites

My DDS log

DDS (Ver_10-10-10.03) - NTFSx86  
Run by d at 21:21:19,13 on 19.10.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional removed [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Programme\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Tablett\TabUserW.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Safari\Safari.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOKUME~1\d\LOKALE~1\Temp\8kva63ot.tmp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\System32\browseui.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IBP]
uRun: [ibmmessages] c:\programme\ibm\messages by ibm\ibmmessages.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
mRun: [S3TRAY2] S3Tray2.exe
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\programme\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [UC_Start] c:\programme\ibm\updater\\ucstartup.exe
mRun: [UC_SMB]
mRun: [UpdateManager] "c:\programme\gemeinsame dateien\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [ibmmessages] c:\programme\ibm\messages by ibm\\ibmmessages.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCTRAY] c:\programme\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\programme\thinkpad\connectutilities\QCWLICON.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\programme\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [USSShReg] c:\progra~1\uleads~1\uleadp~1.2\ssaver\Ussshreg.exe /r
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\acroba~1.lnk - c:\programme\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\kodake~1.lnk - c:\programme\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tablett.lnk - c:\programme\tablett\TabUserW.exe
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: Google AdSense Preview-Tool - http://pagead2.googlesyndication.com/pagead/preview/de/preview.html
IE: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {9239E4EC-C9A6-11D2-A844-00C04F68D538}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1643D4D8-B8BE-4D59-BE8B-ADC381F46964} - hxxp://www.hebogo.com/ActiveX/cMcrinterkey.CAB
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} - hxxp://www.koreatimes.co.kr/www/TTS/App/Downloader.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lendingclub.webex.com/client/T27L/nbr/ieatgpc.cab
TCP: NameServer = 93.188.164.125,93.188.160.205
TCP: {B9419BB7-73C8-4FBC-8197-DC74A0E59B63} = 93.188.164.125,93.188.160.205
TCP: {D3457643-A77B-4302-B510-B8A76E8AF8E4} = 93.188.164.125,93.188.160.205
Notify: AtiExtEvent - Ati2evxx.dll
Notify: QConGina - QConGina.dll
LSA: Notification Packages = scecli pwdmon

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\d\anwend~1\mozilla\firefox\profiles\fsqwcx3v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - component: c:\dokumente und einstellungen\d\anwendungsdaten\mozilla\firefox\profiles\fsqwcx3v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\programme\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\programme\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2009-5-20 11608]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-12-10 16384]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2009-5-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2009-5-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-20 56816]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2005-1-21 15104]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-2-17 135664]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2003-2-25 802683]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2004-12-10 12288]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-1-19 15576]

=============== Created Last 30 ================

2010-10-14 14:14:47 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 14:14:47 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 14:14:47 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 14:14:37 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 10:22:58 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52:56 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:52:56 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:17:09 672768 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:17:08 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:17:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:13:42 371200 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:50:43 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54:46 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:36 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:11:49 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44:05 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 21:23:10,15 ===============

Link to post
Share on other sites

Sorry if I walk into this discussion. But I have exactly the same problem.

I am on WindowsXP and something cause my browser to redirect to epoclick.com occasionaly. Furthermore certain websites are blocked. This is the case for this forum too, and I could only access this thread form a different PC.

My virus scanner is not showing anything. The redirects are independent of browser (happen on IE, FF, and Safari).

Can I follow the instructions in this thread too and post the results or will thsi mix things up for you?

ME, TOO. I just recently started getting these redirects. The epoclick.com page comes up a lot. As well as others.

Is this the same thing as the "Google Redirect Virus"?

How do we get rid of this?? I ran a full Malwarebytes scan and it did not get rid of the problem.

Suggestions, anyone?

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

Hi LTDate,

first many thanks for helping me

TDSS log

2010/10/20 10:01:05.0872	TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/20 10:01:05.0872 ===========================================================================
=====
2010/10/20 10:01:05.0872 SystemInfo:
2010/10/20 10:01:05.0872
2010/10/20 10:01:05.0872 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/20 10:01:05.0872 Product type: Workstation
2010/10/20 10:01:05.0872 ComputerName: ARBEIT1
2010/10/20 10:01:05.0872 UserName: Claus
2010/10/20 10:01:05.0872 Windows directory: C:\WINDOWS
2010/10/20 10:01:05.0872 System windows directory: C:\WINDOWS
2010/10/20 10:01:05.0872 Processor architecture: Intel x86
2010/10/20 10:01:05.0872 Number of processors: 1
2010/10/20 10:01:05.0872 Page size: 0x1000
2010/10/20 10:01:05.0872 Boot type: Normal boot
2010/10/20 10:01:05.0872 ===========================================================================
=====
2010/10/20 10:01:06.0373 Initialize success
2010/10/20 10:01:12.0752 ===========================================================================
=====
2010/10/20 10:01:12.0752 Scan started
2010/10/20 10:01:12.0752 Mode: Manual;
2010/10/20 10:01:12.0752 ===========================================================================
=====
2010/10/20 10:01:13.0253 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/10/20 10:01:13.0303 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/10/20 10:01:13.0403 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/20 10:01:13.0473 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/20 10:01:13.0543 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/10/20 10:01:13.0613 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/10/20 10:01:13.0693 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/20 10:01:13.0753 AegisP (18309916da01042606b4a5ec8f60b447) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/20 10:01:13.0834 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/20 10:01:13.0894 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/20 10:01:13.0954 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/10/20 10:01:14.0104 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/10/20 10:01:14.0144 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/10/20 10:01:14.0204 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/10/20 10:01:14.0284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/10/20 10:01:14.0334 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/10/20 10:01:14.0384 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/10/20 10:01:14.0434 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/10/20 10:01:14.0515 ANC (5417e15f1da94d4ca01f99a6454413b0) C:\WINDOWS\system32\drivers\ANC.SYS
2010/10/20 10:01:14.0625 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/20 10:01:14.0725 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/10/20 10:01:14.0785 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/10/20 10:01:14.0845 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/10/20 10:01:14.0965 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/20 10:01:15.0115 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/20 10:01:15.0206 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/20 10:01:15.0356 ati2mtag (30fc6fa3492320f067c9e6d17a7411a3) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/20 10:01:15.0446 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/20 10:01:15.0536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/20 10:01:15.0686 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/20 10:01:15.0776 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/20 10:01:15.0917 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/20 10:01:15.0987 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/20 10:01:16.0097 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2010/10/20 10:01:16.0197 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/10/20 10:01:16.0237 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/20 10:01:16.0287 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/10/20 10:01:16.0357 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/20 10:01:16.0447 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/20 10:01:16.0497 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/20 10:01:16.0598 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/20 10:01:16.0638 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/10/20 10:01:16.0688 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/20 10:01:16.0808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/10/20 10:01:16.0958 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/10/20 10:01:17.0018 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/10/20 10:01:17.0108 DcCam (6f9ea0f7edd83a67b52482df721a5fa4) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2010/10/20 10:01:17.0188 DcFpoint (cbb5f72a33fa4013acd8e9a2382e898b) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2010/10/20 10:01:17.0309 DCFS2K (8214bfcbcf2ed5751b1db9288dae88ca) C:\WINDOWS\system32\drivers\dcfs2k.sys
2010/10/20 10:01:17.0349 DcLps (b4b9ed249a335aba7afd7dd71917be69) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2010/10/20 10:01:17.0399 DcPTP (4ec04b31ac8870e9cb1c5379c54ee49d) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2010/10/20 10:01:17.0739 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/20 10:01:18.0010 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/20 10:01:18.0460 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/20 10:01:18.0681 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/20 10:01:18.0831 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/20 10:01:19.0261 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/10/20 10:01:19.0392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/20 10:01:19.0482 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/20 10:01:19.0552 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/20 10:01:19.0642 E1000 (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/10/20 10:01:19.0782 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/20 10:01:19.0902 Exportit (6ee877616dcbd14fe34807bcd4418289) C:\WINDOWS\system32\DRIVERS\exportit.sys
2010/10/20 10:01:19.0982 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/20 10:01:20.0063 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/20 10:01:20.0123 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/20 10:01:20.0213 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/20 10:01:20.0273 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/20 10:01:20.0323 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/20 10:01:20.0383 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/20 10:01:20.0513 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/20 10:01:20.0593 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/20 10:01:20.0703 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/10/20 10:01:20.0864 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/10/20 10:01:21.0004 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/20 10:01:21.0134 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/20 10:01:21.0244 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/20 10:01:21.0304 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/10/20 10:01:21.0354 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/20 10:01:21.0425 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/10/20 10:01:21.0575 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/10/20 10:01:21.0645 IBMTPCHK (df674a176eb71300c4e01720a4cbfc57) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2010/10/20 10:01:21.0705 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/20 10:01:21.0775 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/10/20 10:01:21.0845 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/10/20 10:01:21.0895 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/20 10:01:21.0935 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/20 10:01:21.0995 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/20 10:01:22.0075 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/20 10:01:22.0136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/20 10:01:22.0206 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/20 10:01:22.0276 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/20 10:01:22.0316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/20 10:01:22.0406 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/20 10:01:22.0446 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/20 10:01:22.0526 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/20 10:01:22.0696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/20 10:01:22.0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/20 10:01:23.0017 LucentSoftModem (dd226891303d5118648ad4b911f37822) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2010/10/20 10:01:23.0117 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/20 10:01:23.0207 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/20 10:01:23.0267 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/20 10:01:23.0357 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/20 10:01:23.0548 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/20 10:01:23.0598 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/20 10:01:23.0658 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/10/20 10:01:23.0728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/20 10:01:23.0838 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/20 10:01:23.0928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/20 10:01:23.0978 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/20 10:01:24.0058 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/20 10:01:24.0098 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/20 10:01:24.0289 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/20 10:01:24.0339 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/20 10:01:24.0419 MXOFX (799a99d21e72023ee5adb28ae424efc8) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
2010/10/20 10:01:24.0489 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/20 10:01:24.0549 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/20 10:01:24.0599 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/20 10:01:24.0659 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/20 10:01:24.0699 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/20 10:01:24.0759 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/20 10:01:24.0829 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/20 10:01:24.0950 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/20 10:01:25.0030 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/20 10:01:25.0110 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/10/20 10:01:25.0210 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/20 10:01:25.0440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/20 10:01:25.0490 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/20 10:01:25.0550 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/20 10:01:25.0631 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/20 10:01:25.0711 P3 (a7af0c0860f1c43fc6581ba8a99eabef) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/20 10:01:25.0791 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/20 10:01:25.0831 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/20 10:01:25.0891 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/20 10:01:25.0941 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/20 10:01:26.0091 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/20 10:01:26.0151 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/20 10:01:26.0382 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\Penclass.sys
2010/10/20 10:01:26.0442 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/10/20 10:01:26.0512 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/10/20 10:01:26.0682 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2010/10/20 10:01:26.0752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/20 10:01:26.0832 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/20 10:01:26.0912 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2010/10/20 10:01:26.0993 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/20 10:01:27.0063 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/20 10:01:27.0133 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/20 10:01:27.0223 QCNDISIF (c854eb3a54aae73046d187a77f54efc5) C:\WINDOWS\system32\drivers\qcndisif.SYS
2010/10/20 10:01:27.0293 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/10/20 10:01:27.0383 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/10/20 10:01:27.0433 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/10/20 10:01:27.0493 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/10/20 10:01:27.0643 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/10/20 10:01:27.0684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/20 10:01:27.0754 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/20 10:01:27.0844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/20 10:01:27.0894 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/20 10:01:27.0944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/20 10:01:28.0004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/20 10:01:28.0054 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/20 10:01:28.0134 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/20 10:01:28.0204 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/20 10:01:28.0274 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/20 10:01:28.0405 s24trans (49b4b6a0f04ef8578e9a3f2915a84ac9) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/10/20 10:01:28.0455 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
2010/10/20 10:01:28.0525 S6U12BScanner (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\drivers\usbscan.sys
2010/10/20 10:01:28.0685 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/20 10:01:28.0765 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/20 10:01:28.0895 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/20 10:01:29.0015 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/20 10:01:29.0086 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/20 10:01:29.0176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/10/20 10:01:29.0246 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2010/10/20 10:01:29.0336 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2010/10/20 10:01:29.0386 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
2010/10/20 10:01:29.0486 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/10/20 10:01:29.0556 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/10/20 10:01:29.0646 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/20 10:01:29.0716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/10/20 10:01:29.0797 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/20 10:01:29.0977 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/20 10:01:30.0097 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/20 10:01:30.0157 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/20 10:01:30.0257 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/20 10:01:30.0317 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/20 10:01:30.0397 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/20 10:01:30.0488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/20 10:01:30.0588 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/10/20 10:01:30.0658 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/10/20 10:01:30.0728 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/10/20 10:01:30.0788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/10/20 10:01:30.0928 SynTP (9f21fcb5a5bbc7d730018f6b61f638cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/20 10:01:30.0988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/20 10:01:31.0128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/20 10:01:31.0209 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/20 10:01:31.0299 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/10/20 10:01:31.0399 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/20 10:01:31.0439 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/20 10:01:31.0549 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/20 10:01:31.0699 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/20 10:01:31.0739 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/20 10:01:31.0799 tfsndres (b4fb34f46971e56ccd8b8ac6936add58) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/20 10:01:31.0860 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/20 10:01:31.0940 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/20 10:01:32.0000 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/20 10:01:32.0080 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/20 10:01:32.0150 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/20 10:01:32.0280 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/10/20 10:01:32.0350 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2010/10/20 10:01:32.0420 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
2010/10/20 10:01:32.0480 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/10/20 10:01:32.0551 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2010/10/20 10:01:32.0631 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/20 10:01:32.0761 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/10/20 10:01:32.0841 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/20 10:01:32.0931 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/20 10:01:32.0981 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/20 10:01:33.0071 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/20 10:01:33.0151 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/20 10:01:33.0252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/20 10:01:33.0292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/20 10:01:33.0342 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/20 10:01:33.0402 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/10/20 10:01:33.0482 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/10/20 10:01:33.0542 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/20 10:01:33.0812 w22n51 (5bc494442773035da902ab30cdca11e7) C:\WINDOWS\system32\DRIVERS\w22n51.sys
2010/10/20 10:01:34.0163 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/20 10:01:34.0293 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
2010/10/20 10:01:34.0353 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/20 10:01:34.0503 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/20 10:01:34.0934 ===========================================================================
=====
2010/10/20 10:01:34.0934 Scan finished
2010/10/20 10:01:34.0934 ===========================================================================
=====
2010/10/20 10:01:42.0675 Deinitialize success

Link to post
Share on other sites

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

I completed the to dos listed above.

It seems to have solved two things:

1) I can now access this forum from my computer (before I had to use a different PC)

2) Since then no redirects (to epoclick.com) have been happening any more, so I hope they are gone for good

Furthermore the browser load and display all pages noticeably faster

There is still one issue

Happens only in FF (works in IE)

3) On about 5 to 10% of webpages FF stalls permanently. The browser starts loading the page and then stalls

while displaying in the status bar that it loads data from google-analytics.com

The browser in total is still reacting (I can open other tabs and surf there)

This are well known webpages so I doubt that the issue lies on their side

While I could just deinstall FF and use other browser I feel uneasy about this, especially since users with the epoclick problem report the same issues with the stalling and displaying google-analytics.com in the status bar.

Therefor I fear part of the infection still remains on my PC.

Here is the Combofix log:

ComboFix 10-10-19.04 - Claus 20.10.2010 19:40:02.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.511.347 [GMT 2:00]

ausgef

Link to post
Share on other sites

Couple things to try:

To empty the cache in firefox

1. click on tools > options

2. click on the Privacy button on the left side of the window

3. click the "Clear All" button to clear all cached items or select individual items to clear by clicking on individual "Clear" buttons (History, Saved Information, Saved Passwords, Download Manager History, Cookies, Cache)

Disable Add-Ons

http://www.watchingthenet.com/firefox-tip-...ng-add-ons.html

Link to post
Share on other sites

Couple things to try:

To empty the cache in firefox

1. click on tools > options

2. click on the Privacy button on the left side of the window

3. click the "Clear All" button to clear all cached items or select individual items to clear by clicking on individual "Clear" buttons (History, Saved Information, Saved Passwords, Download Manager History, Cookies, Cache)

Thanks, that solved that.

Many, many, many thanks for helping me.

So is that it? Or is there something else I should check to make sure?

Link to post
Share on other sites

We need to uninstall combofix.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.