Jump to content

max3d

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. max3d
    hm, on checking MBAM the ignore list is empty again. It was there and I would have sworn I didn´t change it. Another question: are browser stored passwords readable for an attacker?
  2. max3d
    I will Maurice and will turn on email notifications. Missed that. I have read all the links and understand that I will need to reformat to be sure. To do so I need to make backups of all data. Would these be safe? I have a separate data disk without any executables. Also I suddenly noticed a new problems. The scans are still clean (but I understand from the provided links this is no longer 100% reliable) but suddenly (two days ago) Chrome stopped opening most websites. Not all though, for instance G+ still works. The error is always the same: it takes ages to load the site fully and then it says ´took to long, do you want to wait etc." The same sites can be opened in FireFox and IE. I checked the MBAM settings and it suddenly had one site in the ignore list. I haven´t added it, but on doing a reverse ping it said it was the openx.org site which seems innocent. However when I run a tracert to that exact IP address 173.241.240.153 in a DOS box it says Tracing route to ox-173-241-240-153.xa.dc.openx.org [173.241.240.153] over a maximum of 30 hops: 1 General failure. I checked the MBAM protection log and it shows several blocks to this IP address coming from iexplore.exe, firefox.exe and chrome.exe. They all have a line like this: 2012/08/25 03:25:13 +0200 WORKSTATION ComputerName IP-BLOCK 173.241.240.153 (Type: outgoing, Port: 62202, Process: firefox.exe) with a variety of port number from 8 to some in the 50.000 range and in the 60.000 range. What I try to figure out is if this is still a symptom of a root kit somewhere or totally unrelated. If I´m free of the threat now, I can start preparing for backups and a complete format. If I´m still under remote control I don´t even feel comfortable using any browser, reading my email and transferring my data to another PC. Maybe you can help me out.
  3. max3d
    Hi, I suspected a virus as the computer was extremely slow. Microsoft Essentials and Trend Micro House Call didn´t notice anything. However I could see lots of network activity while nothing should be active. When I ran a full scan of Micro Essentials in safe mode over night I noticed it was terminated in the middle of the night and my event logger showed a successful login while I was sleeping! I tried Malwarebytes quick scan and it found three infections: heuristics.shuriken File heuristics.shuriken Registry Backdoor.agent file c:\windows\system32\cml.exe I let the program remove these. My problem and question is, am I now free of all backdoors AND how much damage will have been done by someone nosing around on my system. For instance can passwords stored by IE, Chrome and FF be read by a remote hacker? I presume he has been copying all files on my system. I will copy the output of scr.com and that of RogueKiller below it. Attached is the attach.txt file. What worries me is that Roguekiller identified a Skype service as dangerous AFTER MBAM did its job. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Saskia Bakker at 14:07:38 on 2012-08-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12286.6414 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\System32\snmp.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\syswow64\snmp.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Windows\System32\vds.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\PicPick\picpick.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\easyVoipRecorder\easyVoipRecorder.exe C:\Program Files (x86)\easyVoipRecorder\easyVoipRecorderMonitor.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Users\Saskia Bakker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Windows\system32\conhost.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [AdobeBridge] uRun: [Google Update] "C:\Users\Saskia Bakker\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [CA5002FA326C99572E9584EF833B0C63492F5BB0._service_run] "C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service uRun: [F.lux] "C:\Users\Saskia Bakker\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized uRun: [CompuCare Check for updates] C:\Users\Saskia Bakker\AppData\Roaming\SuperPump\updater.exe uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe /startup uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [MusicManager] "C:\Users\Saskia Bakker\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [easyVoipRecorder] C:\Program Files (x86)\easyVoipRecorder\easyVoipRecorder.exe /Minimize uRun: [easyVoipRecorderMonitor] C:\Program Files (x86)\easyVoipRecorder\easyVoipRecorderMonitor.exe /Minimize uRun: [GoogleChromeAutoLaunch_CCF267AB6A67B2874293D0CD9CA77E97] "C:\Users\Saskia Bakker\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background uRun: [spotify Web Helper] "C:\Users\Saskia Bakker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [XHD_II] C:\Program Files (x86)\gigabyte\xhd_ii\xhd2_tray.exe mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe StartupFolder: C:\Users\SASKIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ET6.lnk - C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: C:\Windows\system32\EasyRedirect.dll LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx TCP: DhcpNameServer = 10.20.0.250 62.37.225.57 TCP: Interfaces\{13DAB7F9-7681-44F2-B781-777EB15452F2} : DhcpNameServer = 192.168.1.1 10.20.0.250 62.37.225.57 TCP: Interfaces\{13DAB7F9-7681-44F2-B781-777EB15452F2}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254 TCP: Interfaces\{13DAB7F9-7681-44F2-B781-777EB15452F2}\659405D284F4453505F445E236F6D60293532353933333333302B6470226F4 : DhcpNameServer = 10.254.67.1 80.58.0.33 TCP: Interfaces\{13DAB7F9-7681-44F2-B781-777EB15452F2}\75946494D224C45554E236F6D602935323437373733333021686370216F4 : DhcpNameServer = 10.5.112.1 10.0.0.1 TCP: Interfaces\{13DAB7F9-7681-44F2-B781-777EB15452F2}\95D294E6475627E65647022484132353D223024556C602935323933323236363 : DhcpNameServer = 62.82.36.6 62.82.36.2 TCP: Interfaces\{1BF23D67-E048-4ACB-B5D0-6FCECF0F75D9} : DhcpNameServer = 10.11.0.1 TCP: Interfaces\{3245C811-1AED-47F3-8108-4A9A3FBFC289} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{6869DBF3-1F5C-43DC-8207-25DA271EB9A3} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{C06AF5AD-416C-45E1-A9EE-4E0D3FF3BEAD} : DhcpNameServer = 10.20.0.250 62.37.225.57 TCP: Interfaces\{F377B502-C75E-445B-881B-8FF07E686059} : NameServer = 212.166.132.110 212.73.32.67 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B} : DhcpNameServer = 10.20.0.250 62.37.225.57 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B}\44F6E602A45716E60275966496021303024556C602935323933323236363 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B}\44F6E602A45716E60275966496021303024556C602935323933323236363 : DhcpNameServer = 46.37.96.22 46.37.96.23 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B}\759664960234F6E6E656364702D405231323024502935313036333530303 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{FC3FB497-AB0F-411A-96EF-2479E0853B1B}\759664960234F6E6E656364702D405231323024502935313036333530303 : DhcpNameServer = 46.37.96.22 46.37.96.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun-x64: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [XHD_II] C:\Program Files (x86)\gigabyte\xhd_ii\xhd2_tray.exe mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Saskia Bakker\AppData\Roaming\Mozilla\Firefox\Profiles\sqkhjbg3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Program Files\sView 2009\StBrowserPlugins\npStBrowserPlugin.dll FF - plugin: C:\Users\Saskia Bakker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Saskia Bakker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Saskia Bakker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - d04d7cd900000000000000ff1bf23d67 FF - user.js: extensions.BabylonToolbar_i.hardId - d04d7cd900000000000000ff1bf23d67 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15309 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:43:53 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100489 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?] R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 ArcSec;ArcSec;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?] R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?] R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992] R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2012-7-9 70280] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [2012-3-20 155136] R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe [2012-7-9 24712] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-16 655944] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-5-15 2218600] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-3-23 31920] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472] R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-3-29 9216] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [2012-3-20 5683712] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-8-7 30528] R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?] R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280] S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?] S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2011-10-25 2428968] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-13 14216] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-8-7 25640] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-13 8456] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176] S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys --> C:\Windows\system32\DRIVERS\ew_juextctrl.sys [?] S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys --> C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [?] S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 114144] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-1-1 17392] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-7-11 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S4 COM Service;COM Service;C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.exe [2010-8-7 16384] S4 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-8-7 68136] S4 EasyRedirect;EasyRedirect;C:\Program Files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe [2011-8-28 3092480] S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S4 Nalperion;Nalperion;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?] S4 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-1-1 88064] S4 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-8-7 114688] S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-17 2358656] S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248] . =============== Created Last 30 ================ . 2012-08-16 11:56:43 -------- d-----w- C:\Program Files (x86)\ESET 2012-08-16 10:23:43 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2114CE06-2A4D-438D-B495-7D5CD896CD07}\mpengine.dll 2012-08-16 08:58:23 -------- d-----w- C:\Users\Saskia Bakker\AppData\Roaming\Malwarebytes 2012-08-16 08:58:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-16 08:58:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-16 08:58:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-15 14:23:16 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-12 20:51:23 129024 ----a-w- C:\Windows\RegBootClean64.exe 2012-08-09 14:59:19 417792 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll 2012-08-09 14:59:19 -------- d-----w- C:\ProgramData\Last.fm 2012-08-09 13:24:24 -------- d-----w- C:\Users\Saskia Bakker\AppData\Local\Last.fm 2012-08-09 13:24:20 -------- d-----w- C:\Program Files (x86)\Last.fm 2012-08-04 22:20:34 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis 2012-08-04 22:18:37 -------- d-----w- C:\Users\Saskia Bakker\AppData\Local\Corel 2012-08-04 22:16:23 -------- d-----w- C:\Program Files (x86)\Common Files\Corel 2012-08-03 15:12:16 -------- d-----w- C:\VueScan 2012-08-03 03:38:24 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-07-28 16:04:56 -------- d-----w- C:\Users\Saskia Bakker\AppData\Roaming\RealNetworks 2012-07-28 16:04:22 -------- d-----w- C:\ProgramData\RealNetworks 2012-07-28 16:04:22 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-07-27 01:45:30 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-27 01:35:40 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-07-27 01:11:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-07-27 01:09:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-27 01:09:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-07-27 01:09:00 174200 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-07-27 01:09:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-07-26 05:31:03 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-07-26 05:31:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-07-26 05:20:49 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-26 05:20:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-26 05:20:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-26 05:20:48 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-26 05:20:48 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-26 05:20:48 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-26 05:03:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-07-26 05:03:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-07-26 05:03:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-07-26 05:03:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-26 05:03:52 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-26 05:03:52 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-07-26 05:03:52 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-26 05:03:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-26 05:03:52 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-26 05:03:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-26 05:03:52 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-26 05:03:52 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-07-26 04:56:41 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-26 04:47:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-07-26 04:47:12 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-07-26 04:47:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-07-26 04:07:21 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-07-26 04:07:21 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-07-26 04:07:21 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-07-26 04:07:21 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-07-26 04:07:21 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-07-26 03:56:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-07-26 02:17:09 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-07-26 02:17:07 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-07-26 02:17:07 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-07-26 02:17:00 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-07-26 02:16:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-26 02:16:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-26 02:16:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-07-26 02:16:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-07-26 02:16:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-26 01:43:11 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-07-26 01:03:41 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-07-26 01:03:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-07-26 01:03:41 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-07-26 01:03:40 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-07-26 01:03:40 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-07-26 01:03:40 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-07-26 01:03:40 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-07-26 00:08:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-26 00:08:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-26 00:08:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-25 23:54:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-25 23:54:01 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-25 23:53:33 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-25 23:53:33 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-25 22:13:54 -------- d-----w- C:\Users\Saskia Bakker\AppData\Local\MetaGeek,_LLC 2012-07-25 22:07:53 -------- d-----w- C:\Program Files (x86)\MetaGeek 2012-07-22 14:03:14 -------- d-----w- C:\Users\Saskia Bakker\AppData\Local\Macromedia 2012-07-19 23:19:51 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-08-16 10:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-08-16 10:56:25 25640 ----a-w- C:\Windows\gdrv.sys 2012-08-15 16:39:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-15 16:38:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-04 22:26:59 3140 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-07-29 23:53:00 454656 --sha-w- C:\EUMONBMP.SYS 2012-07-19 23:19:30 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-05 21:51:56 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys 2012-07-05 21:51:56 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-08-23 16:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll 2011-08-23 16:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll 2011-08-23 16:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll 2011-08-23 16:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll 2011-08-23 16:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll . ============= FINISH: 14:08:57.18 =============== Rogue quarantine.txt Time : 16/08/2012 14:16:23 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe Time : 16/08/2012 14:16:28 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe Time : 16/08/2012 14:16:31 -------------------------- [c2c_service.exe.vir] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe Rogue general RKreport: RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Saskia Bakker [Admin rights] Mode: DNSFix -- Date: 08/16/2012 14:16:31 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{F377B502-C75E-445B-881B-8FF07E686059} : NameServer (212.166.132.110 212.73.32.67) -> REPLACED () [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F377B502-C75E-445B-881B-8FF07E686059} : NameServer (212.166.132.110 212.73.32.67) -> REPLACED () Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.