Jump to content

I think I might be infected with Sirefef.gen!C and/or Trojan.0access


Recommended Posts

Dear Moderators,

Recently I noticed random links popping up in my web browser and strange redirects to different site then the ones I clicked on in google search engine. Also my antivirus keeps getting detections in my trash can, after reading http://forums.malwarebytes.org/index.php?showtopic=116190 I think the latter might be a similar case, but I am not so sure. That's why I came here for help. The "I'm infected - What do I do now?" post told me to paste the following files, so here they are. I hope you can help. (I closed down my uTorrent)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by Gebruiker at 17:23:25 on 2013-04-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8169.5418 [GMT 2:00]

.

AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

E:\Programma's\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

E:\Programma's\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

E:\Programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

E:\Programma's\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

E:\Programma's\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Programma's\Samsung SSD Magician\Samsung Magician.exe

E:\Programma's\Cyberlink\Power2Go\CLMLSvc.exe

E:\Programma's\Cyberlink\lg_fwupdate\fwupdate.exe

C:\Windows\system32\AUDIODG.EXE

E:\Programma's\Firefox\firefox.exe

E:\Programma's\Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.nl/

uSearch Page = hxxp://www.google.nl

uDefault_Page_URL = www.google.nl

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\Programma's\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programma's\Office\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programma's\Office\Office14\URLREDIR.DLL

uRun: [spybotSD TeaTimer] E:\Programma's\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CLMLServer] "E:\Programma's\Cyberlink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "E:\Programma's\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Programma's\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [uCam_Menu] "E:\Programma's\Cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Programma's\Cyberlink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] E:\Programma's\Cyberlink\lg_fwupdate\lgfw.exe blrun

mRun: [bCSSync] "E:\Programma's\Office\Office14\BCSSync.exe" /DelayServices

mRun: [spybotSnD] "E:\Programma's\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart

mRunOnce: [Malwarebytes Anti-Malware] E:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\GEBRUI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - E:\Programma's\Samsung SSD Magician\Samsung Magician.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Verzenden naar OneNote - E:\PROGRA~1\Office\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - E:\PROGRA~1\Office\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programma's\Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Programma's\Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programma's\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{486F09BD-3D6C-464A-9B4C-A92ED0C7B9E3} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{692799B2-0C49-4FE9-88BC-323A503765A4} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{98DD83B3-F0A3-4416-A15B-C9F6FC736BB6} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programma's\Office\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [COMODO Internet Security] "E:\Programma's\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 genuine.microsoft.com

Hosts: 127.0.0.1 mpa.one.microsoft.com

Hosts: 127.0.0.1 sls.microsoft.com

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Windows\System32\npmproxy.dll

FF - plugin: C:\Windows\System32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: E:\PROGRA~1\Office\Office14\NPAUTHZ.DLL

FF - plugin: E:\PROGRA~1\Office\Office14\NPSPWRAP.DLL

FF - plugin: E:\Programma's\VLC\npvlc.dll

FF - ExtSQL: 2013-04-02 21:43; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

FF - ExtSQL: 2013-04-02 21:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-04-02 21:44; donottrackplus@abine.com; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\donottrackplus@abine.com

.

============= SERVICES / DRIVERS ===============

.

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-10-5 22736]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-10-5 584056]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-10-5 38144]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 MBAMScheduler;MBAMScheduler;E:\Programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]

R2 MBAMService;MBAMService;E:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2012-10-24 1101600]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]

R3 lgbusenum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]

R3 RTCore64;RTCore64;E:\Programma's\MSI Afterburner\RTCore64.sys [2013-1-23 13368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;E:\Programma's\Spybot - Search & Destroy\SDWinSec.exe [2013-4-3 1153368]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184]

S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]

S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608]

S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]

S3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 20992]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S3 SymSnapService;SymSnapService;"E:\Programma's\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> E:\Programma's\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 59392]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-24 1255736]

S4 FAH@F:+Downloads+Mozilla+FAH504-Console.exe;FAH@F:+Downloads+Mozilla+FAH504-Console.exe;F:\Downloads\Mozilla\FAH504-Console.exe -svcstart --> F:\Downloads\Mozilla\FAH504-Console.exe -svcstart [?]

.

=============== Created Last 30 ================

.

2013-04-24 15:06:05 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes

2013-04-24 15:05:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-24 15:05:39 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-24 14:23:09 1 ----a-w- C:\Windows\SysWow64\SI.bin

2013-04-24 14:17:11 -------- d-----w- C:\Program Files\Enigma Software Group

2013-04-24 14:17:00 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP

2013-04-24 14:08:05 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-19 19:57:39 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Darksiders

2013-04-13 12:20:01 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-04-13 12:20:01 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-04-13 12:20:01 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-04-13 12:20:01 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-04-13 12:20:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-04-13 12:20:01 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-04-13 12:20:01 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-04-13 12:19:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-04-13 12:19:38 31672 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-04-13 12:19:38 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-04-13 12:19:38 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2013-04-12 14:30:20 -------- d-----w- C:\ProgramData\Futuremark

2013-04-12 14:05:33 -------- d-----w- C:\Program Files (x86)\OpenAL

2013-04-12 13:34:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\QuickScan

2013-04-12 06:50:05 79256 ----a-w- C:\Windows\SysWow64\npOGPPlugin.dll

2013-04-12 06:50:03 271768 ----a-w- C:\Windows\SysWow64\OGPIEPlugin.ocx

2013-04-12 06:50:02 -------- d-----w- C:\Program Files (x86)\OGPlanet

2013-04-10 07:56:09 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Futuremark

2013-04-10 07:44:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\IsolatedStorage

2013-04-10 07:44:48 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Futuremark_Corporation

2013-04-04 13:51:15 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Logitech

2013-04-04 13:50:58 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-04-04 13:50:54 -------- d-----w- C:\Program Files\Logitech Gaming Software

2013-04-04 13:50:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Logishrd

2013-04-02 19:33:32 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-02 15:07:33 13088000 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2013-04-02 14:23:49 -------- d-----w- C:\ProgramData\Licenses

2013-04-02 14:23:47 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2013-04-01 17:23:59 393728 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll

2013-04-01 17:11:15 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\MusicIP

2013-04-01 15:34:17 -------- d-----w- C:\Users\Gebruiker\AppData\Local\LucasArts

2013-03-31 16:11:07 -------- d-----w- C:\Users\Gebruiker\AppData\Local\SniperV2

2013-03-27 18:43:57 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Warner Bros. Interactive Entertainment

2013-03-27 17:58:50 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Insanely Twisted Shadow Planet

.

==================== Find3M ====================

.

2013-04-23 18:39:08 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-23 18:39:08 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-23 18:39:00 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-04-14 17:29:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 17:29:11 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-23 09:50:52 0 ----a-w- C:\Windows\SysWow64\OLDADEE.tmp

2013-03-17 17:01:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 15:03:33 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2009-12-06 17:18:14 26624 --sh--w- C:\Windows\bfcs2.dll

.

============= FINISH: 17:24:33,07 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 23-10-2012 7:55:59

System Uptime: 24-4-2013 16:13:27 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 REV 3.1

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 64 GiB total, 29,363 GiB free.

C: is FIXED (NTFS) - 55 GiB total, 18,759 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 573 GiB total, 427,213 GiB free.

F: is FIXED (NTFS) - 789 GiB total, 515,223 GiB free.

T: is FIXED (NTFS) - 502 GiB total, 271,452 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&87D54EE&0&00E5

Service: RTL8167

.

Class GUID:

Description: SM-buscontroller

Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB

Manufacturer:

Name: SM-buscontroller

PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3DMark 11

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02) - Nederlands

Asmedia ASM104x USB 3.0 Host Controller Driver

Assassin's Creed

Assassin's Creed Brotherhood

Assassin's Creed II

Assassin's Creed III 1.01

Assassin's Creed Revelations

µTorrent

Battlefield 3™

Battlelog Web Plugins

Bluetooth Win7 Suite (64)

Borderlands 2

Coach 6 Thuis (Nederlands)

COMODO Internet Security

CPUID CPU-Z 1.61.5

Cross Fire En

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EAX4 Unified Redist

erLT

ESN Sonar

Fraps (remove only)

Free Studio version 5.9.0.1212

Google Chrome

Google Update Helper

inSSIDer

Intel® Management Engine Components

Java 7 Update 9 (64-bit)

Junk Mail filter update

LEGO® Batman™ 2: DC Super Heroes

LG Bluetooth Drivers

LG Burning Tool

LG CyberLink Media Suite

LG CyberLink MediaEspresso

LG CyberLink YouCam

LG PC Suite

LG Tool Kit

LG United Mobile Drivers

LightScribe System Software

Logitech Gaming Software

Logitech Gaming Software 8.45

Malwarebytes Anti-Malware versie 1.75.0.1300

marvell 91xx driver

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared 64-bit MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 20.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSI Afterburner 2.3.1

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA-configuratiescherm 314.22

NVIDIA 3D Vision controllerstuurprogramma 314.22

NVIDIA 3D Vision stuurprogramma 314.22

NVIDIA Grafisch stuurprogramma 314.22

NVIDIA HD Audio-stuurprogramma 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX systeemsoftware 9.12.1031

NVIDIA Stereoscopic 3D Driver

Origin

Paint.NET v3.5.10

Photo Common

PlayReady PC Runtime x86

PunkBuster Services

Samsung Magician

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.3

Spybot - Search & Destroy

SpywareBlaster 5.0

Steam

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Taalpakket voor Microsoft .NET Framework 4 Extended - NLD

TeamSpeak 3 Client

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Uplay

User's Guides

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

Link to post
Share on other sites

Hello MrGiggles and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: µTorrent

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log

Link to post
Share on other sites

First off, thank you for the quick response. I removed uTorrent and did a quick scan, and no problems came up:

Do I still have to follow step 3 since I didn't come across any infections?

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.24.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Gebruiker :: GEBRUIK-O1TKUUW [administrator]

Protection: Enabled

24-4-2013 19:23:55

mbam-log-2013-04-24 (19-23-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212996

Time elapsed: 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I did the RogueKiller thing and the new DDS log, here it is:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Gestart vanuit : Normale modus

Gebruiker : Gebruiker [Administrator rechten]

Modus : Scan -- Datum : 04/24/2013 21:08:41

| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 21 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\42508014 (C:\Windows\system32\drivers\04077126.sys) -> gevonden

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\42508014 (C:\Windows\system32\drivers\04077126.sys) -> gevonden

[TASK][sUSP PATH] shutdown : C:\Users\Gebruiker\Desktop\shutdown.bat [x] -> gevonden

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{692799B2-0C49-4FE9-88BC-323A503765A4} : NameServer (8.26.56.26,156.154.70.22) -> gevonden

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : NameServer (8.26.56.26,156.154.70.22) -> gevonden

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{692799B2-0C49-4FE9-88BC-323A503765A4} : NameServer (8.26.56.26,156.154.70.22) -> gevonden

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : NameServer (8.26.56.26,156.154.70.22) -> gevonden

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> gevonden

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> gevonden

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> gevonden

[HJ] HKLM\[...]\System : EnableLUA (0) -> gevonden

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> gevonden

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> gevonden

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> gevonden

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1312253270-3437001810-764976608-1000\$4b3b898bf6eb53393ece6f75bb940e3b\n.) [x] -> gevonden

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\n) [-] -> gevonden

[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\n) [-] -> gevonden

¤¤¤ Speciale Files / Folders: ¤¤¤

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\n [-] --> gevonden

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\@ [-] --> gevonden

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1312253270-3437001810-764976608-1000\$4b3b898bf6eb53393ece6f75bb940e3b\@ [-] --> gevonden

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\U --> gevonden

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1312253270-3437001810-764976608-1000\$4b3b898bf6eb53393ece6f75bb940e3b\U --> gevonden

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$4b3b898bf6eb53393ece6f75bb940e3b\L --> gevonden

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1312253270-3437001810-764976608-1000\$4b3b898bf6eb53393ece6f75bb940e3b\L --> gevonden

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> gevonden

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> gevonden

¤¤¤ Driver : [Niet geladen] ¤¤¤

¤¤¤ Infectie : ZeroAccess ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 sls.microsoft.com

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

[...]

¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series SCSI Disk Device +++++

--- User ---

[MBR] af03a217a2e3b784158ba3f516a9570a

[bSP] 3dc432e95ecc816f916cfd6be70a4ac8 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 56770 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 116269056 | Size: 65332 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG HD204UI SCSI Disk Device +++++

--- User ---

[MBR] 2041bc852617fd0f97b92e14a77a57d4

[bSP] 8ec0a94f190248572b5fb99904c51309 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 807625 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1654224896 | Size: 1100001 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: LGE P990 USB Device +++++

--- User ---

[MBR] 9b4e4ecdb1a0cb7869b8205f76878442

[bSP] 5f03ed8a845106c7e6d3f1a87926df67 : Empty MBR Code

Partition table:

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: LGE P990 SD Card USB Device +++++

--- User ---

[MBR] 5e6a18aee7c8f3f8992340aa3beda052

[bSP] 04d46658e6073b47b6c9390cac201f6e : Empty MBR Code

Partition table:

User = LL1 ... OK!

Error reading LL2 MBR!

Gereed : << RKreport[1]_S_04242013_02d2108.txt >>

RKreport[1]_S_04242013_02d2108.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by Gebruiker at 21:10:35 on 2013-04-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8169.5129 [GMT 2:00]

.

AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

E:\Programma's\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

E:\Programma's\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

E:\Programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

E:\Programma's\Comodo\COMODO Internet Security\cfp.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

E:\Programma's\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Programma's\Samsung SSD Magician\Samsung Magician.exe

E:\Programma's\Cyberlink\Power2Go\CLMLSvc.exe

E:\Programma's\Cyberlink\lg_fwupdate\fwupdate.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe

E:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Programma's\Firefox\firefox.exe

C:\Windows\System32\WUDFHost.exe

E:\Programma's\Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe

B:\Origin\Origin.exe

C:\Windows\SysWOW64\PnkBstrB.exe

F:\Downloads\Mozilla\RogueKillerX64.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.nl/

uSearch Page = hxxp://www.google.nl

uDefault_Page_URL = www.google.nl

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\Programma's\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programma's\Office\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programma's\Office\Office14\URLREDIR.DLL

uRun: [spybotSD TeaTimer] E:\Programma's\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CLMLServer] "E:\Programma's\Cyberlink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "E:\Programma's\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe" "E:\Programma's\Cyberlink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [uCam_Menu] "E:\Programma's\Cyberlink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Programma's\Cyberlink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] E:\Programma's\Cyberlink\lg_fwupdate\lgfw.exe blrun

mRun: [bCSSync] "E:\Programma's\Office\Office14\BCSSync.exe" /DelayServices

mRun: [spybotSnD] "E:\Programma's\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart

mRunOnce: [Malwarebytes Anti-Malware] E:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\GEBRUI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - E:\Programma's\Samsung SSD Magician\Samsung Magician.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Verzenden naar OneNote - E:\PROGRA~1\Office\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - E:\PROGRA~1\Office\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programma's\Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Programma's\Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programma's\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{486F09BD-3D6C-464A-9B4C-A92ED0C7B9E3} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{692799B2-0C49-4FE9-88BC-323A503765A4} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{98DD83B3-F0A3-4416-A15B-C9F6FC736BB6} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

TCP: Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{E597C0F7-3DA9-4D26-957D-5B9029AA9E4F} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programma's\Office\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [COMODO Internet Security] "E:\Programma's\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 genuine.microsoft.com

Hosts: 127.0.0.1 mpa.one.microsoft.com

Hosts: 127.0.0.1 sls.microsoft.com

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Windows\System32\npmproxy.dll

FF - plugin: C:\Windows\System32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: E:\PROGRA~1\Office\Office14\NPAUTHZ.DLL

FF - plugin: E:\PROGRA~1\Office\Office14\NPSPWRAP.DLL

FF - plugin: E:\Programma's\VLC\npvlc.dll

FF - ExtSQL: 2013-04-02 21:43; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

FF - ExtSQL: 2013-04-02 21:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-04-02 21:44; donottrackplus@abine.com; C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\82vxc86y.default\extensions\donottrackplus@abine.com

.

============= SERVICES / DRIVERS ===============

.

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-10-5 22736]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-10-5 584056]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-10-5 38144]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 MBAMScheduler;MBAMScheduler;E:\Programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]

R2 MBAMService;MBAMService;E:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2012-10-24 1101600]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]

R3 lgbusenum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]

R3 RTCore64;RTCore64;E:\Programma's\MSI Afterburner\RTCore64.sys [2013-1-23 13368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;E:\Programma's\Spybot - Search & Destroy\SDWinSec.exe [2013-4-3 1153368]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184]

S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]

S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608]

S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]

S3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 20992]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S3 SymSnapService;SymSnapService;"E:\Programma's\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> E:\Programma's\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 59392]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-24 1255736]

S4 FAH@F:+Downloads+Mozilla+FAH504-Console.exe;FAH@F:+Downloads+Mozilla+FAH504-Console.exe;F:\Downloads\Mozilla\FAH504-Console.exe -svcstart --> F:\Downloads\Mozilla\FAH504-Console.exe -svcstart [?]

.

=============== Created Last 30 ================

.

2013-04-24 15:06:05 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes

2013-04-24 15:05:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-24 15:05:39 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-24 14:23:09 1 ----a-w- C:\Windows\SysWow64\SI.bin

2013-04-24 14:17:11 -------- d-----w- C:\Program Files\Enigma Software Group

2013-04-24 14:17:00 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP

2013-04-24 14:08:05 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-19 19:57:39 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Darksiders

2013-04-13 12:20:01 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-04-13 12:20:01 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-04-13 12:20:01 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-04-13 12:20:01 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-04-13 12:20:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-04-13 12:20:01 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-04-13 12:20:01 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-04-13 12:19:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-04-13 12:19:38 31672 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-04-13 12:19:38 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-04-13 12:19:38 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2013-04-12 14:30:20 -------- d-----w- C:\ProgramData\Futuremark

2013-04-12 14:05:33 -------- d-----w- C:\Program Files (x86)\OpenAL

2013-04-12 13:34:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\QuickScan

2013-04-12 06:50:05 79256 ----a-w- C:\Windows\SysWow64\npOGPPlugin.dll

2013-04-12 06:50:03 271768 ----a-w- C:\Windows\SysWow64\OGPIEPlugin.ocx

2013-04-12 06:50:02 -------- d-----w- C:\Program Files (x86)\OGPlanet

2013-04-10 07:56:09 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Futuremark

2013-04-10 07:44:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\IsolatedStorage

2013-04-10 07:44:48 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Futuremark_Corporation

2013-04-04 13:51:15 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Logitech

2013-04-04 13:50:58 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-04-04 13:50:54 -------- d-----w- C:\Program Files\Logitech Gaming Software

2013-04-04 13:50:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Logishrd

2013-04-02 19:33:32 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-02 15:07:33 13088000 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2013-04-02 14:23:49 -------- d-----w- C:\ProgramData\Licenses

2013-04-02 14:23:47 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2013-04-01 17:23:59 393728 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll

2013-04-01 17:11:15 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\MusicIP

2013-04-01 15:34:17 -------- d-----w- C:\Users\Gebruiker\AppData\Local\LucasArts

2013-03-31 16:11:07 -------- d-----w- C:\Users\Gebruiker\AppData\Local\SniperV2

2013-03-27 18:43:57 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Warner Bros. Interactive Entertainment

2013-03-27 17:58:50 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Insanely Twisted Shadow Planet

.

==================== Find3M ====================

.

2013-04-24 17:55:41 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-24 17:55:41 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-24 17:55:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-04-14 17:29:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-14 17:29:11 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-23 09:50:52 0 ----a-w- C:\Windows\SysWow64\OLDADEE.tmp

2013-03-17 17:01:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 15:03:33 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2009-12-06 17:18:14 26624 --sh--w- C:\Windows\bfcs2.dll

.

============= FINISH: 21:11:40,09 ===============

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.