MorgothG
Posts: 13 +0
Hi all,
This Sirefef.B is driving me mad
I tried Combofix but I am afraid I need some real help here.
I made a FRST log and it shows ZeroAcces. See under here. But I also wander: has Sirefef.B mutated to ZeroAcces.B? And is Sirefef gone?
Well here is my FRST log
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 04-08-2012 17:56:18
Running from H:\
Windows 7 Home Premium (X64) OS Language: Dutch Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-26] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash [199264 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [2349664 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Sytske\...\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c [366024 2011-10-27] (IncrediMail, Ltd.)
HKU\Sytske\...\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe /autorun [2132992 2012-02-02] ()
HKU\Sytske\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955792 2012-05-04] (Samsung)
HKU\Sytske\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.)
HKU\Sytske\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] ()
HKU\Sytske\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-23] (Google Inc.)
HKU\Sytske\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
==================== Services (Whitelisted) ======
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [219360 2009-08-04] (DeviceVM, Inc.)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 F-Secure Gatekeeper Handler Starter; "C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe" [215648 2009-08-05] (F-Secure Corporation)
3 FSDFWD; "C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe" [844384 2012-04-04] (F-Secure Corporation)
2 FSMA; "C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE" [186976 2009-08-05] (F-Secure Corporation)
3 FSORSPClient; "C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe" [61088 2012-04-04] (F-Secure Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [88480 2012-07-18] ()
4 F-Secure Filter; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [39776 2009-08-05] ()
3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [199848 2012-06-07] ()
1 F-Secure HIPS; \??\C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation)
4 F-Secure Recognizer; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [25184 2009-08-05] ()
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55960 2012-05-09] ()
0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2012-04-04] ()
1 FSES; C:\Windows\System32\Drivers\FSES.sys [45624 2012-04-04] (F-Secure Corporation)
1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94280 2012-04-04] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] ()
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-04] (Windows (R) Server 2003 DDK provider)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [46400 2012-07-18] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 SG762_64; C:\Windows\System32\DRIVERS\WlanBZ64.sys [493440 2009-08-27] (ZyDAS Technology Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-04 16:00 - 2012-08-04 16:00 - 00607260 ____R (Swearware) C:\Users\Sytske\Desktop\dds.com
2012-08-04 15:56 - 2012-08-04 15:56 - 00000000 ____A C:\Users\Sytske\Documents\gmer.log
2012-08-04 15:52 - 2012-08-04 15:52 - 00302592 ____A C:\Users\Sytske\Downloads\iql1svem.exe
2012-08-04 15:52 - 2012-08-04 15:52 - 00294216 ____A C:\Users\Sytske\Desktop\gmer.zip
2012-08-04 15:52 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Sytske\Desktop\gmer.exe
2012-08-04 15:45 - 2012-08-04 16:11 - 00000000 ____D C:\Users\Sytske\Documents\virus logs enzo
2012-08-04 15:27 - 2012-08-04 15:27 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\Malwarebytes
2012-08-04 15:26 - 2012-08-04 15:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:26 - 2012-08-04 15:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-04 15:26 - 2012-08-04 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-04 15:26 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-04 15:25 - 2012-08-04 15:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:23 - 2012-08-04 15:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 14:44 - 2012-08-04 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-04 14:43 - 2012-08-04 15:27 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 14:42 - 2012-08-04 14:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Sytske\Desktop\SpyHunter-Installer.exe
2012-08-04 14:37 - 2012-08-04 14:37 - 04009167 ____A C:\Users\Sytske\Desktop\ServicesRepair.exe
2012-08-04 14:36 - 2012-08-04 14:36 - 00138120 ____A (ESET) C:\Users\Sytske\Desktop\ESETSirefefRemover.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 02030547 ____A C:\Users\Sytske\Desktop\EZ_Sirefix.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\F-Secure
2012-08-03 13:50 - 2012-08-03 13:50 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-02 07:34 - 2012-08-02 07:34 - 01438391 ____A (Farbar) C:\Users\Sytske\Downloads\FRST64.exe
2012-07-29 19:03 - 2012-08-03 13:29 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-26 18:36 - 2012-07-26 18:36 - 00001144 ____A C:\Users\Sytske\Desktop\Jane Croft.lnk
2012-07-25 17:40 - 2012-07-25 19:09 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-25 17:40 - 2012-07-25 17:40 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-07-25 17:39 - 2012-07-25 17:40 - 00000000 ____D C:\Users\Sytske\AppData\Local\adawarebp
2012-07-25 17:38 - 2012-07-25 18:04 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\Ad-Aware Antivirus
2012-07-24 14:35 - 2012-07-25 19:08 - 00000000 ____D C:\Program Files (x86)\DealPly
2012-07-24 14:35 - 2012-07-24 14:44 - 00000000 ____D C:\Program Files\Babylon
2012-07-24 10:09 - 2012-07-24 10:09 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-07-24 10:09 - 2012-07-24 10:09 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-07-24 10:03 - 2012-08-03 13:31 - 00000000 ____D C:\Users\Sytske\Documents\Calibrebibliotheek
2012-07-24 10:03 - 2012-07-24 15:36 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\calibre
2012-07-24 10:03 - 2012-07-24 10:03 - 00000000 ____D C:\Users\All Users\Sidekick Manager
2012-07-24 10:03 - 2012-07-24 10:03 - 00000000 ____D C:\Users\All Users\IBUpdaterService
2012-07-24 10:02 - 2012-08-03 13:29 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-07-23 12:07 - 2012-07-23 12:07 - 00023851 ____A C:\ComboFix.txt
2012-07-23 11:39 - 2012-07-23 12:07 - 00000000 ____D C:\ComboFix
2012-07-23 11:39 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-23 11:39 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-23 11:39 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-23 11:36 - 2012-07-23 12:07 - 00000000 ____D C:\Qoobox
2012-07-23 11:35 - 2012-07-23 12:03 - 00000000 ____D C:\Windows\erdnt
2012-07-23 11:35 - 2012-07-23 11:35 - 04582474 ____R (Swearware) C:\Users\Sytske\Downloads\ComboFix.exe
2012-07-23 11:17 - 2012-07-23 11:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-18 18:25 - 2012-07-18 18:25 - 00235936 ____A (Tagès SA) C:\Users\Sytske\Downloads\TagesSetup_x64.exe
2012-07-16 18:33 - 2012-07-16 18:33 - 00000000 ____D C:\Users\All Users\RVLGames
2012-07-15 13:57 - 2012-07-15 13:57 - 00000000 ____D C:\Users\Sytske\AppData\Local\Macromedia
2012-07-12 17:34 - 2012-07-23 09:45 - 00012962 ____A C:\Users\Sytske\Documents\Van Kristian.xlsx
2012-07-11 14:36 - 2012-07-11 14:36 - 00000000 ____D C:\Users\Sytske\Documents\My Games
2012-07-11 14:36 - 2012-07-11 14:36 - 00000000 ____D C:\Users\Sytske\AppData\Local\My Games
2012-07-11 13:36 - 2012-07-11 13:36 - 00000220 ____A C:\Users\Sytske\Desktop\Sid Meier's Civilization V.url
2012-07-11 13:28 - 2012-08-04 16:50 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 13:28 - 2012-08-03 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 13:28 - 2012-07-11 13:28 - 00000000 ____D C:\Windows\System32\Macromed
2012-07-11 13:07 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 13:04 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 13:04 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 13:04 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 13:04 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 13:04 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 13:04 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 13:04 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 13:04 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 13:04 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 13:04 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 13:04 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 13:04 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 13:04 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 13:04 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 13:04 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 13:04 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 13:04 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 13:04 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 13:04 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 13:04 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 13:04 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 13:04 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 13:04 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 13:04 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 13:04 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 13:04 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 13:04 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 13:04 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 08:22 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 08:22 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 08:22 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 08:22 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 08:22 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 08:22 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 08:21 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 08:21 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 08:21 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 08:21 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 08:21 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 08:21 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 08:21 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 08:21 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 08:21 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 08:21 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 08:21 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 08:21 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 08:21 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
============ 3 Months Modified Files ========================
2012-08-04 16:50 - 2012-07-11 13:28 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 16:50 - 2010-08-08 21:09 - 00000236 ____A C:\service.log
2012-08-04 16:50 - 2010-08-08 02:29 - 01411024 ____A C:\Windows\WindowsUpdate.log
2012-08-04 16:50 - 2009-07-14 05:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-04 16:50 - 2009-07-14 05:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-04 16:46 - 2010-08-11 08:11 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-04 16:46 - 2010-08-08 22:50 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-04 16:45 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-04 16:45 - 2009-07-14 05:51 - 00100038 ____A C:\Windows\setupact.log
2012-08-04 16:14 - 2009-07-14 10:16 - 00714012 ____A C:\Windows\System32\perfh013.dat
2012-08-04 16:14 - 2009-07-14 10:16 - 00139356 ____A C:\Windows\System32\perfc013.dat
2012-08-04 16:14 - 2009-07-14 06:13 - 01587152 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-04 16:03 - 2010-08-11 08:11 - 00001056 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 16:00 - 2012-08-04 16:00 - 00607260 ____R (Swearware) C:\Users\Sytske\Desktop\dds.com
2012-08-04 15:56 - 2012-08-04 15:56 - 00000000 ____A C:\Users\Sytske\Documents\gmer.log
2012-08-04 15:52 - 2012-08-04 15:52 - 00302592 ____A C:\Users\Sytske\Downloads\iql1svem.exe
2012-08-04 15:52 - 2012-08-04 15:52 - 00294216 ____A C:\Users\Sytske\Desktop\gmer.zip
2012-08-04 15:47 - 2010-08-11 07:39 - 00180688 ____A C:\Windows\PFRO.log
2012-08-04 15:26 - 2012-08-04 15:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:25 - 2012-08-04 15:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:23 - 2012-08-04 15:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 14:42 - 2012-08-04 14:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Sytske\Desktop\SpyHunter-Installer.exe
2012-08-04 14:37 - 2012-08-04 14:37 - 04009167 ____A C:\Users\Sytske\Desktop\ServicesRepair.exe
2012-08-04 14:36 - 2012-08-04 14:36 - 00138120 ____A (ESET) C:\Users\Sytske\Desktop\ESETSirefefRemover.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 02030547 ____A C:\Users\Sytske\Desktop\EZ_Sirefix.exe
2012-08-04 09:25 - 2011-11-29 18:37 - 00015048 ____A C:\Users\Sytske\Documents\Geocachen.xlsx
2012-08-03 13:50 - 2012-08-03 13:50 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-03 13:50 - 2012-07-11 13:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 13:50 - 2011-06-12 10:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 13:29 - 2012-07-29 19:03 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-08-02 07:34 - 2012-08-02 07:34 - 01438391 ____A (Farbar) C:\Users\Sytske\Downloads\FRST64.exe
2012-08-01 18:27 - 2009-07-14 06:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 18:36 - 2012-07-26 18:36 - 00001144 ____A C:\Users\Sytske\Desktop\Jane Croft.lnk
2012-07-23 12:07 - 2012-07-23 12:07 - 00023851 ____A C:\ComboFix.txt
2012-07-23 11:58 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-07-23 11:55 - 2009-07-14 03:34 - 67895296 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 23068672 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-23 11:35 - 2012-07-23 11:35 - 04582474 ____R (Swearware) C:\Users\Sytske\Downloads\ComboFix.exe
2012-07-23 09:45 - 2012-07-12 17:34 - 00012962 ____A C:\Users\Sytske\Documents\Van Kristian.xlsx
2012-07-18 18:25 - 2012-07-18 18:25 - 00235936 ____A (Tagès SA) C:\Users\Sytske\Downloads\TagesSetup_x64.exe
2012-07-18 18:25 - 2011-08-01 09:54 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys
2012-07-18 18:25 - 2011-08-01 09:54 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys
2012-07-11 14:35 - 2011-02-25 18:27 - 00274489 ____A C:\Windows\DirectX.log
2012-07-11 13:36 - 2012-07-11 13:36 - 00000220 ____A C:\Users\Sytske\Desktop\Sid Meier's Civilization V.url
2012-07-11 13:26 - 2009-07-14 05:45 - 00359456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 13:05 - 2010-08-11 07:47 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 19:00 - 2012-07-03 19:00 - 00001235 ____A C:\Users\Sytske\Desktop\World Riddles 2.lnk
2012-07-03 12:46 - 2012-08-04 15:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 16:17 - 2012-06-29 16:17 - 00001226 ____A C:\Users\Sytske\Desktop\Spirit of Wandering.lnk
2012-06-12 04:08 - 2012-07-11 13:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:43 - 2012-07-11 08:21 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-11 08:21 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 07:06 - 2012-07-11 08:22 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-11 08:22 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-11 08:21 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-11 08:22 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-11 08:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-11 08:21 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 23:19 - 2012-06-21 09:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 09:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 09:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 09:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 09:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-21 09:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-21 09:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 09:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 09:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 13:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 13:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 13:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 13:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 13:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 13:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 13:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 13:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 13:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 13:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 13:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 13:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 13:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 13:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 13:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 13:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 13:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 13:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 13:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 13:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 13:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 13:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 13:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 13:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 13:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 13:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-11 08:21 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-11 08:21 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-11 08:21 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-11 08:21 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-11 08:21 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-11 08:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-11 08:21 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-11 08:21 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-11 08:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-08-08 21:29 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 17:51 - 2011-05-25 18:27 - 00000075 ____A C:\Windows\ImportClient.INI
2012-05-16 16:09 - 2011-03-22 12:29 - 00003584 ____A C:\Users\Sytske\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 09:41 - 2012-05-09 09:41 - 00055960 ____A C:\Windows\System32\Drivers\fsbts.sys
ZeroAccess:
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\L
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\U
ZeroAccess:
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\@
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\L
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 4094.49 MB
Available physical RAM: 3448.52 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3433.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:931.41 GB) (Free:753.2 GB) NTFS
3 Drive d: (Achief) (Fixed) (Total:931.39 GB) (Free:811.35 GB) NTFS
4 Drive f: (Herstelschijf Windows 7 64-bits) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
6 Drive h: (KINGSTON) (Removable) (Total:3.74 GB) (Free:1.54 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 0 B
Schf 1 Online 931 GB 0 B *
Schf 2 Geen medium 0 B 0 B
Schf 3 Online 3836 MB 0 B
==========================================================
Last Boot: 2012-07-30 12:45
======================= End Of Log ==========================
This Sirefef.B is driving me mad
I tried Combofix but I am afraid I need some real help here.
I made a FRST log and it shows ZeroAcces. See under here. But I also wander: has Sirefef.B mutated to ZeroAcces.B? And is Sirefef gone?
Well here is my FRST log
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 04-08-2012 17:56:18
Running from H:\
Windows 7 Home Premium (X64) OS Language: Dutch Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-26] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash [199264 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [2349664 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Sytske\...\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c [366024 2011-10-27] (IncrediMail, Ltd.)
HKU\Sytske\...\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe /autorun [2132992 2012-02-02] ()
HKU\Sytske\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955792 2012-05-04] (Samsung)
HKU\Sytske\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.)
HKU\Sytske\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] ()
HKU\Sytske\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-23] (Google Inc.)
HKU\Sytske\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
==================== Services (Whitelisted) ======
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [219360 2009-08-04] (DeviceVM, Inc.)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
2 F-Secure Gatekeeper Handler Starter; "C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe" [215648 2009-08-05] (F-Secure Corporation)
3 FSDFWD; "C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe" [844384 2012-04-04] (F-Secure Corporation)
2 FSMA; "C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE" [186976 2009-08-05] (F-Secure Corporation)
3 FSORSPClient; "C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe" [61088 2012-04-04] (F-Secure Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [88480 2012-07-18] ()
4 F-Secure Filter; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [39776 2009-08-05] ()
3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [199848 2012-06-07] ()
1 F-Secure HIPS; \??\C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation)
4 F-Secure Recognizer; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [25184 2009-08-05] ()
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55960 2012-05-09] ()
0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2012-04-04] ()
1 FSES; C:\Windows\System32\Drivers\FSES.sys [45624 2012-04-04] (F-Secure Corporation)
1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94280 2012-04-04] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] ()
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-04] (Windows (R) Server 2003 DDK provider)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [46400 2012-07-18] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 SG762_64; C:\Windows\System32\DRIVERS\WlanBZ64.sys [493440 2009-08-27] (ZyDAS Technology Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-04 16:00 - 2012-08-04 16:00 - 00607260 ____R (Swearware) C:\Users\Sytske\Desktop\dds.com
2012-08-04 15:56 - 2012-08-04 15:56 - 00000000 ____A C:\Users\Sytske\Documents\gmer.log
2012-08-04 15:52 - 2012-08-04 15:52 - 00302592 ____A C:\Users\Sytske\Downloads\iql1svem.exe
2012-08-04 15:52 - 2012-08-04 15:52 - 00294216 ____A C:\Users\Sytske\Desktop\gmer.zip
2012-08-04 15:52 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Sytske\Desktop\gmer.exe
2012-08-04 15:45 - 2012-08-04 16:11 - 00000000 ____D C:\Users\Sytske\Documents\virus logs enzo
2012-08-04 15:27 - 2012-08-04 15:27 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\Malwarebytes
2012-08-04 15:26 - 2012-08-04 15:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:26 - 2012-08-04 15:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-04 15:26 - 2012-08-04 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-04 15:26 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-04 15:25 - 2012-08-04 15:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:23 - 2012-08-04 15:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 14:44 - 2012-08-04 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-04 14:43 - 2012-08-04 15:27 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 14:42 - 2012-08-04 14:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Sytske\Desktop\SpyHunter-Installer.exe
2012-08-04 14:37 - 2012-08-04 14:37 - 04009167 ____A C:\Users\Sytske\Desktop\ServicesRepair.exe
2012-08-04 14:36 - 2012-08-04 14:36 - 00138120 ____A (ESET) C:\Users\Sytske\Desktop\ESETSirefefRemover.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 02030547 ____A C:\Users\Sytske\Desktop\EZ_Sirefix.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\F-Secure
2012-08-03 13:50 - 2012-08-03 13:50 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-02 07:34 - 2012-08-02 07:34 - 01438391 ____A (Farbar) C:\Users\Sytske\Downloads\FRST64.exe
2012-07-29 19:03 - 2012-08-03 13:29 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-26 18:36 - 2012-07-26 18:36 - 00001144 ____A C:\Users\Sytske\Desktop\Jane Croft.lnk
2012-07-25 17:40 - 2012-07-25 19:09 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-25 17:40 - 2012-07-25 17:40 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-07-25 17:39 - 2012-07-25 17:40 - 00000000 ____D C:\Users\Sytske\AppData\Local\adawarebp
2012-07-25 17:38 - 2012-07-25 18:04 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\Ad-Aware Antivirus
2012-07-24 14:35 - 2012-07-25 19:08 - 00000000 ____D C:\Program Files (x86)\DealPly
2012-07-24 14:35 - 2012-07-24 14:44 - 00000000 ____D C:\Program Files\Babylon
2012-07-24 10:09 - 2012-07-24 10:09 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-07-24 10:09 - 2012-07-24 10:09 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-07-24 10:03 - 2012-08-03 13:31 - 00000000 ____D C:\Users\Sytske\Documents\Calibrebibliotheek
2012-07-24 10:03 - 2012-07-24 15:36 - 00000000 ____D C:\Users\Sytske\AppData\Roaming\calibre
2012-07-24 10:03 - 2012-07-24 10:03 - 00000000 ____D C:\Users\All Users\Sidekick Manager
2012-07-24 10:03 - 2012-07-24 10:03 - 00000000 ____D C:\Users\All Users\IBUpdaterService
2012-07-24 10:02 - 2012-08-03 13:29 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-07-23 12:07 - 2012-07-23 12:07 - 00023851 ____A C:\ComboFix.txt
2012-07-23 11:39 - 2012-07-23 12:07 - 00000000 ____D C:\ComboFix
2012-07-23 11:39 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-23 11:39 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-23 11:39 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-23 11:39 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-23 11:36 - 2012-07-23 12:07 - 00000000 ____D C:\Qoobox
2012-07-23 11:35 - 2012-07-23 12:03 - 00000000 ____D C:\Windows\erdnt
2012-07-23 11:35 - 2012-07-23 11:35 - 04582474 ____R (Swearware) C:\Users\Sytske\Downloads\ComboFix.exe
2012-07-23 11:17 - 2012-07-23 11:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-18 18:25 - 2012-07-18 18:25 - 00235936 ____A (Tagès SA) C:\Users\Sytske\Downloads\TagesSetup_x64.exe
2012-07-16 18:33 - 2012-07-16 18:33 - 00000000 ____D C:\Users\All Users\RVLGames
2012-07-15 13:57 - 2012-07-15 13:57 - 00000000 ____D C:\Users\Sytske\AppData\Local\Macromedia
2012-07-12 17:34 - 2012-07-23 09:45 - 00012962 ____A C:\Users\Sytske\Documents\Van Kristian.xlsx
2012-07-11 14:36 - 2012-07-11 14:36 - 00000000 ____D C:\Users\Sytske\Documents\My Games
2012-07-11 14:36 - 2012-07-11 14:36 - 00000000 ____D C:\Users\Sytske\AppData\Local\My Games
2012-07-11 13:36 - 2012-07-11 13:36 - 00000220 ____A C:\Users\Sytske\Desktop\Sid Meier's Civilization V.url
2012-07-11 13:28 - 2012-08-04 16:50 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 13:28 - 2012-08-03 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 13:28 - 2012-07-11 13:28 - 00000000 ____D C:\Windows\System32\Macromed
2012-07-11 13:07 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 13:04 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 13:04 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 13:04 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 13:04 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 13:04 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 13:04 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 13:04 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 13:04 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 13:04 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 13:04 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 13:04 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 13:04 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 13:04 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 13:04 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 13:04 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 13:04 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 13:04 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 13:04 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 13:04 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 13:04 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 13:04 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 13:04 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 13:04 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 13:04 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 13:04 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 13:04 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 13:04 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 13:04 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 08:22 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 08:22 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 08:22 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 08:22 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 08:22 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 08:22 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 08:21 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 08:21 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 08:21 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 08:21 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 08:21 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 08:21 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 08:21 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 08:21 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 08:21 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 08:21 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 08:21 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 08:21 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 08:21 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
============ 3 Months Modified Files ========================
2012-08-04 16:50 - 2012-07-11 13:28 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 16:50 - 2010-08-08 21:09 - 00000236 ____A C:\service.log
2012-08-04 16:50 - 2010-08-08 02:29 - 01411024 ____A C:\Windows\WindowsUpdate.log
2012-08-04 16:50 - 2009-07-14 05:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-04 16:50 - 2009-07-14 05:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-04 16:46 - 2010-08-11 08:11 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-04 16:46 - 2010-08-08 22:50 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-04 16:45 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-04 16:45 - 2009-07-14 05:51 - 00100038 ____A C:\Windows\setupact.log
2012-08-04 16:14 - 2009-07-14 10:16 - 00714012 ____A C:\Windows\System32\perfh013.dat
2012-08-04 16:14 - 2009-07-14 10:16 - 00139356 ____A C:\Windows\System32\perfc013.dat
2012-08-04 16:14 - 2009-07-14 06:13 - 01587152 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-04 16:03 - 2010-08-11 08:11 - 00001056 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 16:00 - 2012-08-04 16:00 - 00607260 ____R (Swearware) C:\Users\Sytske\Desktop\dds.com
2012-08-04 15:56 - 2012-08-04 15:56 - 00000000 ____A C:\Users\Sytske\Documents\gmer.log
2012-08-04 15:52 - 2012-08-04 15:52 - 00302592 ____A C:\Users\Sytske\Downloads\iql1svem.exe
2012-08-04 15:52 - 2012-08-04 15:52 - 00294216 ____A C:\Users\Sytske\Desktop\gmer.zip
2012-08-04 15:47 - 2010-08-11 07:39 - 00180688 ____A C:\Windows\PFRO.log
2012-08-04 15:26 - 2012-08-04 15:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:25 - 2012-08-04 15:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:23 - 2012-08-04 15:23 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Sytske\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 14:42 - 2012-08-04 14:42 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Sytske\Desktop\SpyHunter-Installer.exe
2012-08-04 14:37 - 2012-08-04 14:37 - 04009167 ____A C:\Users\Sytske\Desktop\ServicesRepair.exe
2012-08-04 14:36 - 2012-08-04 14:36 - 00138120 ____A (ESET) C:\Users\Sytske\Desktop\ESETSirefefRemover.exe
2012-08-04 14:35 - 2012-08-04 14:35 - 02030547 ____A C:\Users\Sytske\Desktop\EZ_Sirefix.exe
2012-08-04 09:25 - 2011-11-29 18:37 - 00015048 ____A C:\Users\Sytske\Documents\Geocachen.xlsx
2012-08-03 13:50 - 2012-08-03 13:50 - 09827016 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-03 13:50 - 2012-07-11 13:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 13:50 - 2011-06-12 10:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 13:29 - 2012-07-29 19:03 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-08-02 07:34 - 2012-08-02 07:34 - 01438391 ____A (Farbar) C:\Users\Sytske\Downloads\FRST64.exe
2012-08-01 18:27 - 2009-07-14 06:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 18:36 - 2012-07-26 18:36 - 00001144 ____A C:\Users\Sytske\Desktop\Jane Croft.lnk
2012-07-23 12:07 - 2012-07-23 12:07 - 00023851 ____A C:\ComboFix.txt
2012-07-23 11:58 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-07-23 11:55 - 2009-07-14 03:34 - 67895296 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 23068672 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-23 11:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-23 11:35 - 2012-07-23 11:35 - 04582474 ____R (Swearware) C:\Users\Sytske\Downloads\ComboFix.exe
2012-07-23 09:45 - 2012-07-12 17:34 - 00012962 ____A C:\Users\Sytske\Documents\Van Kristian.xlsx
2012-07-18 18:25 - 2012-07-18 18:25 - 00235936 ____A (Tagès SA) C:\Users\Sytske\Downloads\TagesSetup_x64.exe
2012-07-18 18:25 - 2011-08-01 09:54 - 00088480 ____A C:\Windows\System32\Drivers\atksgt.sys
2012-07-18 18:25 - 2011-08-01 09:54 - 00046400 ____A C:\Windows\System32\Drivers\lirsgt.sys
2012-07-11 14:35 - 2011-02-25 18:27 - 00274489 ____A C:\Windows\DirectX.log
2012-07-11 13:36 - 2012-07-11 13:36 - 00000220 ____A C:\Users\Sytske\Desktop\Sid Meier's Civilization V.url
2012-07-11 13:26 - 2009-07-14 05:45 - 00359456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 13:05 - 2010-08-11 07:47 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 19:00 - 2012-07-03 19:00 - 00001235 ____A C:\Users\Sytske\Desktop\World Riddles 2.lnk
2012-07-03 12:46 - 2012-08-04 15:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 16:17 - 2012-06-29 16:17 - 00001226 ____A C:\Users\Sytske\Desktop\Spirit of Wandering.lnk
2012-06-12 04:08 - 2012-07-11 13:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:43 - 2012-07-11 08:21 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-11 08:21 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 07:06 - 2012-07-11 08:22 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-11 08:22 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-11 08:21 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-11 08:22 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-11 08:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-11 08:21 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 23:19 - 2012-06-21 09:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 09:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 09:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 09:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 09:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-21 09:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-21 09:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 09:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 09:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 13:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 13:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 13:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 13:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 13:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 13:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 13:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 13:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 13:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 13:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 13:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 13:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 13:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 13:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 13:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 13:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 13:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 13:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 13:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 13:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 13:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 13:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 13:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 13:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 13:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 13:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-11 08:21 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-11 08:21 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-11 08:21 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-11 08:21 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-11 08:21 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-11 08:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-11 08:21 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-11 08:21 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-11 08:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-08-08 21:29 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 17:51 - 2011-05-25 18:27 - 00000075 ____A C:\Windows\ImportClient.INI
2012-05-16 16:09 - 2011-03-22 12:29 - 00003584 ____A C:\Users\Sytske\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 09:41 - 2012-05-09 09:41 - 00055960 ____A C:\Windows\System32\Drivers\fsbts.sys
ZeroAccess:
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\L
C:\Windows\Installer\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\U
ZeroAccess:
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\@
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\L
C:\Users\Sytske\AppData\Local\{bd96b1c2-558e-dbd4-c240-c2c67e7b8421}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 4094.49 MB
Available physical RAM: 3448.52 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3433.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:931.41 GB) (Free:753.2 GB) NTFS
3 Drive d: (Achief) (Fixed) (Total:931.39 GB) (Free:811.35 GB) NTFS
4 Drive f: (Herstelschijf Windows 7 64-bits) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
6 Drive h: (KINGSTON) (Removable) (Total:3.74 GB) (Free:1.54 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 0 B
Schf 1 Online 931 GB 0 B *
Schf 2 Geen medium 0 B 0 B
Schf 3 Online 3836 MB 0 B
==========================================================
Last Boot: 2012-07-30 12:45
======================= End Of Log ==========================