Solved Infected with Sirefef.ab, Sirefef.W

[ChevyVan79]

Hi,

My computer just crashed and Microsoft Security Essentials said it was infected with Sirefef.ab and Sirefef.W

Anyone knows a solution for this?

Thanks in advance.

Edit: Windows 7 64-bit

 

[ChevyVan79]

Here are some logs (The malwarebytes log is in Dutch, but the last 4 lines are the detections):

Malwarebytes Log "mbam-log-2012-07-18 (12-12-33).txt":
-----------------------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Databaseversie: v2012.07.18.05

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Hidde :: HIDDE-PC [administrator]

18-7-2012 12:06:50
mbam-log-2012-07-18 (12-12-33).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 243433
Verstreken tijd: 4 minuut/minuten, 36 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 4
C:\Users\Hidde\AppData\Local\Temp\24358074.exe (Trojan.Phex.THAGen6) -> Geen actie ondernomen.
C:\Users\Hidde\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Geen actie ondernomen.
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\n (Trojan.Sirefef) -> Geen actie ondernomen.
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U\800000cb.@ (Rootkit.0Access) -> Geen actie ondernomen.

(einde)
-----------------------------------------------------------------

 

[ChevyVan79]

GMER Log "gmer.txt":
-----------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-18 12:44:22
Windows 6.1.7601 Service Pack 1
Running: gfz7h0gr.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini 41896 bytes

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}@hajbcffnekildmbc 0x6B 0x61 0x6F 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}@iadcaliefhdmelnfjn 0x6B 0x61 0x6F 0x67 ...

---- EOF - GMER 1.0.15 ----
-----------------------------------------------------------------

 

[ChevyVan79]

DDS Attach "Attach.txt":
-----------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8-1-2011 12:55:33
System Uptime: 18-7-2012 12:16:28 (0 hours ago)
.
Motherboard: ASRock | | 880GMH/USB3.
Processor: AMD Phenom(tm) II X4 955 Processor | CPUSocket | 3206/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 295,069 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\SUN_VBOXNETFLTMP\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Leawo MP4 Converter version 4.1.0.1
Aangifte inkomstenbelasting 2011
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Audition CS5.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Design Standard
Adobe Creative Suite 4 Web Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Dreamweaver CS4
Adobe Dreamweaver CS6
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Fireworks CS6
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Manager
Adobe Illustrator CS4
Adobe Illustrator CS6
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Age of Empires Online
AMD VISION Engine Control Center
America's Army 3
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
Application Profiles
µTorrent
Audacity 1.3.14 (Unicode)
Audiosurf Demo
Autodesk Backburner 2012.0.0
Bastion
Batman Arkham City version 1.0
Battlefield 3™
Battlelog Web Plugins
BioShock 2
bl
Botanicula
Braid
Bulletstorm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Connect
Cross Fire En
D3DX10
DAEMON Tools Lite
Dead Island
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator and Analytics Community Edition
Dotfuscator Software Services - Community Edition
Driver San Francisco
Dropbox
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON PX720WD Series Handboek
EPSON Scan
EpsonNet Print
erLT
ESN Sonar
Fallout New Vegas
FIFA 10
FileZilla Client 3.5.3
Firebird SQL Server - MAGIX Edition
Flight Control HD
Foreign Legion: Buckets of Blood
Fraps (remove only)
Free Easy Burner V 4.1
GameMaker 8.1
Garena - League of Legends
Google Chrome
Google Earth Plug-in
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HydraVision
IcoFX 2.0
IIS 7.5 Express
Java Auto Updater
Java(TM) 7 Update 3
JavaFX 2.0.3
JGsoft RegexBuddy 3 v.3.2.1
K-Lite Codec Pack 7.6.0 (Basic)
kuler
L.A. Noire: The Complete Edition
Lead and Gold - Gangs of the Wild West
League of Legends
LIMBO
LocalESPC
LocalESPCui for en-us
Logitech SetPoint
Lone Survivor
Machinarium
MAGIX Music Maker 17 Premium Download Version
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware versie 1.62.0.1300
Mass Effect™ 3 Demo
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
Microsoft .NET Framework 4.5 Beta SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update
Microsoft ASP.NET MVC 4
Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 11 Tools
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools
Microsoft Blend for Visual Studio
Microsoft Blend for Visual Studio ENU resources
Microsoft DirectX SDK (February 2010)
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft F# Runtime for Silverlight 4
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 2.0 Beta
Microsoft Mathematics
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 11 - Beta
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Management Objects RC0
Microsoft SQL Server 2012 T-SQL Language Service RC0
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Data Tools Build Utilities Mar 2012
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft System CLR Types for SQL Server 2012 RC0
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214
Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214
Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50214
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Compilers 11
Microsoft Visual C++ Compilers 11 - ENU Resources
Microsoft Visual C++ Core Libraries 11
Microsoft Visual C++ Extended Libraries 11
Microsoft Visual C++ Microsoft Foundation Class Libraries 11
Microsoft Visual Studio 11 Beta Tools for .Net 3.5
Microsoft Visual Studio 11 Beta Updates (KB2677574)
Microsoft Visual Studio 11 Developer Preview Language Pack - ENU
Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
Microsoft Visual Studio 11 LightSwitch Beta Core
Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU
Microsoft Visual Studio 11 Professional Beta
Microsoft Visual Studio 11 Professional Beta - ENU
Microsoft Visual Studio 11 SharePoint Developer Tools Beta
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
Microsoft Visual Studio 11 Tools for SQL Server Compact 4.0 SP1 Beta ENU
Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer Core
Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer
Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU
Microsoft Web Deploy dbSqlPackage Provider Nov 2011
Microsoft Web Tooling Extensions - Visual Studio 11
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio Platform Tools
Microsoft(R) SQL Server Data Tools, RC0 - enu
Microsoft_VC80_CRT_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minutor
Motherboard Monitor 5
Mozilla Firefox 13.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed: Hot Pursuit
Need for Speed™ SHIFT
NetBeans IDE 7.0.1
Netwerkhandleiding EPSON PX720WD Series
Notepad++
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenAL
Opera 11.60
Origin
Pando Media Booster
PDF Settings CS4
PDF Settings CS6
Pen Tablet
ph
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies: Game of the Year
Portal
Portal 2
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT RC0
professional_finalizer
Psychonauts
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revenge of the Titans
Rockstar Games Social Club
Samorost 2
Secure Download Manager
Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
Sequence
Sid Meier's Civilization V
Sitecom 300N X2 USB Wireless LAN Driver and Utility
Skype Click to Call
Skype™ 5.9
SlimDX Redistributable for .NET 4.0 (March 2011)
SpaceChem
Spelling Dictionaries Support For Adobe Reader 9
Spiral Knights
SQL Server Data Framework Tools
Steam
Strawberry Perl
Suite Shared Configuration CS4
Super Meat Boy
Super Meat Boy Editor
Superbrothers: Sword & Sworcery EP
swMSM
Synthesia (remove only)
System Requirements Lab CYRI
Team Fortress 2
Terraria
Test Drive Unlimited 2
Text-To-Speech-Runtime
Trapcode Particular
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TuxGuitar
Unity Web Player
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vicon boujou 5.0
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.1
vs_devenv
vs_devenvLP
vs_minshellcore
vs_minshellinterop
vs_minshellres
vslp_finalizer
WampServer 2.2
WCF RIA Services V1.0 SP2
Windosill
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Runtime Intellisense Content - English
Windows Software Development Kit
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Metro style Apps
Windows Software Development Kit for Metro style Apps DirectX x86 Remote
Windows Software Development Kit Redistributables
Worms Reloaded
Xvid Video Codec
.
==== End Of File ===========================
-----------------------------------------------------------------

 

[ChevyVan79]

DDS "DDS.txt":
-----------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Hidde at 12:46:41 on 2012-07-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8810 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c
StartupFolder: C:\Users\Hidde\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26} : NameServer = 212.19.241.137,212.19.225.136
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
{074C1DC5-9320-4A9A-947D-C042949C6216}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Hidde\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Hidde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-16 136176]
S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2011-1-8 36864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-15 1431888]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-2-9 137728]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-16 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-18 10:06:23 -------- d-----w- C:\Users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 10:06:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-18 10:06:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-18 10:06:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 09:21:21 328704 ----a-w- C:\Windows\System32\services.exe.F89547CC9349ABE0
2012-07-18 09:10:22 328704 ----a-w- C:\Windows\System32\services.exe.213CD11BC46267B2
2012-07-18 08:56:41 328704 ----a-w- C:\Windows\System32\services.exe.BDCE8669122432CA
2012-07-18 08:50:10 328704 ----a-w- C:\Windows\System32\services.exe.6AD6BD21D505363A
2012-07-18 08:45:41 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
2012-07-18 08:45:32 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
2012-07-18 08:44:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-18 08:44:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-17 14:18:18 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-13 08:39:13 -------- d-----w- C:\Program Files (x86)\Crashtastic_0.4.4a_Alpha
2012-07-11 15:30:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 12:05:10 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-05 15:25:49 -------- d-----w- C:\Program Files\Core Temp
2012-07-05 15:25:37 -------- d-----w- C:\Users\Hidde\AppData\Local\APN
2012-07-05 15:23:04 -------- d-----w- C:\Program Files\CPUID
2012-07-05 15:07:20 4608 ----a-w- C:\Windows\SysWow64\mbmiodrvr.sys
2012-07-05 15:07:13 -------- d-----w- C:\Program Files (x86)\Motherboard Monitor 5
2012-07-03 07:54:08 -------- d-----w- C:\Users\Hidde\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-22 07:30:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 07:30:22 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 07:30:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 07:30:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 09:02:47 -------- d-----w- C:\ProgramData\ALM
2012-06-20 09:01:57 -------- d-----w- C:\adobeTemp
2012-06-20 08:49:16 -------- d-----w- C:\Users\Hidde\AppData\Roaming\PDAppFlex
2012-06-19 14:46:29 -------- d-----w- C:\Users\Hidde\AppData\Local\Dropbox_Folder_Sync
2012-06-19 14:45:50 -------- d-----w- C:\Program Files (x86)\Dropbox Folder Sync
2012-06-19 14:45:49 -------- d-----w- C:\Users\Hidde\AppData\Roaming\Dropbox Folder Sync
2012-06-19 09:23:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 09:23:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 08:04:39 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
.
==================== Find3M ====================
.
2012-07-12 14:57:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 14:57:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-19 08:04:44 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-06 18:36:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-06 18:36:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-06 18:35:58 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-22 12:26:10 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-05-22 12:26:10 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-05-22 12:26:10 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-05-22 12:25:40 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 12:25:40 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 12:47:03,51 ===============
-----------------------------------------------------------------
I hope these logs can help.

(Edit: repositioned top line)

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64 and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button.
• type exit and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[ChevyVan79]

The scan completed. I noticed something in the log about an MD5-hash of services which was corrupted or something.

Farbar Recovery Scan Tool Log "FRST.txt":
-----------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 08:28:23
Running from F:\
Windows 7 Ultimate (X64) OS Language: Dutch Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\Gast\...\Run: [RGSC] E:\Data\Games\[PLAY] GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Gast\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-09] (Valve Corporation)
HKU\Gast\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Gast\...\Run: [AdobeBridge] [x]
HKU\Gast\...\Run: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [569344 2010-08-25] (AMD)
HKU\Gast\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-20] (BitTorrent, Inc.)
HKU\Gast\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17357960 2012-05-03] (Skype Technologies S.A.)
HKU\Gast\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3407496 2012-05-23] (Electronic Arts)
HKU\Hidde\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-09] (Valve Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: [NameServer]212.19.241.137,212.19.225.136
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2012-03-16] (Adobe Systems Incorporated)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-14] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-08] ()
2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2009-06-01] (Realtek)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-09] (TuneUp Software)
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [9690112 2012-01-25] ()
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-04-08] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-19] (DT Soft Ltd)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65536 2010-08-27] (Fresco Logic)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-14] (Microsoft Corporation)
3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-04-08] ()
1 mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-12] (Microsoft Corporation)
3 XENfiltv; C:\Windows\System32\Drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
3 ALSysIO; \??\C:\Users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
3 cpuz135; \??\C:\Users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 X6va005; \??\C:\Users\Hidde\AppData\Local\Temp\0059039.tmp [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
2012-07-18 11:19 - 2012-07-18 10:52 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
2012-07-18 11:06 - 2012-07-18 11:06 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 11:06 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-18 11:05 - 2012-07-18 10:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-17 15:18 - 2012-07-17 15:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
2012-07-13 09:39 - 2012-07-13 09:39 - 00001644 ____A C:\Users\Hidde\Desktop\Crashtastic.lnk
2012-07-13 09:39 - 2012-07-12 21:18 - 00000000 ____D C:\Program Files (x86)\Crashtastic_0.4.4a_Alpha
2012-07-11 16:30 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 16:26 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 16:26 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 16:26 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 16:26 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 16:26 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 16:26 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 16:26 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 16:26 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 16:26 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 16:26 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 16:26 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 16:26 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 16:26 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 16:26 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 16:26 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 16:26 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 16:26 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 16:26 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 16:26 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 16:26 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 16:26 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 16:26 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 16:26 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 16:26 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 16:26 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 16:26 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 16:26 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 16:26 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 13:05 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 13:05 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 13:05 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 13:05 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 13:05 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 13:05 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 13:05 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 13:05 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 13:05 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 13:05 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 13:05 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 13:05 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 13:05 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 13:05 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 13:05 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 13:05 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 13:05 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 13:05 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 13:05 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-05 16:25 - 2012-07-05 16:25 - 00000967 ____A C:\Users\Hidde\Desktop\Core Temp.lnk
2012-07-05 16:25 - 2012-07-05 16:25 - 00000000 ____D C:\Users\Hidde\AppData\Local\APN
2012-07-05 16:23 - 2012-07-05 16:23 - 00000876 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-07-05 16:23 - 2012-07-05 16:23 - 00000000 ____D C:\Program Files\CPUID
2012-07-05 16:08 - 2012-07-05 16:08 - 00000017 ____A C:\Users\Hidde\AppData\Local\resmon.resmoncfg
2012-07-05 16:07 - 2012-07-05 16:07 - 00000000 ____D C:\Program Files (x86)\Motherboard Monitor 5
2012-07-05 16:07 - 2004-04-10 08:43 - 00004608 ____A (cansoft@livewiredev.com) C:\Windows\SysWOW64\mbmiodrvr.sys
2012-07-03 08:54 - 2012-07-03 08:55 - 00000000 ____D C:\Users\Public\Documents\Adobe
2012-07-03 08:54 - 2012-07-03 08:54 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-22 08:30 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 08:30 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 08:30 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 08:30 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 08:30 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 08:30 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 08:30 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 08:30 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 08:30 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 10:07 - 2012-06-20 10:07 - 00001525 ____A C:\Users\Hidde\Desktop\Illustrator.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001238 ____A C:\Users\Hidde\Desktop\Dreamweaver.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001214 ____A C:\Users\Hidde\Desktop\Fireworks.lnk
2012-06-20 10:02 - 2012-06-20 10:02 - 00000000 ____D C:\Users\All Users\ALM
2012-06-20 09:49 - 2012-06-20 09:49 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\PDAppFlex
2012-06-19 15:46 - 2012-06-19 15:46 - 00000000 ____D C:\Users\Hidde\AppData\Local\Dropbox_Folder_Sync
2012-06-19 15:45 - 2012-06-19 15:45 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\Dropbox Folder Sync
2012-06-19 15:45 - 2012-06-19 15:45 - 00000000 ____D C:\Program Files (x86)\Dropbox Folder Sync
2012-06-19 09:04 - 2012-06-19 09:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite


============ 3 Months Modified Files ========================

2012-07-18 15:38 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 15:38 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 15:35 - 2012-06-16 10:13 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-18 15:35 - 2012-02-29 22:09 - 00017146 ____A C:\Windows\setupact.log
2012-07-18 15:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
2012-07-18 11:23 - 2009-07-14 10:16 - 00811884 ____A C:\Windows\System32\perfh013.dat
2012-07-18 11:23 - 2009-07-14 10:16 - 00178392 ____A C:\Windows\System32\perfc013.dat
2012-07-18 11:23 - 2009-07-14 06:13 - 01856960 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 11:14 - 2012-02-29 22:08 - 00237204 ____A C:\Windows\PFRO.log
2012-07-18 11:06 - 2012-07-18 11:06 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 10:52 - 2012-07-18 11:19 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
2012-07-18 10:52 - 2012-07-18 11:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
2012-07-18 09:59 - 2012-06-15 12:37 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
2012-07-18 09:44 - 2011-12-28 11:02 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-18 09:44 - 2011-03-03 21:15 - 01878746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-18 09:44 - 2011-01-08 19:49 - 01440847 ____A C:\Windows\WindowsUpdate.log
2012-07-18 09:28 - 2012-06-16 10:13 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
2012-07-13 09:39 - 2012-07-13 09:39 - 00001644 ____A C:\Users\Hidde\Desktop\Crashtastic.lnk
2012-07-12 15:57 - 2012-05-09 17:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 15:57 - 2011-05-20 08:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 07:59 - 2009-07-14 05:45 - 06856704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 16:27 - 2011-01-16 08:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 16:25 - 2012-07-05 16:25 - 00000967 ____A C:\Users\Hidde\Desktop\Core Temp.lnk
2012-07-05 16:23 - 2012-07-05 16:23 - 00000876 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-07-05 16:08 - 2012-07-05 16:08 - 00000017 ____A C:\Users\Hidde\AppData\Local\resmon.resmoncfg
2012-07-03 12:46 - 2012-07-18 11:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 10:30 - 2011-12-19 16:34 - 00000235 __RAH C:\Windows\ctfile.rfc
2012-06-20 10:07 - 2012-06-20 10:07 - 00001525 ____A C:\Users\Hidde\Desktop\Illustrator.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001238 ____A C:\Users\Hidde\Desktop\Dreamweaver.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001214 ____A C:\Users\Hidde\Desktop\Fireworks.lnk
2012-06-20 10:04 - 2011-01-08 13:38 - 00133888 ____A C:\Users\Hidde\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 09:04 - 2012-03-18 13:27 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-16 14:19 - 2012-06-16 13:39 - 00002010 ___AH C:\Users\Hidde\Documents\Default.rdp
2012-06-12 04:08 - 2012-07-11 16:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 12:21 - 2012-06-11 10:49 - 00011083 ____A C:\Users\Hidde\Documents\werkzaamheden_specificatie_dewestfries.xlsx
2012-06-09 06:43 - 2012-07-11 13:05 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-11 13:05 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 15:00 - 2012-03-02 15:59 - 00110447 ____A C:\Windows\DirectX.log
2012-06-08 09:26 - 2012-06-08 09:26 - 00000222 ____A C:\Users\Hidde\Desktop\Superbrothers Sword & Sworcery EP.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\LIMBO.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\Amnesia The Dark Descent.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000220 ____A C:\Users\Hidde\Desktop\Psychonauts.url
2012-06-08 09:22 - 2012-06-08 09:22 - 00000222 ____A C:\Users\Hidde\Desktop\Bastion.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Super Meat Boy.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Braid.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000202 ____A C:\Users\Hidde\Desktop\Super Meat Boy Editor.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000195 ____A C:\Users\Hidde\Desktop\Lone Survivor.url
2012-06-07 09:39 - 2012-06-07 09:39 - 00001727 ____A C:\Users\Public\Desktop\League of Legends.lnk
2012-06-07 09:11 - 2011-12-04 15:02 - 00001025 ____A C:\Users\Hidde\Desktop\Dropbox.lnk
2012-06-06 19:36 - 2011-06-12 13:11 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-06 19:36 - 2011-06-12 13:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-06 19:35 - 2011-06-12 13:09 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-06 07:06 - 2012-07-11 13:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-11 13:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-11 13:05 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-11 13:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-11 13:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-11 13:05 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 13:14 - 2012-06-05 13:14 - 00316064 ____A C:\Windows\Minidump\060512-21574-01.dmp
2012-06-05 13:14 - 2012-04-11 09:18 - 1151349537 ____A C:\Windows\MEMORY.DMP
2012-06-04 17:01 - 2012-06-04 17:01 - 00001385 ____A C:\Users\Hidde\Desktop\Visual Studio 11 Beta.lnk
2012-06-04 13:24 - 2012-06-04 13:23 - 00275264 ____A C:\Windows\Minidump\060412-46113-01.dmp
2012-06-04 11:06 - 2012-06-04 11:06 - 00002531 ____A C:\Users\Hidde\Desktop\Skype.lnk
2012-06-02 23:19 - 2012-06-22 08:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-22 08:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-22 08:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-22 08:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 08:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 08:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 16:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 16:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 16:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 16:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 16:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 16:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 16:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 16:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 16:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 16:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 16:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 16:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 16:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 16:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 16:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 16:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 16:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 16:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 16:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 16:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 16:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 16:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 16:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 16:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 16:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 16:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-11 13:05 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-11 13:05 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-11 13:05 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-11 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-11 13:05 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-11 13:05 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-11 13:05 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-11 13:05 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-11 13:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-24 11:04 - 2012-05-24 11:04 - 00000562 ____A C:\Windows\wmsetup.log
2012-05-23 19:57 - 2012-05-23 19:57 - 00000221 ____A C:\Users\Hidde\Desktop\Dead Island.url
2012-05-22 13:26 - 2012-06-11 12:13 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-05-22 13:26 - 2012-06-11 12:13 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-05-22 13:26 - 2012-05-22 13:26 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-05-22 13:25 - 2012-05-22 13:25 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 13:25 - 2012-05-22 13:25 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-05-21 12:32 - 2012-05-21 12:32 - 00000767 ____A C:\Users\Hidde\Desktop\Driver.lnk
2012-05-09 17:08 - 2012-05-18 10:42 - 00001208 ____A C:\Users\Hidde\Documents\Adobe InDesign CS6.lnk
2012-05-07 21:57 - 2012-05-07 21:57 - 00275208 ____A C:\Windows\Minidump\050712-25958-01.dmp
2012-05-06 12:57 - 2012-05-06 12:57 - 00275208 ____A C:\Windows\Minidump\050612-25147-01.dmp
2012-05-05 18:21 - 2012-05-05 18:20 - 00275208 ____A C:\Windows\Minidump\050512-25256-01.dmp
2012-05-05 14:57 - 2011-08-10 15:52 - 00001060 ____A C:\Users\Gast\Desktop\Notepad++.lnk
2012-05-04 12:06 - 2012-06-13 08:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:03 - 2012-06-13 08:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-13 08:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 21:46 - 2012-05-03 21:46 - 00275208 ____A C:\Windows\Minidump\050312-35630-01.dmp
2012-05-01 06:40 - 2012-06-13 08:22 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 06:32 - 2012-06-13 08:22 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-28 04:55 - 2012-06-13 08:22 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 19:19 - 2012-04-26 19:19 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-04-26 19:19 - 2012-04-26 19:19 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-04-26 18:48 - 2012-04-26 18:48 - 00000222 ____A C:\Users\Hidde\Desktop\Botanicula.url
2012-04-26 18:48 - 2012-04-26 18:48 - 00000221 ____A C:\Users\Hidde\Desktop\Samorost 2.url
2012-04-26 18:48 - 2012-04-26 18:48 - 00000221 ____A C:\Users\Hidde\Desktop\Machinarium.url
2012-04-26 18:46 - 2012-04-26 18:46 - 00000221 ____A C:\Users\Hidde\Desktop\Windosill.url
2012-04-26 06:41 - 2012-06-13 08:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:41 - 2012-06-13 08:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:34 - 2012-06-13 08:22 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 11:58 - 2009-07-14 06:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-24 06:37 - 2012-06-13 08:22 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:37 - 2012-06-13 08:22 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:37 - 2012-06-13 08:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 05:36 - 2012-06-13 08:22 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 05:36 - 2012-06-13 08:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 05:36 - 2012-06-13 08:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 19:30 - 2012-04-22 19:30 - 00001143 ____A C:\Users\Hidde\Desktop\CrossFire.lnk
2012-04-22 14:32 - 2012-04-22 14:32 - 00000222 ____A C:\Users\Hidde\Desktop\Age of Empires Online.url


ZeroAccess:
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\@
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\L
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U\00000001.@

ZeroAccess:
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\@
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\L
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 10239.24 MB
Available physical RAM: 9270.7 MB
Total Pagefile: 10237.39 MB
Available Pagefile: 9264.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:417.4 GB) NTFS
3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.78 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 1024 KB
Schf 1 Online 961 MB 0 B

DiskPart afsluiten...


==========================================================

Last Boot: 2012-07-11 14:18

======================= End Of Log ==========================
-----------------------------------------------------------------

 

[Jay Pfoutz]

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

 

[ChevyVan79]

Here's the log.

Farbar Recovery Scan Tool Log "Search.txt":
-----------------------------------------------------------------
Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 13:46:54
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
-----------------------------------------------------------------

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[ChevyVan79]

"Fixlog.txt":
--------------------------------------------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 19:18:48 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e} moved successfully.
C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
------------------------------------------------

I restarted my computer. When I started Microsoft Security Essentials it said that I was still infected by Sirefef.Y, Sirefef.B, Sirefef.AB and Sirefef.W

PS.: I go on holiday tomorrow (I think I still have arround 2 hours until I leave this computer). So, if the virus isn't fixed then, is it possible to 'pause' this thread and reopen it in about 2 weeks?

 

[ChevyVan79]

It seems that Windows didn't gave me a fatal error to restart the computer.

 

[ChevyVan79]

When I try to start Windows Defender or when I'm trying to update Microsoft Security Essentials, Windows returns the errorcode 0x80070424.

 

[Jay Pfoutz]

I marked it as inactive, when you get back, reply to this thread to continue.

If it is not open, please PM me.

 

[ChevyVan79]

Alright, I'm ready again.

 

[Jay Pfoutz]

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

 

[ChevyVan79]

Here it is.

ComboFix Log "ComboFix.txt":
-----------------------------------------------------------------
ComboFix 12-08-05.02 - Hidde 06-08-2012 15:11:10.1.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8320 [GMT 2:00]
Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110426.txt
C:\install.exe
c:\users\Hidde\AppData\Local\assembly\tmp
c:\users\Hidde\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
c:\users\Hidde\AppData\Roaming\Love
c:\users\Hidde\AppData\Roaming\Love\mari0\options.txt
c:\users\Hidde\Documents\~WRL3387.tmp
c:\windows\IsUn0413.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\d2d1debug1.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 13:20 . 2012-08-06 13:20 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-06 13:20 . 2012-08-06 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - PXHLPA64
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{6d8d66f3-14fc-4736-a096-fac0ea66289c} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{6D8D66F3-14FC-4736-A096-FAC0EA66289C} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
"iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
"hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
"rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-08-06 15:22:24
ComboFix-quarantined-files.txt 2012-08-06 13:22
.
Pre-Run: 490.391.724.032 bytes beschikbaar
Post-Run: 491.166.240.768 bytes beschikbaar
.
- - End Of File - - 535FBC7D2CCFD708AA16363936DEDC48
---------------------------------------------------

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[ChevyVan79]

Here, I present you the next ComboFix log.

ComboFix Log "ComboFix.txt":
--------------------------------------------------------
ComboFix 12-08-05.02 - Hidde 07-08-2012 8:19.2.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8289 [GMT 2:00]
Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hidde\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))
.
.
2012-08-07 06:28 . 2012-08-07 06:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-07 06:28 . 2012-08-07 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 06:17 . 2012-08-07 06:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67C0F10-2281-43CF-BC86-684C71B50A8F}\offreg.dll
2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_13.20.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 06:17 . 2012-08-07 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 06:17 . 2012-08-07 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
"iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
"hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
"rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-08-07 08:30:59
ComboFix-quarantined-files.txt 2012-08-07 06:30
ComboFix2.txt 2012-08-06 13:22
.
Pre-Run: 491.346.804.736 bytes beschikbaar
Post-Run: 491.165.831.168 bytes beschikbaar
.
- - End Of File - - 384702765DCC6655AC6E4CAB0079B9A3
---------------------------------------

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  Registry::
  [-HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[ChevyVan79]

And the next ComboFix log.

ComboFix Log "ComboFix.txt":
--------------------------------------------------------------------
ComboFix 12-08-05.02 - Hidde 08-08-2012 8:23.3.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8272 [GMT 2:00]
Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hidde\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))
.
.
2012-08-08 06:32 . 2012-08-08 06:32 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-08-08 06:32 . 2012-08-08 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 06:21 . 2012-08-08 06:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67C0F10-2281-43CF-BC86-684C71B50A8F}\offreg.dll
2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_13.20.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 06:21 . 2012-08-08 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 06:21 . 2012-08-08 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
.
c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
"iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
"hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
61,62,61,6a,00,00
.
[HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
"rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-08-08 08:35:05
ComboFix-quarantined-files.txt 2012-08-08 06:35
ComboFix2.txt 2012-08-07 06:30
ComboFix3.txt 2012-08-06 13:22
.
Pre-Run: 491.360.534.528 bytes beschikbaar
Post-Run: 491.177.103.360 bytes beschikbaar
.
- - End Of File - - F1751EB2136184E8CA5D1C35165F1F9E
-------------------------------------------------------

 

[Jay Pfoutz]

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

 

[ChevyVan79]

Seems like he can't detect anything.

Malwarebytes log:
-------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Databaseversie: v2012.08.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hidde :: HIDDE-PC [administrator]

8-8-2012 13:44:45
mbam-log-2012-08-08 (13-44-45).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 221664
Verstreken tijd: 3 minuut/minuten, 58 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
-----------------------------------------------

 

[Jay Pfoutz]

Let's see if this is it...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[ChevyVan79]

The scan finally completed after 6:15 hours

ESET Online Scan Log
------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6888324da3d70144973428c3a3245f1f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 02:46:43
# local_time=2012-08-09 04:46:43 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 29602811 29602811 0 0
# compatibility_mode=5893 16776574 100 94 74876 96130823 0 0
# compatibility_mode=8192 67108863 100 0 214 214 0 0
# scanned=647747
# found=1
# cleaned=1
# scan_time=22630
C:\Users\Hidde\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso Win32/Packed.VMProtect.D trojan (deleted - quarantined) 00000000000000000000000000000000 C
--------------------------------------------