Hello all, I really hope you can help.
There are several issues that make me believe my system has been compromised:
It started with me occasionally hearing someone else working on a computer through my speakers when a browser is open (still happens). As soon as the browser is closed it stops. Then yesterday I wanted to install Photoshop but it kept saying "Adobe Application Manager has stopped working", I tried everything but the problems remained and also I could not completely clean my pc from any Adobe stuff to try if that helps because strangely Adobe's own command line remover tool does not find any of the installed programs such as Flashplayer either, so I decided to update windows. I must say I have not done so since May so I went to the windows control panel and tried to download the "92 important updates". However it does not download even though my internet connection is working perfectly. So I read about this issues and found that a reason might be that my system has been infected.
Before I came here I had already scanned with the following programs:
Avast, Malware Bytes and Kaspersky TDDSKiller..nothing found, only thing that Kaspersky says is this: Locked file, Service: sptd, Service Type: Kernel Driver (0x1), Service Start: Boot (0x0), C:\\Windows\system32\Drivers\sptd.sys, plus the MD5 Number.
So now here are the logs generated while following your step by step guide:
BTW, I was not able to save any of the Scanner generated log files to my desktop. After saving they were not there. Only when I saved it into the "C:" directory itself, it worked.
AVAST Scan: Nothing found
MALWARE BYTES LOG:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.10
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
JaS_2 :: JFORCE [limited]
18.08.2012 21:34:39
mbam-log-2012-08-18 (21-34-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155968
Time elapsed: 4 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-18 23:34:11
Windows 6.1.7600
Running: hdlg6v9b.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675abd4e
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675abd4e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CHROME.EXE-2AC80AEA.pf 45272 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 472 bytes
---- EOF - GMER 1.0.15 ----
DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by JaS at 0:04:15 on 2012-08-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2358 [GMT 4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\ffpext\ffpsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uURLSearchHooks: H - No File
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
BHO: Web Lock Extension for Internet Explorer: {cea0e33c-a206-4996-980f-2596270e0c7a} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S47EC.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Juegos\STEAM\Steam.exe" -silent
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\JaS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Presentation Support Tool.lnk - C:\Program Files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21} : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\05149435 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\4505D2C494E4B4F5932433445403 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\458627565635471627370254C656364727F6E6963635 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\E47494 : DhcpNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79} : NameServer = 213.132.63.25 80.227.2.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SEH: App-Control: {f911591f-d659-40ed-b048-eb8f8e48ab00} - C:\Windows\SysWOW64\MeAmHook32.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214}
{326E768D-4182-46FD-9C16-1449A49795F4}
{53707962-6F74-2D53-2644-206D7942484F}
{724d43a9-0d85-11d4-9908-00400523e39a}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{CEA0E33C-A206-4996-980F-2596270E0C7A}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{724d43a0-0d85-11d4-9908-00400523e39a}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun-x64: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
App-Control
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MENET;MENET;C:\Windows\system32\Drivers\MENET.SYS --> C:\Windows\system32\Drivers\MENET.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-16 44768]
R2 MeSuWTS;Vision WTS Helper;C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe [2012-7-6 181920]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-26 2255464]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 meddmrr;meddmrr;C:\Windows\system32\DRIVERS\meddmrr.sys --> C:\Windows\system32\DRIVERS\meddmrr.sys [?]
R3 mekbd;mekbd;C:\Windows\system32\Drivers\mekbd.sys --> C:\Windows\system32\Drivers\mekbd.sys [?]
R3 memice;memice;C:\Windows\system32\Drivers\memice.sys --> C:\Windows\system32\Drivers\memice.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-13 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 655944]
.
=============== Created Last 30 ================
.
2012-08-18 11:38:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 10:51:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 10:51:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-11 06:09:58 -------- d-----w- C:\Program Files (x86)\XMind
2012-08-06 20:09:15 -------- d-----w- C:\ProgramData\Research In Motion
2012-08-06 20:09:05 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-08-06 17:59:35 -------- d-----w- C:\Users\JaS\AppData\Local\SugarSync
2012-08-06 17:59:23 -------- d-----w- C:\Program Files (x86)\SugarSync
2012-08-01 10:45:35 -------- d-----w- C:\xampp
2012-08-01 10:18:02 -------- d-----w- C:\Users\JaS\AppData\Local\Macromedia
2012-07-31 16:50:27 711240 ----a-w- C:\Windows\is-KSQG3.exe
2012-07-31 12:13:14 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-07-31 12:13:08 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2012-07-29 19:28:53 69632 ----a-w- C:\nporbit.dll
2012-07-26 12:46:54 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-07-21 18:40:54 164120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
.
==================== Find3M ====================
.
2012-07-14 12:43:01 22176 ----a-w- C:\Windows\System32\drivers\mekbd.sys
2012-07-14 12:43:01 20640 ----a-w- C:\Windows\System32\drivers\memice.sys
2012-07-06 15:28:32 74912 ----a-w- C:\Windows\System32\drivers\MeNet.sys
2012-07-06 15:28:32 200352 ----a-w- C:\Windows\System32\VisionLoginCredentialProvider.dll
2012-07-06 15:28:32 137376 ----a-w- C:\Windows\System32\MeAMHook64.dll
2012-07-06 15:28:30 121504 ----a-w- C:\Windows\SysWow64\MeAmHook32.dll
2012-07-06 15:28:24 176800 ----a-w- C:\Windows\System32\meddxl.dll
2012-07-06 15:28:24 14496 ----a-w- C:\Windows\System32\meddaux.dll
2012-07-05 23:01:06 49784 ----a-w- C:\Windows\System32\meddmrr.dll
2012-07-05 23:01:06 11384 ----a-w- C:\Windows\System32\drivers\meddmrr.sys
2012-07-03 09:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 11:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 11:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 0:04:58,57 ===============
DDS ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.05.2010 17:21:56
System Uptime: 18.08.2012 10:03:12 (14 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K70IO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Socket 478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 8,065 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 141 GiB total, 4,686 GiB free.
J: is FIXED (NTFS) - 10 GiB total, 1,124 GiB free.
K: is CDROM ()
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 17.08.2012 18:48:24 - Revo Uninstaller's restore point - Adobe AIR
RP412: 17.08.2012 18:53:34 - Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
RP413: 17.08.2012 18:55:23 - Revo Uninstaller's restore point - Adobe Download Assistant
RP414: 17.08.2012 18:55:41 - Removed Adobe Download Assistant
RP415: 17.08.2012 19:24:35 - Revo Uninstaller's restore point - Adobe Flash Player 11 ActiveX
RP416: 17.08.2012 19:26:45 - Revo Uninstaller's restore point - Adobe AIR
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 Plugin
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Android SDK Tools
Audacity 1.2.6
Auslogics Disk Defrag
avast! Free Antivirus
Biet-O-Matic v2.12.9
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
CamAlert II
Click-N-Type
CNTDesigner
ColorPic
Combined Community Codec Pack 2011-11-11
Corel Graphics - Windows Shell Extension
D3DX10
DHTML Editing Component
DivX-Setup
DolbyFiles
Dropbox
du Mobile Broadband
Easy Keyboard Manager 1.0.0
EasyCash&Tax 1.48
ElsterFormular
Empire: Total War
EPSON Scan
Fast Blog Finder 3
FastStone Capture 5.3
Fences
Free Mp3 Wma Converter V 1.93
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IETester v0.4.6 (remove only)
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 26
JDownloader
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Kernel EML Viewer ver 10.09.01
Malwarebytes Anti-Malware Version 1.62.0.1300
Market Samurai
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Menu Templates - Starter Kit
Metro-Naval 1.9
Microsoft Keyboard Layout Creator 1.4
Microsoft Office Access MUI (German) 2007
Microsoft Office 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
Mozilla Firefox 4.0b7 (x86 de)
Mozilla Firefox 8.0 (x86 de)
Mozilla Thunderbird 14.0 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
Multiple File Search Replace 2.30
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Installer
Nero Update
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Offline Downloader
Orbit Downloader
PC Connectivity Solution
PDFCreator
PixLin
Polipo 1.0.4.1
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
RoboForm 7-7-0 (All Users)
RocketDock 1.3.5
Rome - Total War - Gold Edition
RouterControl 2.0
Samsung New PC Studio USB Driver Installer
Schwert und Speer Ultimat
Serif WebPlus Starter Edition
SHARP Pen Software
Skype Click to Call
Skype™ 5.8
Splashtop Remote Client
Spybot - Search & Destroy
SRWare Iron Version SRWare Iron 19.0.1100.0
Steam
SugarSync Manager
SUPER © Version 2010.bld.42 (Nov 7, 2010)
System Requirements Lab CYRI
TeamViewer 7
Tor 0.2.2.34
Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
TreeSize Free V2.6
TrueCrypt
Turbo Lister 2
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Veoh Web Player
Veoh Web Player Toolbar
Vidalia 0.2.15
Watchtower Library 2009 - Deutsch
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xaldon WebSpider2
XAMPP 1.7.7
XMind
YouTube Song Downloader
YTD Video Downloader 3.9
.
==== End Of File ===========================
There are several issues that make me believe my system has been compromised:
It started with me occasionally hearing someone else working on a computer through my speakers when a browser is open (still happens). As soon as the browser is closed it stops. Then yesterday I wanted to install Photoshop but it kept saying "Adobe Application Manager has stopped working", I tried everything but the problems remained and also I could not completely clean my pc from any Adobe stuff to try if that helps because strangely Adobe's own command line remover tool does not find any of the installed programs such as Flashplayer either, so I decided to update windows. I must say I have not done so since May so I went to the windows control panel and tried to download the "92 important updates". However it does not download even though my internet connection is working perfectly. So I read about this issues and found that a reason might be that my system has been infected.
Before I came here I had already scanned with the following programs:
Avast, Malware Bytes and Kaspersky TDDSKiller..nothing found, only thing that Kaspersky says is this: Locked file, Service: sptd, Service Type: Kernel Driver (0x1), Service Start: Boot (0x0), C:\\Windows\system32\Drivers\sptd.sys, plus the MD5 Number.
So now here are the logs generated while following your step by step guide:
BTW, I was not able to save any of the Scanner generated log files to my desktop. After saving they were not there. Only when I saved it into the "C:" directory itself, it worked.
AVAST Scan: Nothing found
MALWARE BYTES LOG:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.10
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
JaS_2 :: JFORCE [limited]
18.08.2012 21:34:39
mbam-log-2012-08-18 (21-34-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155968
Time elapsed: 4 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-18 23:34:11
Windows 6.1.7600
Running: hdlg6v9b.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675abd4e
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675abd4e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CHROME.EXE-2AC80AEA.pf 45272 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 472 bytes
---- EOF - GMER 1.0.15 ----
DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by JaS at 0:04:15 on 2012-08-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2358 [GMT 4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\ffpext\ffpsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uURLSearchHooks: H - No File
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
BHO: Web Lock Extension for Internet Explorer: {cea0e33c-a206-4996-980f-2596270e0c7a} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S47EC.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Juegos\STEAM\Steam.exe" -silent
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\JaS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Presentation Support Tool.lnk - C:\Program Files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21} : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\05149435 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\4505D2C494E4B4F5932433445403 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\458627565635471627370254C656364727F6E6963635 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\E47494 : DhcpNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79} : NameServer = 213.132.63.25 80.227.2.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SEH: App-Control: {f911591f-d659-40ed-b048-eb8f8e48ab00} - C:\Windows\SysWOW64\MeAmHook32.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214}
{326E768D-4182-46FD-9C16-1449A49795F4}
{53707962-6F74-2D53-2644-206D7942484F}
{724d43a9-0d85-11d4-9908-00400523e39a}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{CEA0E33C-A206-4996-980F-2596270E0C7A}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{724d43a0-0d85-11d4-9908-00400523e39a}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun-x64: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
App-Control
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MENET;MENET;C:\Windows\system32\Drivers\MENET.SYS --> C:\Windows\system32\Drivers\MENET.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-16 44768]
R2 MeSuWTS;Vision WTS Helper;C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe [2012-7-6 181920]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-26 2255464]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 meddmrr;meddmrr;C:\Windows\system32\DRIVERS\meddmrr.sys --> C:\Windows\system32\DRIVERS\meddmrr.sys [?]
R3 mekbd;mekbd;C:\Windows\system32\Drivers\mekbd.sys --> C:\Windows\system32\Drivers\mekbd.sys [?]
R3 memice;memice;C:\Windows\system32\Drivers\memice.sys --> C:\Windows\system32\Drivers\memice.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-13 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 655944]
.
=============== Created Last 30 ================
.
2012-08-18 11:38:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 10:51:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 10:51:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-11 06:09:58 -------- d-----w- C:\Program Files (x86)\XMind
2012-08-06 20:09:15 -------- d-----w- C:\ProgramData\Research In Motion
2012-08-06 20:09:05 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-08-06 17:59:35 -------- d-----w- C:\Users\JaS\AppData\Local\SugarSync
2012-08-06 17:59:23 -------- d-----w- C:\Program Files (x86)\SugarSync
2012-08-01 10:45:35 -------- d-----w- C:\xampp
2012-08-01 10:18:02 -------- d-----w- C:\Users\JaS\AppData\Local\Macromedia
2012-07-31 16:50:27 711240 ----a-w- C:\Windows\is-KSQG3.exe
2012-07-31 12:13:14 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-07-31 12:13:08 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2012-07-29 19:28:53 69632 ----a-w- C:\nporbit.dll
2012-07-26 12:46:54 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-07-21 18:40:54 164120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
.
==================== Find3M ====================
.
2012-07-14 12:43:01 22176 ----a-w- C:\Windows\System32\drivers\mekbd.sys
2012-07-14 12:43:01 20640 ----a-w- C:\Windows\System32\drivers\memice.sys
2012-07-06 15:28:32 74912 ----a-w- C:\Windows\System32\drivers\MeNet.sys
2012-07-06 15:28:32 200352 ----a-w- C:\Windows\System32\VisionLoginCredentialProvider.dll
2012-07-06 15:28:32 137376 ----a-w- C:\Windows\System32\MeAMHook64.dll
2012-07-06 15:28:30 121504 ----a-w- C:\Windows\SysWow64\MeAmHook32.dll
2012-07-06 15:28:24 176800 ----a-w- C:\Windows\System32\meddxl.dll
2012-07-06 15:28:24 14496 ----a-w- C:\Windows\System32\meddaux.dll
2012-07-05 23:01:06 49784 ----a-w- C:\Windows\System32\meddmrr.dll
2012-07-05 23:01:06 11384 ----a-w- C:\Windows\System32\drivers\meddmrr.sys
2012-07-03 09:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 11:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 11:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 0:04:58,57 ===============
DDS ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.05.2010 17:21:56
System Uptime: 18.08.2012 10:03:12 (14 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K70IO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Socket 478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 8,065 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 141 GiB total, 4,686 GiB free.
J: is FIXED (NTFS) - 10 GiB total, 1,124 GiB free.
K: is CDROM ()
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 17.08.2012 18:48:24 - Revo Uninstaller's restore point - Adobe AIR
RP412: 17.08.2012 18:53:34 - Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
RP413: 17.08.2012 18:55:23 - Revo Uninstaller's restore point - Adobe Download Assistant
RP414: 17.08.2012 18:55:41 - Removed Adobe Download Assistant
RP415: 17.08.2012 19:24:35 - Revo Uninstaller's restore point - Adobe Flash Player 11 ActiveX
RP416: 17.08.2012 19:26:45 - Revo Uninstaller's restore point - Adobe AIR
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 Plugin
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Android SDK Tools
Audacity 1.2.6
Auslogics Disk Defrag
avast! Free Antivirus
Biet-O-Matic v2.12.9
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
CamAlert II
Click-N-Type
CNTDesigner
ColorPic
Combined Community Codec Pack 2011-11-11
Corel Graphics - Windows Shell Extension
D3DX10
DHTML Editing Component
DivX-Setup
DolbyFiles
Dropbox
du Mobile Broadband
Easy Keyboard Manager 1.0.0
EasyCash&Tax 1.48
ElsterFormular
Empire: Total War
EPSON Scan
Fast Blog Finder 3
FastStone Capture 5.3
Fences
Free Mp3 Wma Converter V 1.93
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IETester v0.4.6 (remove only)
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 26
JDownloader
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Kernel EML Viewer ver 10.09.01
Malwarebytes Anti-Malware Version 1.62.0.1300
Market Samurai
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Menu Templates - Starter Kit
Metro-Naval 1.9
Microsoft Keyboard Layout Creator 1.4
Microsoft Office Access MUI (German) 2007
Microsoft Office 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
Mozilla Firefox 4.0b7 (x86 de)
Mozilla Firefox 8.0 (x86 de)
Mozilla Thunderbird 14.0 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
Multiple File Search Replace 2.30
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Installer
Nero Update
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Offline Downloader
Orbit Downloader
PC Connectivity Solution
PDFCreator
PixLin
Polipo 1.0.4.1
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
RoboForm 7-7-0 (All Users)
RocketDock 1.3.5
Rome - Total War - Gold Edition
RouterControl 2.0
Samsung New PC Studio USB Driver Installer
Schwert und Speer Ultimat
Serif WebPlus Starter Edition
SHARP Pen Software
Skype Click to Call
Skype™ 5.8
Splashtop Remote Client
Spybot - Search & Destroy
SRWare Iron Version SRWare Iron 19.0.1100.0
Steam
SugarSync Manager
SUPER © Version 2010.bld.42 (Nov 7, 2010)
System Requirements Lab CYRI
TeamViewer 7
Tor 0.2.2.34
Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
TreeSize Free V2.6
TrueCrypt
Turbo Lister 2
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Veoh Web Player
Veoh Web Player Toolbar
Vidalia 0.2.15
Watchtower Library 2009 - Deutsch
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xaldon WebSpider2
XAMPP 1.7.7
XMind
YouTube Song Downloader
YTD Video Downloader 3.9
.
==== End Of File ===========================