dEkxz
2013-02-23, 13:25
i had the u%cash.exe virus on my pc and i deleted it with mbam-setup.170.0.exe ( Malwarebytes'Anti-malware) and that i had to download DDS-Bleeping Computer and run it when i did that i said post this on the forums
_________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.7.2
Run by Gebruiker at 12:14:18 on 2013-02-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.2046.595 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Users\Gebruiker\AppData\Local\Temp\tmp6337.tmp.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c162341
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c162341
uDefault_Page_URL = www.google.nl (http://www.google.nl)
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {90eee664-34b1-422a-a782-779af65cdf6d} - <orphaned>
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
uWindows: Load = C:\Users\Gebruiker\mshtxf.exe
BHO: bflix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: NCH EN Toolbar: {37483B40-C254-4A72-BDA4-22EE90182C1E} -
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Java.exe] "C:\Users\Gebruiker\AppData\Local\Temp\tmp6337.tmp.exe"
uRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [KMConfig] K:\StartAutorun.exe KMConfig.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [wefhnijnwef] C:\Users\Gebruiker\mshtxf.exe
mRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
uExplorerRun: [] C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet.exe
mExplorerRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
StartupFolder: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa7dfa16da.dat
StartupFolder: C:\Users\GEBRUI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Windows\Android Skin Pack\RocketDock\RocketDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UberIcon.lnk - C:\Windows\Android Skin Pack\UberIcon\UberIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\YzShadow.lnk - C:\Windows\Android Skin Pack\YzShadow\YzShadow.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{3381B3E8-03B5-41E3-839A-ACA066601459} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{3381B3E8-03B5-41E3-839A-ACA066601459}\3596475636F6D6635423549333 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: WgaLogon - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {F5BC59A5-BA92-A45B-DFE5-9DB932F6E75F} - C:\Users\Gebruiker\AppData\Roaming\MoM.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-9-29 18784]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2010-9-29 26776]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-29 98208]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-5-14 121152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-13 3467768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 2310_00;2310_00;C:\Windows\System32\drivers\2310_00.sys [2010-9-29 170528]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-9-29 231224]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 arcm_a64;arcm_a64;C:\Windows\System32\drivers\arcm_a64.sys [2010-9-29 52768]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-29 70424]
S3 hptiop;hptiop;C:\Windows\System32\drivers\hptiop.sys [2010-9-29 17440]
S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2010-9-29 93472]
S3 hptmv6;hptmv6;C:\Windows\System32\drivers\hptmv6.sys [2010-9-29 152096]
S3 IAMTVE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-9-29 43416]
S3 IAMTXPE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-9-29 51096]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-29 158976]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-9-29 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-9-29 42192]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2010-9-29 461320]
S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2010-9-29 28192]
S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2010-9-29 80424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-17 20992]
S3 rr172x;rr172x;C:\Windows\System32\drivers\rr172x.sys [2010-9-29 124448]
S3 rr174x;rr174x;C:\Windows\System32\drivers\rr174x.sys [2010-9-29 159264]
S3 rr2210;rr2210;C:\Windows\System32\drivers\rr2210.sys [2010-9-29 153632]
S3 rr232x;rr232x;C:\Windows\System32\drivers\rr232x.sys [2010-9-29 152096]
S3 rr2340;rr2340;C:\Windows\System32\drivers\rr2340.sys [2010-9-29 162400]
S3 rr2522;rr2522;C:\Windows\System32\drivers\rr2522.sys [2010-9-29 168032]
S3 rr62x;rr62x;C:\Windows\System32\drivers\rr62x.sys [2010-9-29 155232]
S3 Ser2at;ATEN USB to Serial port driver;C:\Windows\System32\drivers\ser2at64.sys [2010-9-29 90112]
S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2010-9-29 164656]
S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2010-9-29 99120]
S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2010-9-29 113456]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2010-9-29 334640]
S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2010-9-29 330544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 vcrdrx64;VIA MSP Card Reader Host Controller;C:\Windows\System32\drivers\vcrdrx64.sys [2010-9-29 123544]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2011-6-23 21504]
S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2010-9-29 158944]
S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2010-9-29 15000]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-23 11:12:36 -------- d-----w- C:\Users\Gebruiker\AppData\Local\{54B48AAC-3C60-462E-9C25-827F471CC511}
2013-02-23 11:11:53 1169224 ----a-w- C:\Users\Gebruiker\AppData\Roaming\MoM.exe
2013-02-23 11:00:03 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
2013-02-23 10:59:48 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-23 10:59:48 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-23 10:59:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-23 10:59:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
2013-02-23 10:46:27 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-23 10:36:13 -------- d-----w- C:\zoek
2013-02-22 16:56:01 -------- d-----w- C:\Program Files (x86)\CodeHook
2013-02-21 12:07:18 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\explorer
2013-02-19 11:17:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\B1E
2013-02-19 11:17:25 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\B1Toolbar
2013-02-13 22:24:23 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:24:23 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 11:28:29 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 11:28:25 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 11:28:23 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 11:28:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 11:27:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 11:27:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 11:27:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 11:27:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 11:27:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 11:27:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 11:27:41 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 11:27:41 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 00:26:34 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2013-02-13 00:26:34 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
2013-01-31 16:28:13 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Xfire
2013-01-29 15:56:35 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\TuneUp Software
2013-01-29 15:56:23 -------- d-----w- C:\ProgramData\TuneUp Software
2013-01-29 15:55:58 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-01-29 15:55:56 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 15:40:43 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ts3overlay
.
==================== Find3M ====================
.
2013-02-22 19:40:35 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-02-22 19:40:35 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-02-22 15:31:55 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-01 15:08:22 202448 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:16:12,14 ===============
and add this attach.txt in a zip/rar file ( download to attach.txt in a .rar file) Removed
What do i have to do after i posted this?
-------------------------------------------------
[I]Edit
Forum FAQ
http://forums.spybot.info/showthread.php?t=288
_________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.7.2
Run by Gebruiker at 12:14:18 on 2013-02-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.2046.595 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Users\Gebruiker\AppData\Local\Temp\tmp6337.tmp.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c162341
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c162341
uDefault_Page_URL = www.google.nl (http://www.google.nl)
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {90eee664-34b1-422a-a782-779af65cdf6d} - <orphaned>
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
uWindows: Load = C:\Users\Gebruiker\mshtxf.exe
BHO: bflix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: NCH EN Toolbar: {37483B40-C254-4A72-BDA4-22EE90182C1E} -
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} -
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Java.exe] "C:\Users\Gebruiker\AppData\Local\Temp\tmp6337.tmp.exe"
uRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [KMConfig] K:\StartAutorun.exe KMConfig.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [wefhnijnwef] C:\Users\Gebruiker\mshtxf.exe
mRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
uExplorerRun: [] C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet.exe
mExplorerRun: [Mom] C:\Users\Gebruiker\AppData\Roaming\MoM.exe
StartupFolder: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa7dfa16da.dat
StartupFolder: C:\Users\GEBRUI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Windows\Android Skin Pack\RocketDock\RocketDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UberIcon.lnk - C:\Windows\Android Skin Pack\UberIcon\UberIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\YzShadow.lnk - C:\Windows\Android Skin Pack\YzShadow\YzShadow.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Zoek op het web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{3381B3E8-03B5-41E3-839A-ACA066601459} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{3381B3E8-03B5-41E3-839A-ACA066601459}\3596475636F6D6635423549333 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: WgaLogon - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {F5BC59A5-BA92-A45B-DFE5-9DB932F6E75F} - C:\Users\Gebruiker\AppData\Roaming\MoM.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-9-29 18784]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2010-9-29 26776]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-29 98208]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-5-14 121152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-13 3467768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 2310_00;2310_00;C:\Windows\System32\drivers\2310_00.sys [2010-9-29 170528]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-9-29 231224]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 arcm_a64;arcm_a64;C:\Windows\System32\drivers\arcm_a64.sys [2010-9-29 52768]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-29 70424]
S3 hptiop;hptiop;C:\Windows\System32\drivers\hptiop.sys [2010-9-29 17440]
S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2010-9-29 93472]
S3 hptmv6;hptmv6;C:\Windows\System32\drivers\hptmv6.sys [2010-9-29 152096]
S3 IAMTVE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-9-29 43416]
S3 IAMTXPE;Stuurprogramma voor Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-9-29 51096]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-29 158976]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-9-29 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-9-29 42192]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2010-9-29 461320]
S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2010-9-29 28192]
S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2010-9-29 80424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-17 20992]
S3 rr172x;rr172x;C:\Windows\System32\drivers\rr172x.sys [2010-9-29 124448]
S3 rr174x;rr174x;C:\Windows\System32\drivers\rr174x.sys [2010-9-29 159264]
S3 rr2210;rr2210;C:\Windows\System32\drivers\rr2210.sys [2010-9-29 153632]
S3 rr232x;rr232x;C:\Windows\System32\drivers\rr232x.sys [2010-9-29 152096]
S3 rr2340;rr2340;C:\Windows\System32\drivers\rr2340.sys [2010-9-29 162400]
S3 rr2522;rr2522;C:\Windows\System32\drivers\rr2522.sys [2010-9-29 168032]
S3 rr62x;rr62x;C:\Windows\System32\drivers\rr62x.sys [2010-9-29 155232]
S3 Ser2at;ATEN USB to Serial port driver;C:\Windows\System32\drivers\ser2at64.sys [2010-9-29 90112]
S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2010-9-29 164656]
S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2010-9-29 99120]
S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2010-9-29 113456]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2010-9-29 334640]
S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2010-9-29 330544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 vcrdrx64;VIA MSP Card Reader Host Controller;C:\Windows\System32\drivers\vcrdrx64.sys [2010-9-29 123544]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2011-6-23 21504]
S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2010-9-29 158944]
S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2010-9-29 15000]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-23 11:12:36 -------- d-----w- C:\Users\Gebruiker\AppData\Local\{54B48AAC-3C60-462E-9C25-827F471CC511}
2013-02-23 11:11:53 1169224 ----a-w- C:\Users\Gebruiker\AppData\Roaming\MoM.exe
2013-02-23 11:00:03 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes
2013-02-23 10:59:48 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-23 10:59:48 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-23 10:59:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-23 10:59:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
2013-02-23 10:46:27 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-23 10:36:13 -------- d-----w- C:\zoek
2013-02-22 16:56:01 -------- d-----w- C:\Program Files (x86)\CodeHook
2013-02-21 12:07:18 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\explorer
2013-02-19 11:17:27 -------- d-----w- C:\Users\Gebruiker\AppData\Local\B1E
2013-02-19 11:17:25 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\B1Toolbar
2013-02-13 22:24:23 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:24:23 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 11:28:29 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 11:28:25 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 11:28:23 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 11:28:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 11:27:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 11:27:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 11:27:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 11:27:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 11:27:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 11:27:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 11:27:41 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 11:27:41 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 00:26:34 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2013-02-13 00:26:34 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
2013-01-31 16:28:13 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Xfire
2013-01-29 15:56:35 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\TuneUp Software
2013-01-29 15:56:23 -------- d-----w- C:\ProgramData\TuneUp Software
2013-01-29 15:55:58 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-01-29 15:55:56 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 15:40:43 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ts3overlay
.
==================== Find3M ====================
.
2013-02-22 19:40:35 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-02-22 19:40:35 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-02-22 15:31:55 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-01 15:08:22 202448 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:16:12,14 ===============
and add this attach.txt in a zip/rar file ( download to attach.txt in a .rar file) Removed
What do i have to do after i posted this?
-------------------------------------------------
[I]Edit
Forum FAQ
http://forums.spybot.info/showthread.php?t=288