Jump to content

Lasternom

Members
  • Posts

    6
  • Joined

Reputation

0 Neutral
  1. Hi, glad to hear that my pc looks clean. I'm looking into Paypal so I can donate a tip. I would like to thank you for all the help and time you took into resolving this problem. Many thanks. Lasternom Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader XI Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  2. Thanks again for the fast reply, i have a hard time keeping up but here the report again. leaner v2.303 - Verslag gemaakt op 30/06/2013 om 19:51:28# Geactualiseerd op 08/06/2013 door Xplode# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)# Gebruiker : Shodan - SHODAN-PC# Opstarten Modus : Normale modus# Gelanceerd vanaf : E:\Users\Shodan\Desktop\adwcleaner.exe# Optie [Zoeken] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Shodan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [752 octets] - [30/06/2013 19:51:28] ########## EOF - C:\AdwCleaner[R1].txt - [811 octets] ##########
  3. Follow the instructions and i seems that with the reboot the programs seems to have stopped. The report from combofix below ComboFix 13-06-30.01 - Shodan 30-06-2013 18:45:42.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8162.6633 [GMT 2:00] Gestart vanuit: e:\users\Shodan\Desktop\ComboFix.exe gebruikte Opdracht switches :: e:\users\Shodan\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Time c:\programdata\Microsoft\Windows\Time\_ctypes.pyd c:\programdata\Microsoft\Windows\Time\_hashlib.pyd c:\programdata\Microsoft\Windows\Time\_socket.pyd c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll c:\programdata\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf c:\programdata\Microsoft\Windows\Time\ce6fda2a3f1eadf0c2bdadf9ad19fbd5.elf c:\programdata\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf c:\programdata\Microsoft\Windows\Time\library.zip c:\programdata\Microsoft\Windows\Time\msvcp90.dll c:\programdata\Microsoft\Windows\Time\numpy.core._dotblas.pyd c:\programdata\Microsoft\Windows\Time\numpy.core.multiarray.pyd c:\programdata\Microsoft\Windows\Time\numpy.core.scalarmath.pyd c:\programdata\Microsoft\Windows\Time\numpy.core.umath.pyd c:\programdata\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd c:\programdata\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd c:\programdata\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd c:\programdata\Microsoft\Windows\Time\numpy.random.mtrand.pyd c:\programdata\Microsoft\Windows\Time\phatk.cl c:\programdata\Microsoft\Windows\Time\pyopencl._cl.pyd c:\programdata\Microsoft\Windows\Time\python27.dll c:\programdata\Microsoft\Windows\Time\select.pyd c:\programdata\Microsoft\Windows\Time\Time-svc.exe c:\programdata\Microsoft\Windows\Time\TimeServer.exe c:\programdata\Microsoft\Windows\Time\w9xpopen.exe c:\programdata\Microsoft\Windows\Time\WindowsTime.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Time . . (((((((((((((((((((( Bestanden Gemaakt van 2013-05-28 to 2013-06-30 )))))))))))))))))))))))))))))) . . 2013-06-30 16:47 . 2013-06-30 16:47 -------- d-----w- c:\users\Shodan\AppData\Local\temp 2013-06-30 13:40 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DD57F5A-93CE-4B42-8E36-23CE263F9C02}\mpengine.dll 2013-06-30 03:46 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\users\Shodan\AppData\Roaming\Malwarebytes 2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\programdata\Malwarebytes 2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-30 01:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-30 01:39 . 2013-06-30 01:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-28 21:55 . 2013-06-28 21:55 -------- d-----w- c:\users\Shodan\AppData\Local\Google 2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-06-28 21:27 . 2013-06-28 21:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Java 2013-06-28 18:31 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\HD Tune 2013-06-28 01:26 . 2013-06-28 01:27 -------- d-----w- c:\programdata\Origin 2013-06-26 20:50 . 2013-06-27 00:11 -------- d-----w- c:\users\Shodan\AppData\Roaming\NVIDIA 2013-06-26 20:01 . 2013-06-26 20:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-06-26 19:59 . 2013-06-26 19:59 -------- d-----w- C:\NVIDIA 2013-06-23 16:45 . 2013-06-23 16:45 -------- d-----w- c:\program files\iPod 2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files\iTunes 2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files (x86)\iTunes 2013-06-22 16:48 . 2012-06-06 09:56 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-06-22 16:48 . 2011-09-22 07:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-06-22 16:38 . 2013-06-22 16:38 -------- d-----w- c:\program files (x86)\Microsoft XNA 2013-06-22 16:38 . 2013-06-25 22:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-06-22 16:37 . 2013-06-26 15:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-06-22 16:37 . 2013-06-22 16:37 -------- d-----w- c:\users\Shodan\AppData\Local\Programs 2013-06-22 16:36 . 2013-06-22 16:36 -------- d-----w- c:\users\Shodan\AppData\Roaming\The Longest Journey 2013-06-22 16:02 . 2012-12-26 23:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-06-22 16:02 . 2012-12-26 23:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-06-22 16:01 . 2013-06-22 16:01 -------- d-----w- c:\programdata\Downloaded Installations 2013-06-22 15:59 . 2012-08-22 08:19 11832 ----a-w- c:\windows\acpimof.dll 2013-06-22 15:59 . 2013-06-22 15:59 -------- d-----w- c:\program files (x86)\MSI 2013-06-22 15:09 . 2013-06-22 15:09 -------- d-----w- c:\programdata\VS Revo Group 2013-06-22 12:01 . 2013-06-22 12:01 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll 2013-06-20 23:23 . 2013-06-20 23:23 -------- d-----w- c:\program files (x86)\D-LAN 2013-06-19 18:01 . 2013-06-19 19:37 -------- d-----w- c:\users\Shodan\AppData\Roaming\Notepad++ 2013-06-19 18:00 . 2013-06-19 18:00 -------- d-----w- c:\program files (x86)\Notepad++ 2013-06-17 12:44 . 2013-06-24 00:33 -------- d-----w- c:\users\Shodan\AppData\Roaming\Skype 2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\users\Shodan\AppData\Local\ESN 2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\Electronic Arts 2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Logs 2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Core 2013-06-13 12:10 . 2013-06-22 15:15 -------- d-----w- c:\users\Shodan\AppData\Roaming\Belastingdienst 2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Roaming\cYo 2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Local\cYo 2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\program files\ComicRack 2013-06-12 17:22 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 17:22 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 17:22 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-10 18:13 . 2013-06-10 18:13 -------- d-----w- c:\windows\system32\appmgmt 2013-06-10 10:41 . 2013-06-10 10:41 -------- d-----w- c:\users\Shodan\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-28 21:27 . 2012-10-28 14:34 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-06-28 21:27 . 2012-10-28 14:34 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-28 21:27 . 2012-10-28 14:34 312232 ----a-w- c:\windows\system32\javaws.exe 2013-06-28 21:27 . 2012-10-28 14:34 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-28 21:27 . 2012-10-28 14:34 189352 ----a-w- c:\windows\system32\javaw.exe 2013-06-28 21:27 . 2012-10-28 14:34 188840 ----a-w- c:\windows\system32\java.exe 2013-06-28 21:27 . 2012-12-07 02:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-28 21:27 . 2012-12-07 02:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-21 12:06 . 2013-03-26 14:06 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-06-21 12:06 . 2013-03-26 14:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-06-21 12:06 . 2013-03-26 14:06 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-06-21 12:06 . 2012-12-07 02:08 2936208 ----a-w- c:\windows\system32\nvapi64.dll 2013-06-21 12:06 . 2012-12-07 02:08 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-06-21 12:06 . 2012-12-07 02:08 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-06-21 12:06 . 2012-12-07 02:08 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-06-13 01:01 . 2012-10-28 09:47 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-25 15:50 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2013-05-25 15:50 . 2009-08-18 10:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-22 12:13 . 2013-03-23 22:25 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-30 01:11 . 2013-04-30 01:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-30 01:11 . 2013-04-30 01:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-30 01:11 . 2013-04-30 01:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-30 01:11 . 2013-04-30 01:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-30 01:11 . 2013-04-30 01:11 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 01:11 . 2013-04-30 01:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-30 01:11 . 2013-04-30 01:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-30 01:11 . 2013-04-30 01:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-30 01:11 . 2013-04-30 01:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-30 01:11 . 2013-04-30 01:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-30 01:11 . 2013-04-30 01:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-30 01:11 . 2013-04-30 01:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 01:11 . 2013-04-30 01:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 01:11 . 2013-04-30 01:11 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-30 01:11 . 2013-04-30 01:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-30 01:11 . 2013-04-30 01:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-30 01:11 . 2013-04-30 01:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-30 01:11 . 2013-04-30 01:11 441856 ----a-w- c:\windows\system32\html.iec 2013-04-30 01:11 . 2013-04-30 01:11 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-30 01:11 . 2013-04-30 01:11 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-30 01:11 . 2013-04-30 01:11 235008 ----a-w- c:\windows\system32\url.dll 2013-04-30 01:11 . 2013-04-30 01:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-30 01:11 . 2013-04-30 01:11 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 01:11 . 2013-04-30 01:11 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-30 01:11 . 2013-04-30 01:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-30 01:11 . 2013-04-30 01:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-30 01:11 . 2013-04-30 01:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-30 01:11 . 2013-04-30 01:11 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-30 01:11 . 2013-04-30 01:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 01:11 . 2013-04-30 01:11 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 01:11 . 2013-04-30 01:11 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-30 01:11 . 2013-04-30 01:11 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 01:11 . 2013-04-30 01:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-30 01:11 . 2013-04-30 01:11 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 01:11 . 2013-04-30 01:11 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 01:11 . 2013-04-30 01:11 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-30 01:11 . 2013-04-30 01:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 01:11 . 2013-04-30 01:11 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 01:11 . 2013-04-30 01:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 01:11 . 2013-04-30 01:11 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-30 01:11 . 2013-04-30 01:11 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 01:11 . 2013-04-30 01:11 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 01:11 . 2013-04-30 01:11 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-30 01:11 . 2013-04-30 01:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-30 01:11 . 2013-04-30 01:11 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 10:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 12:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 12:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 12:21 3153920 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F.lux"="c:\users\Shodan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] "Spotify Web Helper"="c:\users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x] R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x] R3 BFNVis64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVa64.sys;c:\windows\SYSNATIVE\drivers\XenoVa64.sys [x] R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x] R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 D-LAN Core;D-LAN Core;c:\program files (x86)\D-LAN\D-LAN.Core.exe;c:\program files (x86)\D-LAN\D-LAN.Core.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x] R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x] R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x] R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x] R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x] R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys;c:\windows\SYSNATIVE\DRIVERS\WMP54Gv41x64.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000Core.job - c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55] . 2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000UA.job - c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-pcsx2-r5350 - c:\my games\Roms\Emulator\Uninst-pcsx2-r5350.exe AddRemove-S4Uninst - c:\bluebyte\The Settlers IV\Uninst.isu . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Voltooingstijd: 2013-06-30 18:49:34 - machine werd herstart ComboFix-quarantined-files.txt 2013-06-30 16:49 ComboFix2.txt 2013-06-30 15:49 . Pre-Run: 145.201.750.016 bytes beschikbaar Post-Run: 144.932.634.624 bytes beschikbaar . - - End Of File - - D4326AB56685A693225B964FD98F0C99 A36C5E4F47E84449FF07ED3517B43A31
  4. Wow, amazing fast reply. Again i followed your instructions and i hope i did everything correct. ComboFix 13-06-30.01 - Shodan 30-06-2013 17:46:45.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8162.6960 [GMT 2:00]Gestart vanuit: e:\users\Shodan\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\frapsvid.dllc:\windows\wininit.ini..(((((((((((((((((((( Bestanden Gemaakt van 2013-05-28 to 2013-06-30 ))))))))))))))))))))))))))))))..2013-06-30 15:49 . 2013-06-30 15:49 -------- d-----w- c:\users\Shodan\AppData\Local\temp2013-06-30 15:49 . 2013-06-30 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-30 13:40 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DD57F5A-93CE-4B42-8E36-23CE263F9C02}\mpengine.dll2013-06-30 03:46 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\users\Shodan\AppData\Roaming\Malwarebytes2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\programdata\Malwarebytes2013-06-30 01:44 . 2013-06-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-06-30 01:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-06-30 01:39 . 2013-06-30 01:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-28 21:55 . 2013-06-28 21:55 -------- d-----w- c:\users\Shodan\AppData\Local\Google2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Common Files\Java2013-06-28 21:27 . 2013-06-28 21:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-06-28 21:27 . 2013-06-28 21:27 -------- d-----w- c:\program files (x86)\Java2013-06-28 18:31 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\HD Tune2013-06-28 01:26 . 2013-06-28 01:27 -------- d-----w- c:\programdata\Origin2013-06-26 20:50 . 2013-06-27 00:11 -------- d-----w- c:\users\Shodan\AppData\Roaming\NVIDIA2013-06-26 20:01 . 2013-06-26 20:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies2013-06-26 19:59 . 2013-06-26 19:59 -------- d-----w- C:\NVIDIA2013-06-26 19:26 . 2013-06-26 19:26 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe2013-06-26 19:26 . 2013-06-26 19:26 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe2013-06-26 19:26 . 2013-06-26 19:26 10240 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe2013-06-26 19:26 . 2013-06-26 19:26 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll2013-06-26 19:26 . 2013-06-26 19:26 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe2013-06-26 19:26 . 2013-06-26 19:26 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll2013-06-26 19:26 . 2013-06-26 19:26 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll2013-06-23 16:45 . 2013-06-23 16:45 -------- d-----w- c:\program files\iPod2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files\iTunes2013-06-23 16:44 . 2013-06-23 16:45 -------- d-----w- c:\program files (x86)\iTunes2013-06-22 16:48 . 2012-06-06 09:56 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll2013-06-22 16:48 . 2011-09-22 07:49 56600 ----a-w- c:\windows\system32\drivers\HECIx64.sys2013-06-22 16:38 . 2013-06-22 16:38 -------- d-----w- c:\program files (x86)\Microsoft XNA2013-06-22 16:38 . 2013-06-25 22:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-06-22 16:37 . 2013-06-26 15:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-06-22 16:37 . 2013-06-22 16:37 -------- d-----w- c:\users\Shodan\AppData\Local\Programs2013-06-22 16:36 . 2013-06-22 16:36 -------- d-----w- c:\users\Shodan\AppData\Roaming\The Longest Journey2013-06-22 16:02 . 2012-12-26 23:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys2013-06-22 16:02 . 2012-12-26 23:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll2013-06-22 16:01 . 2013-06-22 16:01 -------- d-----w- c:\programdata\Downloaded Installations2013-06-22 15:59 . 2012-08-22 08:19 11832 ----a-w- c:\windows\acpimof.dll2013-06-22 15:59 . 2013-06-22 15:59 -------- d-----w- c:\program files (x86)\MSI2013-06-22 15:09 . 2013-06-22 15:09 -------- d-----w- c:\programdata\VS Revo Group2013-06-22 12:01 . 2013-06-22 12:01 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll2013-06-20 23:23 . 2013-06-20 23:23 -------- d-----w- c:\program files (x86)\D-LAN2013-06-19 18:01 . 2013-06-19 19:37 -------- d-----w- c:\users\Shodan\AppData\Roaming\Notepad++2013-06-19 18:00 . 2013-06-19 18:00 -------- d-----w- c:\program files (x86)\Notepad++2013-06-17 12:44 . 2013-06-24 00:33 -------- d-----w- c:\users\Shodan\AppData\Roaming\Skype2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\users\Shodan\AppData\Local\ESN2013-06-16 19:25 . 2013-06-16 19:25 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\Electronic Arts2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Logs2013-06-16 19:22 . 2013-06-16 19:22 -------- d-----w- c:\programdata\EA Core2013-06-13 12:10 . 2013-06-22 15:15 -------- d-----w- c:\users\Shodan\AppData\Roaming\Belastingdienst2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Roaming\cYo2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\users\Shodan\AppData\Local\cYo2013-06-12 22:25 . 2013-06-12 22:25 -------- d-----w- c:\program files\ComicRack2013-06-12 17:22 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-12 17:22 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 17:22 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-10 18:13 . 2013-06-10 18:13 -------- d-----w- c:\windows\system32\appmgmt2013-06-10 10:41 . 2013-06-10 10:41 -------- d-----w- c:\users\Shodan\AppData\Local\ElevatedDiagnostics...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-28 21:27 . 2012-10-28 14:34 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-06-28 21:27 . 2012-10-28 14:34 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-06-28 21:27 . 2012-10-28 14:34 312232 ----a-w- c:\windows\system32\javaws.exe2013-06-28 21:27 . 2012-10-28 14:34 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll2013-06-28 21:27 . 2012-10-28 14:34 189352 ----a-w- c:\windows\system32\javaw.exe2013-06-28 21:27 . 2012-10-28 14:34 188840 ----a-w- c:\windows\system32\java.exe2013-06-28 21:27 . 2012-12-07 02:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-28 21:27 . 2012-12-07 02:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-21 12:06 . 2013-03-26 14:06 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll2013-06-21 12:06 . 2013-03-26 14:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll2013-06-21 12:06 . 2013-03-26 14:06 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll2013-06-21 12:06 . 2012-12-07 02:08 2936208 ----a-w- c:\windows\system32\nvapi64.dll2013-06-21 12:06 . 2012-12-07 02:08 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll2013-06-21 12:06 . 2012-12-07 02:08 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll2013-06-21 12:06 . 2012-12-07 02:08 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll2013-06-13 01:01 . 2012-10-28 09:47 75825640 ----a-w- c:\windows\system32\MRT.exe2013-05-25 15:50 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll2013-05-25 15:50 . 2009-08-18 10:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-22 12:13 . 2013-03-23 22:25 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-30 01:11 . 2013-04-30 01:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-04-30 01:11 . 2013-04-30 01:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-04-30 01:11 . 2013-04-30 01:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-04-30 01:11 . 2013-04-30 01:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-04-30 01:11 . 2013-04-30 01:11 226304 ----a-w- c:\windows\system32\elshyph.dll2013-04-30 01:11 . 2013-04-30 01:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-04-30 01:11 . 2013-04-30 01:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-04-30 01:11 . 2013-04-30 01:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-04-30 01:11 . 2013-04-30 01:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-04-30 01:11 . 2013-04-30 01:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-04-30 01:11 . 2013-04-30 01:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-04-30 01:11 . 2013-04-30 01:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-04-30 01:11 . 2013-04-30 01:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-04-30 01:11 . 2013-04-30 01:11 81408 ----a-w- c:\windows\system32\icardie.dll2013-04-30 01:11 . 2013-04-30 01:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-04-30 01:11 . 2013-04-30 01:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-04-30 01:11 . 2013-04-30 01:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-04-30 01:11 . 2013-04-30 01:11 441856 ----a-w- c:\windows\system32\html.iec2013-04-30 01:11 . 2013-04-30 01:11 361984 ----a-w- c:\windows\SysWow64\html.iec2013-04-30 01:11 . 2013-04-30 01:11 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-04-30 01:11 . 2013-04-30 01:11 235008 ----a-w- c:\windows\system32\url.dll2013-04-30 01:11 . 2013-04-30 01:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-04-30 01:11 . 2013-04-30 01:11 216064 ----a-w- c:\windows\system32\msls31.dll2013-04-30 01:11 . 2013-04-30 01:11 197120 ----a-w- c:\windows\system32\msrating.dll2013-04-30 01:11 . 2013-04-30 01:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-04-30 01:11 . 2013-04-30 01:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-04-30 01:11 . 2013-04-30 01:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-04-30 01:11 . 2013-04-30 01:11 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-04-30 01:11 . 2013-04-30 01:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-04-30 01:11 . 2013-04-30 01:11 77312 ----a-w- c:\windows\system32\tdc.ocx2013-04-30 01:11 . 2013-04-30 01:11 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-04-30 01:11 . 2013-04-30 01:11 599552 ----a-w- c:\windows\system32\vbscript.dll2013-04-30 01:11 . 2013-04-30 01:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-04-30 01:11 . 2013-04-30 01:11 51200 ----a-w- c:\windows\system32\imgutil.dll2013-04-30 01:11 . 2013-04-30 01:11 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-04-30 01:11 . 2013-04-30 01:11 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-04-30 01:11 . 2013-04-30 01:11 247296 ----a-w- c:\windows\system32\webcheck.dll2013-04-30 01:11 . 2013-04-30 01:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-04-30 01:11 . 2013-04-30 01:11 167424 ----a-w- c:\windows\system32\iexpress.exe2013-04-30 01:11 . 2013-04-30 01:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-04-30 01:11 . 2013-04-30 01:11 149504 ----a-w- c:\windows\system32\occache.dll2013-04-30 01:11 . 2013-04-30 01:11 144896 ----a-w- c:\windows\system32\wextract.exe2013-04-30 01:11 . 2013-04-30 01:11 13824 ----a-w- c:\windows\system32\mshta.exe2013-04-30 01:11 . 2013-04-30 01:11 136192 ----a-w- c:\windows\system32\iepeers.dll2013-04-30 01:11 . 2013-04-30 01:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-04-30 01:11 . 2013-04-30 01:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-04-30 01:11 . 2013-04-30 01:11 102912 ----a-w- c:\windows\system32\inseng.dll2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-24 10:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-15 12:21 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-15 12:21 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-15 12:21 3153920 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"F.lux"="c:\users\Shodan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]"Spotify Web Helper"="c:\users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104384].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]R3 BFNVis64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVa64.sys;c:\windows\SYSNATIVE\drivers\XenoVa64.sys [x]R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]R3 D-LAN Core;D-LAN Core;c:\program files (x86)\D-LAN\D-LAN.Core.exe;c:\program files (x86)\D-LAN\D-LAN.Core.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x]R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys;c:\windows\SYSNATIVE\DRIVERS\WMP54Gv41x64.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]..Inhoud van de 'Gedeelde Taken' map.2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000Core.job- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55].2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3511419792-4291243797-1282643203-1000UA.job- c:\users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-28 21:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL.- - - - ORPHANS VERWIJDERD - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-pcsx2-r5350 - c:\my games\Roms\Emulator\Uninst-pcsx2-r5350.exeAddRemove-S4Uninst - c:\bluebyte\The Settlers IV\Uninst.isu...--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Voltooingstijd: 2013-06-30 17:49:59ComboFix-quarantined-files.txt 2013-06-30 15:49.Pre-Run: 145.534.017.536 bytes beschikbaarPost-Run: 145.377.710.080 bytes beschikbaar.- - End Of File - - 38871DADD5B5B72BCD930A6ABE564A38A36C5E4F47E84449FF07ED3517B43A31
  5. Hi MrCharlie, Thank you for the fast reply, I have followed you instructions and ran RoguekillerX64. RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionGestart vanuit : Normale modusGebruiker : Shodan [Administrator rechten]Modus : Scan -- Datum : 06/30/2013 17:08:44| ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 3 ¤¤¤[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> BEEINDIGD [TermProc][sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> BEEINDIGD [TermProc][sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> BEEINDIGD [TermProc] ¤¤¤ Register verwijzingen : 19 ¤¤¤[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> gevonden[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> gevonden[HJ POL] HKLM\[...]\System : EnableLUA (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> gevonden[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> gevonden[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> gevonden[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden ¤¤¤ geplande taken : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ webbrowsers : 0 ¤¤¤ ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤ ¤¤¤ Externe Hives: ¤¤¤ ¤¤¤ Infectie : ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: ATA Samsung SSD 840 SCSI Disk Device +++++--- User ---[MBR] a1df3d64ad30f298af3e91fe555139cd[bSP] 8df895906e44d9fb152c09136666544c : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: ATA Samsung SSD 840 SCSI Disk Device +++++--- User ---[MBR] 7940de1115c4065ced1b08c99cd48dd8[bSP] c80da55afd5fd3b42e02b4e0295ea37c : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: ATA Samsung SSD 840 SCSI Disk Device +++++--- User ---[MBR] 1c66eceac17f6f05169855f096e136ed[bSP] 4dd90d4d8f7f5d8dd2d6f3afb380c195 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MoUser = LL1 ... OK!User = LL2 ... OK! Gereed : << RKreport[0]_S_06302013_170844.txt >>RKreport[0]_S_06302013_031730.txt;RKreport[0]_S_06302013_040306.txt;RKreport[0]_S_06302013_170332.txt
  6. Hi everybody, A few days ago my PC began running very slow. To try and find a solution I began to run my trusted group of virus scanner and male ware scanners, Malwarebytes Anti-Malware of course included. However my attempts of finding the solution seem to bring zero results. After poking around in the task manager is seem to find a process called TimeServer.exe that was eating a lot of CPU power. In my shock I hastily ended the process, a bit drastic but it seems to stop harassing my CPU and everything seems to be calming down. So now that I found my evil doer my job was to identify it, however here I also found some problems in identifying the culprit. In my search I found two things http://processchecker.com/file/TimeServer.exe.html saying it might be a bitcoin miner and the 2nd item was http://forums.malwarebytes.org/index.php?showtopic=125666 I knew I needed help getting rid of it even if I found the monster. I followed the "I'm infected - What do i do now?" and read some posts and the guide lines. After i did the preparations for the files in my post, I did some more digging and found the culprit located in C:\ProgramData\Microsoft\Windows\Time also I highlighted some interesting things I already found in the DDS.txt below. My apologies if I did something wrong but i try to give a much information to help you, help me . Also English is my second language so sorry for any spelling and grammar mistakes. Any advice would be a great help in getting rid of this monster. Also my thanks and appreciation for any help in advance. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2Run by Shodan at 4:30:28 on 2013-06-30Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8162.6318 [GMT 2:00].AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Users\Shodan\Local Settings\Apps\F.lux\flux.exeC:\Users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\msiexec.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = :0mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [F.lux] "C:\Users\Shodan\Local Settings\Apps\F.lux\flux.exe" /noshowuRun: [spotify Web Helper] "C:\Users\Shodan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Google Update] "C:\Users\Shodan\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoResolveTrack = dword:1mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58TCP: Interfaces\{26BE3159-496E-48B0-A381-EF578FFA0988} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58TCP: Interfaces\{D1A42AA2-92FE-4D1E-9A3C-F0EFA8999E7B} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-12-7 652344]R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-12-7 28216]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-7 14904]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-6-22 32344]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-22 805088]R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-30 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-30 701512]S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-6-26 10752]S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2012-10-28 88104]S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2012-10-28 157288]S3 BFNVis64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\XenoVa64.sys [2012-10-28 157288]S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2012-10-28 178216]S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2012-10-28 539176]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-7 79360]S3 D-LAN Core;D-LAN Core;C:\Program Files (x86)\D-LAN\D-LAN.Core.exe [2013-6-21 1813504]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2012-10-28 43416]S3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2012-10-28 51096]S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM60x64.sys [2012-10-28 387344]S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP60x64.sys [2012-10-28 77584]S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-10-28 40144]S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-10-28 42192]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-30 25928]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-12-21 115272]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-6-22 14136]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-7 31800]S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2012-10-28 446304]S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-28 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784].=============== Created Last 30 ================.2013-06-30 02:26:33 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates \{2F7F9B03-DF33-483F-AD56-474E3D45A4A0}\mpengine.dll2013-06-30 01:44:39 -------- d-----w- C:\Users\Shodan\AppData\Roaming\Malwarebytes2013-06-30 01:44:27 -------- d-----w- C:\ProgramData\Malwarebytes2013-06-30 01:44:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-06-30 01:44:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-28 21:55:16 -------- d-----w- C:\Users\Shodan\AppData\Local\Google2013-06-28 21:27:38 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-28 18:31:40 -------- d-----w- C:\Program Files (x86)\HD Tune2013-06-28 01:26:59 -------- d-----w- C:\ProgramData\Origin2013-06-27 18:05:24 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-06-27 17:56:04 -------- d-----w- C:\Windows\pss2013-06-26 20:50:20 -------- d-----w- C:\Users\Shodan\AppData\Roaming\NVIDIA2013-06-26 20:03:58 -------- d-----w- C:\Users\Shodan\AppData\Local\NVIDIA2013-06-26 20:02:45 884512 ----a-w- C:\Windows\System32\nvvsvc.exe2013-06-26 20:02:45 6496544 ----a-w- C:\Windows\System32\nvcpl.dll2013-06-26 20:02:45 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-06-26 20:02:45 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll2013-06-26 20:02:45 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin2013-06-26 20:02:45 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll2013-06-26 20:02:45 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-06-26 20:02:38 61216 ----a-w- C:\Windows\System32\OpenCL.dll2013-06-26 20:02:38 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll2013-06-26 20:02:35 -------- d-----w- C:\ProgramData\NVIDIA Corporation2013-06-26 19:59:08 -------- d-----w- C:\NVIDIA2013-06-26 19:26:55 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe2013-06-26 19:26:55 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe2013-06-26 19:26:55 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe2013-06-26 19:26:51 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll2013-06-26 19:26:50 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe2013-06-26 19:26:38 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll2013-06-26 19:26:32 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll2013-06-23 16:45:00 -------- d-----w- C:\Program Files\iPod2013-06-23 16:44:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-23 16:44:59 -------- d-----w- C:\Program Files\iTunes2013-06-23 16:44:59 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-22 16:48:29 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll2013-06-22 16:48:21 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys2013-06-22 16:38:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA2013-06-22 16:38:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2013-06-22 16:37:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22013-06-22 16:37:24 -------- d-----w- C:\Users\Shodan\AppData\Local\Programs2013-06-22 16:36:20 -------- d-----w- C:\Users\Shodan\AppData\Roaming\The Longest Journey2013-06-22 16:02:33 805088 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2013-06-22 16:02:33 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll2013-06-22 16:01:23 -------- d-----w- C:\ProgramData\Downloaded Installations2013-06-22 15:59:56 11832 ----a-w- C:\Windows\acpimof.dll2013-06-22 15:59:51 -------- d-----w- C:\Program Files (x86)\MSI2013-06-22 15:09:28 -------- d-----w- C:\ProgramData\VS Revo Group2013-06-22 12:01:36 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB6BD291-B671-4E20-BE07-506AACD0CC1E}\gapaengine.dll2013-06-20 23:23:55 -------- d-----w- C:\Program Files (x86)\D-LAN2013-06-16 19:25:37 -------- d-----w- C:\Users\Shodan\AppData\Local\ESN2013-06-16 19:25:35 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\Electronic Arts2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\EA Logs2013-06-16 19:22:48 -------- d-----w- C:\ProgramData\EA Core2013-06-13 12:10:41 -------- d-----w- C:\Users\Shodan\AppData\Roaming\Belastingdienst2013-06-12 22:25:40 -------- d-----w- C:\Users\Shodan\AppData\Roaming\cYo2013-06-12 22:25:40 -------- d-----w- C:\Users\Shodan\AppData\Local\cYo2013-06-12 22:25:07 -------- d-----w- C:\Program Files\ComicRack2013-06-12 17:22:15 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-12 17:22:06 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-06-12 17:22:06 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-06-10 18:13:41 -------- d-----w- C:\Windows\System32\appmgmt2013-06-10 10:41:49 -------- d-----w- C:\Users\Shodan\AppData\Local\ElevatedDiagnostics.==================== Find3M ====================.2013-06-28 21:27:49 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-06-28 21:27:48 972712 ----a-w- C:\Windows\System32\deployJava1.dll2013-06-28 21:27:48 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-06-28 21:27:34 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-28 21:27:34 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 4:30:33,26 =============== attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 7-12-2012 2:53:33System Uptime: 29-6-2013 23:02:19 (5 hours ago).Motherboard: MSI | | P67A-G45 (MS-7673)Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 135,402 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 343,375 GiB free.F: is FIXED (NTFS) - 233 GiB total, 65,248 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Linksys Wireless-G PCI AdapterDevice ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\5&78811C5&0&0800E4Manufacturer: Linksys, A Division of Cisco Systems, Inc.Name: Linksys Wireless-G PCI AdapterPNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\5&78811C5&0&0800E4Service: rt61x64.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.A Game of Thrones version 0.4.4Aangifte inkomstenbelasting 2011Aangifte inkomstenbelasting 2012Adobe Reader XI (11.0.03) - NederlandsAdobe Shockwave Player 12.0Apple Application SupportApple Mobile Device SupportApple Software UpdateArma 2Arma 2: DayZ ModArma 2: Operation ArrowheadArma 2: Operation Arrowhead BetaBattlelog Web PluginsBattlEye for OA UninstallBonjourCCleanerCompany of Heroes 2CPUID CPU-Z 1.62Creation KitCreative Configuratiescherm voor geluidCreative Console LauncherCreative Software AutoUpdateCreative Sound Blaster Properties x64 EditionCrusader Kings IID-LAN version 1.1.0 Beta15 - 2012-12-16_16-22Dark Souls: Prepare to Die EditionDead Rising 2Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDon't StarveESN SonarEVEMonF.luxFrapsGoogle ChromeHD Tune 2.55Host OpenALIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyiTunesJava 7 Update 25Java 7 Update 25 (64-bit)Java 7 Update 6 (64-bit)Java Auto UpdaterKerbal Space ProgramLive Update 5Malwarebytes Anti-Malware version 1.75.0.1300Marvel HeroesMicrosoft .NET Framework 4.5Microsoft .NET Framework 4.5 NLD Language PackMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106Microsoft Word MUI (English) 2013Microsoft XNA Framework Redistributable 3.1Microsoft_VC100_CRT_SP1_x64Microsoft_VC100_CRT_SP1_x86MotioninJoy DS3 driver version 0.6.0005MSVC80_x64_v2MSVC80_x86_v2MSVC90_x64MSVC90_x86MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NeverwinterNexus Mod ManagerNotepad++NVIDIA-configuratiescherm 320.49NVIDIA GeForce Experience 1.5NVIDIA Grafisch stuurprogramma 320.49NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX systeemsoftware 9.13.0604NVIDIA Update 4.11.9NVIDIA Update ComponentsOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPlanescape TormentRayman OriginsRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRenesas Electronics USB 3.0 Host Controller DriverRevo Uninstaller Pro 3.0.5Samsung SSD MagicianSecurity Update for Microsoft .NET Framework 4.5 (KB2729460)Security Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Skype™ 6.0SpotifySUPERAntiSpywareswMSMSystem Shock 2Taalpakket voor Microsoft .NET Framework 4.5 - NLDTeamSpeak 3 ClientThe Elder Scrolls V: SkyrimThe Secret of Monkey Island: Special EditionThe Settlers IVUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Lync 2013 (KB2768004) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726961) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810014) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810017) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810018) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2760334) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2810015) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2727013) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2767865) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2810019) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768007) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768337) 64-Bit EditionVirtualCloneDriveVLC media player 2.0.7Warhammer 40,000 Space MarineWindows 7 USB/DVD Download ToolWindows Live ID Sign-in AssistantWinRAR 4.20 (64-bit)Wrye BashXdN Tweaker 0.9.2.6.==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.