Re: Buma-Stemra virus
Geplaatst: 03 mar 2012 15:39
Hoi,
Direct ook de volgende stappen aswMBR en DDS uitgevoerd. Dit zijn de resultaten.
aswMBR log:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 15:13:27
-----------------------------
15:13:27.770 OS Version: Windows 6.0.6000
15:13:27.770 Number of processors: 2 586 0xF0D
15:13:27.771 ComputerName: UserName:
15:13:48.407 Initialize success
15:14:14.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:14:14.748 Disk 0 Vendor: FUJITSU_ 8918 Size: 114473MB BusType: 3
15:14:14.779 Disk 0 MBR read successfully
15:14:14.784 Disk 0 MBR scan
15:14:14.788 Disk 0 unknown MBR code
15:14:14.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107403 MB offset 63
15:14:14.823 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7067 MB offset 219961980
15:14:14.831 Disk 0 scanning sectors +234436545
15:14:14.892 Disk 0 scanning C:\Windows\system32\drivers
15:14:22.256 Service scanning
15:14:23.315 Service .tdx \? **LOCKED** 123
15:14:43.904 Modules scanning
15:14:50.327 Disk 0 trace - called modules:
15:14:50.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:14:50.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c35500]
15:14:50.716 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x84dfe7c8]
15:14:50.726 5 acpi.sys[8065c32a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e09030]
15:14:50.735 Scan finished successfully
15:15:19.089 Disk 0 MBR has been saved successfully to "C:\Users\\Desktop\MBR.dat"
15:15:19.098 The log file has been saved successfully to "C:\Users\\Desktop\aswMBR.txt"
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_30
Run by User at 15:22:06 on 2012-03-03
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
uWindows: Load="c:\windows\system32\smss.exe:844230881.vbs"
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [2X9I7BYX2HVCZF8VFHSCXXYSYXRRGAK] 2f0071000000
uRunServices: [PlayerPlayer] c:\users\~1\appdata\local\temp\0.6116133340978206.exe
uRunServices: [0.6116133340978206] c:\users\\appdata\local\temp\0.6116133340978206.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [SBRegRebootCleaner] "c:\program files\gfi software\vipre\SBRC.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{DF559764-E4CE-49BA-A800-BDDA662DEDA6} : DhcpNameServer = 10.0.0.138
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" onclick="window.open(this.href);return false;
FF - component: c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-2-2 84600]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-28 22016]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-15 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-28 22016]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-2-2 94584]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-2-2 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-2-2 93816]
.
=============== Created Last 30 ================
.
2012-03-02 17:56:31 -------- d-s---w- C:\ComboFix
2012-03-02 16:59:06 -------- d-----w- C:\TDSSStarter
2012-03-02 16:44:41 98816 ----a-w- c:\windows\sed.exe
2012-03-02 16:44:41 518144 ----a-w- c:\windows\SWREG.exe
2012-03-02 16:44:41 256000 ----a-w- c:\windows\PEV.exe
2012-03-02 16:44:41 208896 ----a-w- c:\windows\MBR.exe
2012-03-02 07:41:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-02 07:03:05 -------- d-----w- c:\users\\appdata\roaming\Malwarebytes
2012-03-02 07:02:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 07:02:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 07:02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 04:38:24 388096 ----a-r- c:\users\\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-02 04:38:21 -------- d-----w- c:\program files\Trend Micro
2012-03-01 18:06:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-01 17:00:52 -------- d-----w- c:\users\\appdata\roaming\EurekaLog
2012-02-29 21:36:25 -------- d-----w- c:\users\\appdata\roaming\CBS Interactive
2012-02-28 21:48:41 -------- d-----w- c:\programdata\CPA_VA
2012-02-28 21:21:05 -------- d-----w- c:\programdata\Comodo
2012-02-28 21:20:39 -------- d-----w- c:\program files\Comodo
2012-02-28 21:20:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-28 11:58:26 -------- d-----w- c:\users\\appdata\roaming\Wyroygz
2012-02-28 11:58:26 -------- d-----w- c:\users\\appdata\roaming\Cukara
2012-02-16 18:41:57 -------- d-----w- c:\program files\Conduit
2012-02-16 18:41:14 -------- d-----w- c:\users\appdata\local\Conduit
2012-02-16 18:41:03 -------- d-----w- c:\program files\uTorrentBar_NL
2012-02-16 18:40:39 -------- d-----w- c:\program files\uTorrent
2012-02-16 18:38:11 -------- d-----w- c:\users\\appdata\roaming\uTorrent
2012-02-12 22:14:59 646104 ----a-w- c:\program files\mozilla firefox\nss3.dll
2012-02-12 22:14:59 371672 ----a-w- c:\program files\mozilla firefox\nssckbi.dll
2012-02-12 22:14:59 109528 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2012-02-12 22:14:59 105432 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2012-02-11 15:59:31 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-02-10 15:35:39 -------- d-sh--w- c:\users\\appdata\local\1cf6efbe
2012-02-09 14:53:39 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2012-02-28 15:25:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:28:14,72 ===============
Direct ook de volgende stappen aswMBR en DDS uitgevoerd. Dit zijn de resultaten.
aswMBR log:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 15:13:27
-----------------------------
15:13:27.770 OS Version: Windows 6.0.6000
15:13:27.770 Number of processors: 2 586 0xF0D
15:13:27.771 ComputerName: UserName:
15:13:48.407 Initialize success
15:14:14.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:14:14.748 Disk 0 Vendor: FUJITSU_ 8918 Size: 114473MB BusType: 3
15:14:14.779 Disk 0 MBR read successfully
15:14:14.784 Disk 0 MBR scan
15:14:14.788 Disk 0 unknown MBR code
15:14:14.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107403 MB offset 63
15:14:14.823 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7067 MB offset 219961980
15:14:14.831 Disk 0 scanning sectors +234436545
15:14:14.892 Disk 0 scanning C:\Windows\system32\drivers
15:14:22.256 Service scanning
15:14:23.315 Service .tdx \? **LOCKED** 123
15:14:43.904 Modules scanning
15:14:50.327 Disk 0 trace - called modules:
15:14:50.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:14:50.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c35500]
15:14:50.716 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x84dfe7c8]
15:14:50.726 5 acpi.sys[8065c32a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e09030]
15:14:50.735 Scan finished successfully
15:15:19.089 Disk 0 MBR has been saved successfully to "C:\Users\\Desktop\MBR.dat"
15:15:19.098 The log file has been saved successfully to "C:\Users\\Desktop\aswMBR.txt"
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_30
Run by User at 15:22:06 on 2012-03-03
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
uWindows: Load="c:\windows\system32\smss.exe:844230881.vbs"
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [2X9I7BYX2HVCZF8VFHSCXXYSYXRRGAK] 2f0071000000
uRunServices: [PlayerPlayer] c:\users\~1\appdata\local\temp\0.6116133340978206.exe
uRunServices: [0.6116133340978206] c:\users\\appdata\local\temp\0.6116133340978206.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [SBRegRebootCleaner] "c:\program files\gfi software\vipre\SBRC.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{DF559764-E4CE-49BA-A800-BDDA662DEDA6} : DhcpNameServer = 10.0.0.138
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" onclick="window.open(this.href);return false;
FF - component: c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\\appdata\roaming\mozilla\firefox\profiles\eals0j79.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-2-2 84600]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-28 22016]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-15 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-28 22016]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-2-2 94584]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-2-2 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-2-2 93816]
.
=============== Created Last 30 ================
.
2012-03-02 17:56:31 -------- d-s---w- C:\ComboFix
2012-03-02 16:59:06 -------- d-----w- C:\TDSSStarter
2012-03-02 16:44:41 98816 ----a-w- c:\windows\sed.exe
2012-03-02 16:44:41 518144 ----a-w- c:\windows\SWREG.exe
2012-03-02 16:44:41 256000 ----a-w- c:\windows\PEV.exe
2012-03-02 16:44:41 208896 ----a-w- c:\windows\MBR.exe
2012-03-02 07:41:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-02 07:03:05 -------- d-----w- c:\users\\appdata\roaming\Malwarebytes
2012-03-02 07:02:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 07:02:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 07:02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 04:38:24 388096 ----a-r- c:\users\\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-02 04:38:21 -------- d-----w- c:\program files\Trend Micro
2012-03-01 18:06:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-01 17:00:52 -------- d-----w- c:\users\\appdata\roaming\EurekaLog
2012-02-29 21:36:25 -------- d-----w- c:\users\\appdata\roaming\CBS Interactive
2012-02-28 21:48:41 -------- d-----w- c:\programdata\CPA_VA
2012-02-28 21:21:05 -------- d-----w- c:\programdata\Comodo
2012-02-28 21:20:39 -------- d-----w- c:\program files\Comodo
2012-02-28 21:20:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-28 11:58:26 -------- d-----w- c:\users\\appdata\roaming\Wyroygz
2012-02-28 11:58:26 -------- d-----w- c:\users\\appdata\roaming\Cukara
2012-02-16 18:41:57 -------- d-----w- c:\program files\Conduit
2012-02-16 18:41:14 -------- d-----w- c:\users\appdata\local\Conduit
2012-02-16 18:41:03 -------- d-----w- c:\program files\uTorrentBar_NL
2012-02-16 18:40:39 -------- d-----w- c:\program files\uTorrent
2012-02-16 18:38:11 -------- d-----w- c:\users\\appdata\roaming\uTorrent
2012-02-12 22:14:59 646104 ----a-w- c:\program files\mozilla firefox\nss3.dll
2012-02-12 22:14:59 371672 ----a-w- c:\program files\mozilla firefox\nssckbi.dll
2012-02-12 22:14:59 109528 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2012-02-12 22:14:59 105432 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2012-02-11 15:59:31 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-02-10 15:35:39 -------- d-sh--w- c:\users\\appdata\local\1cf6efbe
2012-02-09 14:53:39 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2012-02-28 15:25:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:28:14,72 ===============