hello,
I have a samsung r719 laptop running windows 7 home premium 32bit (oem).
On one account i have the ukash (in belgium) virus which prevents me from running any windows functions or anti virus software. All the other accounts work fine, though the laptop is slower than before.
I can boot the laptop in safe mode to work with the infected account.
I tried running some scans from the other accounts on the laptop, but they did not find anny virusses.
Below are the DDS and gmer log files.
i had to run gmer with limited options selected because the laptop always reboots itself due to an error.
thanks for helping me out.
Martijn
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Ria at 12:48:46 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3037.2125 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\extra_programs\java\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\extra_programs\java\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\ria\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [njhpuwmphuaglnj] c:\windows\njhpuwmp.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn Hamachi Ui] "d:\games\logmein hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 193.121.171.135 193.74.208.135
TCP: Interfaces\{2B43ABB6-EE96-4510-A06E-FF1477686907} : DhcpNameServer = 193.121.171.135 193.74.208.135
TCP: Interfaces\{2B43ABB6-EE96-4510-A06E-FF1477686907}\75966496F54534 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{87BCEAF2-4272-4929-A5DB-4BBD1B1A14D3} : DhcpNameServer = 203.241.132.60 203.241.132.85
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-13 242240]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
S1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2012-4-9 9600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-25 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 135664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\games\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-5 2253120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 135664]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-25 187392]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-4 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-4 1343400]
.
=============== Created Last 30 ================
.
2012-09-18 18:45:57 -------- d-----w- c:\programdata\sedjcbkhhttjcvg
2012-09-18 18:45:55 80896 ----a-w- c:\windows\njhpuwmp.exe
2012-09-18 18:45:55 80896 ----a-w- c:\programdata\njhpuwmp.exe
2012-09-18 18:45:23 80896 ----a-w- c:\users\ria\0.6872608428434819.exe
2012-09-18 18:22:11 -------- d-----w- c:\users\ria\appdata\local\{DE5CC9F8-2505-4F9A-8216-E8FBB95D5B87}
2012-09-18 15:59:38 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b590908b-ae91-406c-a433-592f72deb395}\mpengine.dll
2012-09-18 15:48:49 -------- d-----w- c:\users\ria\appdata\local\{CF5B0FAA-AEF6-4F01-80F2-AC4D65C9B71B}
2012-09-16 18:02:27 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-16 17:52:42 -------- d-----w- c:\users\ria\appdata\local\{AEAA4D1D-D569-429B-8531-59B5FB9E6E80}
2012-09-14 18:07:32 -------- d-----w- c:\users\ria\appdata\local\{75E91BBE-150D-4462-B392-FA3495B8552C}
2012-09-13 14:10:30 -------- d-----w- c:\users\ria\appdata\local\{7F3C3A0E-1012-4E1C-B211-C0DC62B36DB0}
2012-09-12 14:06:34 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:06:34 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:06:34 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:06:34 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:06:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:06:32 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:00:31 -------- d-----w- c:\users\ria\appdata\local\{DE60BE11-1E69-4428-8DA4-A8F2C19611CE}
2012-09-10 19:54:22 -------- d-----w- c:\users\ria\appdata\local\{2A8F0B6F-6350-4956-9C00-DFF9D04AAB83}
2012-09-08 18:44:13 -------- d-----w- c:\users\ria\appdata\local\{0308665D-6748-46E0-A8B6-F520CF8DD37C}
2012-09-07 13:30:58 -------- d-----w- c:\users\ria\appdata\local\{EF088129-BFBA-451E-A80B-B8C9EF4F5DFA}
2012-09-06 18:00:13 -------- d-----w- c:\users\ria\appdata\local\{CFA556E8-18B3-4210-9750-A7856BB525D8}
2012-09-06 12:40:29 -------- d-----w- c:\users\ria\appdata\local\{E6F2CBF5-EE92-4748-869B-27029C6A36F6}
2012-09-06 07:56:15 -------- d-----w- c:\users\ria\appdata\local\{ACD5BEF0-7D12-4322-A4EB-4CCBB4BC6B67}
2012-09-05 07:17:48 -------- d-----w- c:\users\ria\appdata\local\{84CD25CB-2AD2-44D1-A2BB-3E2368282A22}
2012-08-31 13:56:25 -------- d-----w- c:\users\ria\appdata\local\{1160DDCB-0000-4AAA-8D06-F7878DCCBFBA}
2012-08-30 12:54:27 -------- d-----w- c:\users\ria\appdata\local\{CEAE0166-1897-46F5-BB6C-2B718B60A32B}
2012-08-29 11:58:03 -------- d-----w- c:\users\ria\appdata\local\{D8D0F3C6-6F11-45FA-B090-3B9ADC6F2F78}
2012-08-27 18:36:50 -------- d-----w- c:\users\ria\appdata\local\{0E5E65F2-D52A-497D-9D52-B07AE519D25E}
2012-08-25 19:06:35 -------- d-----w- c:\users\ria\appdata\local\{203F7B00-B1C6-4C10-8B94-9CF9A41F1E8C}
2012-08-23 18:55:34 -------- d-----w- c:\users\ria\appdata\local\{A592E392-82FB-4B89-ACAA-4D965E3D8704}
2012-08-22 19:38:52 -------- d-----w- c:\users\ria\appdata\local\{7544ED43-92C0-4242-8ABA-2B49A6531FAB}
.
==================== Find3M ====================
.
2012-08-29 12:03:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-29 12:03:52 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-19 15:12:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:51:48,30 ===============
I have a samsung r719 laptop running windows 7 home premium 32bit (oem).
On one account i have the ukash (in belgium) virus which prevents me from running any windows functions or anti virus software. All the other accounts work fine, though the laptop is slower than before.
I can boot the laptop in safe mode to work with the infected account.
I tried running some scans from the other accounts on the laptop, but they did not find anny virusses.
Below are the DDS and gmer log files.
i had to run gmer with limited options selected because the laptop always reboots itself due to an error.
thanks for helping me out.
Martijn
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Ria at 12:48:46 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3037.2125 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\extra_programs\java\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\extra_programs\java\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\ria\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [njhpuwmphuaglnj] c:\windows\njhpuwmp.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn Hamachi Ui] "d:\games\logmein hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 193.121.171.135 193.74.208.135
TCP: Interfaces\{2B43ABB6-EE96-4510-A06E-FF1477686907} : DhcpNameServer = 193.121.171.135 193.74.208.135
TCP: Interfaces\{2B43ABB6-EE96-4510-A06E-FF1477686907}\75966496F54534 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{87BCEAF2-4272-4929-A5DB-4BBD1B1A14D3} : DhcpNameServer = 203.241.132.60 203.241.132.85
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-13 242240]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
S1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2012-4-9 9600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-25 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 135664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\games\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-5 2253120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 135664]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-25 187392]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-4 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-4 1343400]
.
=============== Created Last 30 ================
.
2012-09-18 18:45:57 -------- d-----w- c:\programdata\sedjcbkhhttjcvg
2012-09-18 18:45:55 80896 ----a-w- c:\windows\njhpuwmp.exe
2012-09-18 18:45:55 80896 ----a-w- c:\programdata\njhpuwmp.exe
2012-09-18 18:45:23 80896 ----a-w- c:\users\ria\0.6872608428434819.exe
2012-09-18 18:22:11 -------- d-----w- c:\users\ria\appdata\local\{DE5CC9F8-2505-4F9A-8216-E8FBB95D5B87}
2012-09-18 15:59:38 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b590908b-ae91-406c-a433-592f72deb395}\mpengine.dll
2012-09-18 15:48:49 -------- d-----w- c:\users\ria\appdata\local\{CF5B0FAA-AEF6-4F01-80F2-AC4D65C9B71B}
2012-09-16 18:02:27 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-16 17:52:42 -------- d-----w- c:\users\ria\appdata\local\{AEAA4D1D-D569-429B-8531-59B5FB9E6E80}
2012-09-14 18:07:32 -------- d-----w- c:\users\ria\appdata\local\{75E91BBE-150D-4462-B392-FA3495B8552C}
2012-09-13 14:10:30 -------- d-----w- c:\users\ria\appdata\local\{7F3C3A0E-1012-4E1C-B211-C0DC62B36DB0}
2012-09-12 14:06:34 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:06:34 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:06:34 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:06:34 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:06:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:06:32 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:00:31 -------- d-----w- c:\users\ria\appdata\local\{DE60BE11-1E69-4428-8DA4-A8F2C19611CE}
2012-09-10 19:54:22 -------- d-----w- c:\users\ria\appdata\local\{2A8F0B6F-6350-4956-9C00-DFF9D04AAB83}
2012-09-08 18:44:13 -------- d-----w- c:\users\ria\appdata\local\{0308665D-6748-46E0-A8B6-F520CF8DD37C}
2012-09-07 13:30:58 -------- d-----w- c:\users\ria\appdata\local\{EF088129-BFBA-451E-A80B-B8C9EF4F5DFA}
2012-09-06 18:00:13 -------- d-----w- c:\users\ria\appdata\local\{CFA556E8-18B3-4210-9750-A7856BB525D8}
2012-09-06 12:40:29 -------- d-----w- c:\users\ria\appdata\local\{E6F2CBF5-EE92-4748-869B-27029C6A36F6}
2012-09-06 07:56:15 -------- d-----w- c:\users\ria\appdata\local\{ACD5BEF0-7D12-4322-A4EB-4CCBB4BC6B67}
2012-09-05 07:17:48 -------- d-----w- c:\users\ria\appdata\local\{84CD25CB-2AD2-44D1-A2BB-3E2368282A22}
2012-08-31 13:56:25 -------- d-----w- c:\users\ria\appdata\local\{1160DDCB-0000-4AAA-8D06-F7878DCCBFBA}
2012-08-30 12:54:27 -------- d-----w- c:\users\ria\appdata\local\{CEAE0166-1897-46F5-BB6C-2B718B60A32B}
2012-08-29 11:58:03 -------- d-----w- c:\users\ria\appdata\local\{D8D0F3C6-6F11-45FA-B090-3B9ADC6F2F78}
2012-08-27 18:36:50 -------- d-----w- c:\users\ria\appdata\local\{0E5E65F2-D52A-497D-9D52-B07AE519D25E}
2012-08-25 19:06:35 -------- d-----w- c:\users\ria\appdata\local\{203F7B00-B1C6-4C10-8B94-9CF9A41F1E8C}
2012-08-23 18:55:34 -------- d-----w- c:\users\ria\appdata\local\{A592E392-82FB-4B89-ACAA-4D965E3D8704}
2012-08-22 19:38:52 -------- d-----w- c:\users\ria\appdata\local\{7544ED43-92C0-4242-8ABA-2B49A6531FAB}
.
==================== Find3M ====================
.
2012-08-29 12:03:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-29 12:03:52 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-19 15:12:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:51:48,30 ===============