Some time ago i started getting these popups in the lower left & right corner of my screen, with all sorts of advertisments, from yieldmanager. You can close them, but they always return, from the moment you open a new page, the popup is there. I looked up some possible solutions on the net, but nothing seems to work. And since yesterday sometimes i get redirected to another site, possibly by the same malware. I downloaded Malwarebytes in the hope this would find or change anything. It found cookies, but when i remove them and rescan my pc, everything seems ok, then i access my IE, popups are there in 1 minute. I scan again and other infected cookies are there. So because I'm sick of these popups I turn to you guys in the hope you can help me. I already found another simular case on the forum, which was solved by Malwareremoval & now I am hoping to get the same help.
Underneath you can find my dds & attach logs.
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Christoph at 11:46:41 on 2012-10-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4078.2532 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.aldi.com
mURLSearchHooks: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BittorrentBar_NL Toolbar: {2D8D9ACC-F6D7-4362-8876-A275CA929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-op ... jordan.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static ... .134.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/stati ... 0.80.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 195.130.131.133 195.130.130.5
TCP: Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063} : DHCPNameServer = 195.130.131.133 195.130.130.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [JAVA] C:\Windows\java.vbs
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [snp2std] C:\Windows\vsnp2std.exe
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-08-18 10:58; ALone-live@ya.ru; C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru
FF - ExtSQL: 2012-08-18 11:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-11 17:50; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);C:\Windows\System32\drivers\appdrv01.sys [2011-4-24 2715824]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-20 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2010-12-20 164008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-2 254528]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2010-12-20 315568]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-13 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-29 155752]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc --> C:\Windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-30 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-30 136176]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-12-20 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-12-20 51096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-12-20 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-12-20 42192]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-18 113120]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-9 333928]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-15 06:05:03 -------- d-----w- C:\Users\Christoph\AppData\Local\{F519E736-1689-4871-8AAF-607A70292379}
2012-10-14 16:47:20 -------- d-----w- C:\Users\Christoph\AppData\Local\{59A1898C-8297-46B4-A703-8A1D4C20CBFE}
2012-10-13 11:26:04 -------- d-----w- C:\Users\Christoph\AppData\Roaming\Malwarebytes
2012-10-13 11:25:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-13 11:25:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-13 11:25:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-13 08:29:48 -------- d-----w- C:\Users\Christoph\AppData\Local\{36599C86-C090-45B5-A2CD-C31B4021006B}
2012-10-12 13:37:36 -------- d-----w- C:\Users\Christoph\AppData\Local\{CB12BB76-C551-47B8-B759-20344EB8BE00}
2012-10-11 16:20:21 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-10-11 16:20:21 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-10-11 16:20:20 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-10-11 16:20:20 -------- d-----w- C:\sh4ldr
2012-10-11 16:20:20 -------- d-----w- C:\Program Files\Enigma Software Group
2012-10-11 16:18:05 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-10-11 16:18:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-10-11 15:51:01 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-11 15:51:00 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-11 15:50:58 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-11 15:50:27 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-11 14:52:52 -------- d-----w- C:\Users\Christoph\AppData\Local\{F614BB45-DE9A-4066-A930-5F53DA4F95F2}
2012-10-10 18:30:23 -------- d-----w- C:\Users\Christoph\AppData\Local\{AE40DAD8-C22B-44A6-8E1A-598ADC9ABF8E}
2012-10-10 03:20:39 -------- d-----w- C:\Users\Christoph\AppData\Local\{EEA4DB2E-E8DE-4280-BA36-C07E55898F0A}
2012-10-09 11:02:57 -------- d-----w- C:\Users\Christoph\AppData\Local\{B8B69BC6-FA82-489B-B77B-70E2DE142F79}
2012-10-09 05:07:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{683CEE7A-8B06-42D1-8E6B-3ADFB6BB9241}
2012-10-08 08:57:47 -------- d-----w- C:\Users\Christoph\AppData\Local\{3BD8B58E-49C1-40A4-A2BD-808556E69CEE}
2012-10-07 14:05:13 -------- d-----w- C:\Users\Christoph\AppData\Local\{E5237C69-705D-4BA5-B8E8-08650DE99F54}
2012-10-06 16:48:49 -------- d-----w- C:\Users\Christoph\AppData\Local\{6CADC59E-D21B-4F52-8E64-40BC2A96FDA6}
2012-10-05 16:02:34 -------- d-----w- C:\Users\Christoph\AppData\Local\{55B93F30-C986-40D8-BF9B-4EDC41075130}
2012-10-04 08:58:42 -------- d-----w- C:\Users\Christoph\AppData\Local\{72DA5E6D-623C-45CA-8761-F141070FA859}
2012-10-03 20:58:16 -------- d-----w- C:\Users\Christoph\AppData\Local\{61519E94-8482-4261-A031-04F8167BBC14}
2012-10-03 07:13:39 -------- d-----w- C:\Users\Christoph\AppData\Local\{0DC33576-1F38-4C6C-8041-023A9AC62270}
2012-10-02 05:08:11 -------- d-----w- C:\Users\Christoph\AppData\Local\{85969ECA-5674-4600-A536-561606D11D20}
2012-10-01 09:39:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{2E3394BF-CA9D-40BD-88CF-64A1356D59DC}
2012-09-30 09:05:10 -------- d-----w- C:\Users\Christoph\AppData\Local\{A008D7C2-099E-4FED-94F3-3E58F67F2ED3}
2012-09-29 12:52:35 -------- d-----w- C:\Users\Christoph\AppData\Local\{DBB83FDE-E3A3-41EB-94C4-FEAD49B6C481}
2012-09-28 20:56:44 -------- d-----w- C:\Users\Christoph\AppData\Local\{FA4A4F97-6955-47F2-9AFA-36835D8288B4}
2012-09-28 06:23:58 -------- d-----w- C:\Users\Christoph\AppData\Local\{2D2AFFC6-3639-46C7-9FF4-E17FADF80814}
2012-09-27 05:03:45 -------- d-----w- C:\Users\Christoph\AppData\Local\{100D7149-C397-4F4B-A220-9ED2C7E8E697}
2012-09-26 10:14:59 -------- d-----w- C:\Users\Christoph\AppData\Local\{543CC102-789B-4CB6-94CD-B5F7D4505B08}
2012-09-25 10:23:13 -------- d-----w- C:\Users\Christoph\AppData\Local\{529ED884-68ED-4AEF-864A-1B8270FFB5FE}
2012-09-24 09:56:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{C3CCB5FC-BD4A-4069-8411-1C7536551692}
2012-09-23 06:56:15 -------- d-----w- C:\Users\Christoph\AppData\Local\{BCB88792-7380-4866-A56E-5546BEEC1C11}
2012-09-22 09:27:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{749E4A21-0A9B-4EE2-96B4-9A63B4249107}
2012-09-21 05:40:57 -------- d-----w- C:\Users\Christoph\AppData\Local\{A330C7C5-1709-430C-A02F-653C1E39768B}
2012-09-20 07:32:18 -------- d-----w- C:\Users\Christoph\AppData\Local\{8C65EB38-E881-4177-897A-A68B1825F5CE}
2012-09-19 07:32:22 -------- d-----w- C:\Users\Christoph\AppData\Local\{CEDD8210-319D-41FE-8684-F71C6EA3F770}
2012-09-18 18:02:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{6872FD3B-D988-4222-AC0F-09638095428F}
2012-09-18 04:47:31 -------- d-----w- C:\Users\Christoph\AppData\Local\{0DB1D789-8EE3-440F-AC63-9517ED3D1F6F}
2012-09-17 05:23:29 -------- d-----w- C:\Users\Christoph\AppData\Local\{1ED77B72-DD5D-4B2C-9D50-46EF71695184}
2012-09-16 08:32:18 -------- d-----w- C:\Users\Christoph\AppData\Local\{6814A591-721F-4E17-801A-3570EB620925}
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:48:06,91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/03/2011 17:00:39
System Uptime: 15/10/2012 10:10:08 (1 hours ago)
.
Motherboard: MEDIONPC | | MS-7707
Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz | CPU 1 | 2380/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1832 GiB total, 1729,159 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 10,238 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP865: 22/09/2012 20:26:15 - avast! Free Antivirus Setup
RP866: 22/09/2012 20:41:40 - avast! Free Antivirus Setup
RP867: 9/10/2012 13:29:54 - Taalpakket verwijderen
RP868: 9/10/2012 13:29:57 - Gepland controlepunt
RP869: 11/10/2012 17:49:52 - avast! Free Antivirus Setup
RP870: 11/10/2012 18:18:10 - Installed SpyHunter
RP871: 13/10/2012 13:33:39 - Windows Back-up
.
==== Hosts File Hijack ======================
.
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1) MUI
Adobe Shockwave Player 11.5
ANNO 2070 DEMO
Ashampoo Burning Studio
Ashampoo Photo Commander
Ashampoo Photo Optimizer
Ashampoo Snap
avast! EasyPass
avast! Free Antivirus
Battlefield Play4Free
BitTorrent
BittorrentBar_NL Toolbar
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Conduit Engine
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Corel Shell Extension - 64Bit
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
CorelDRAW Essentials 4 - Windows Shell Extension
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
D3DX10
DAEMON Tools Lite
Driver Reviver
Football Manager 2012
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GameCenter 1.3.0.5
GameSpy Arcade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Network Connections 15.8.75.0
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 26
Junk Mail filter update
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Malwarebytes Anti-Malware versie 1.65.0.1400
Medion Home Cinema
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Display Control Panel
NVIDIA Graphics Driver 263.13
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
PlayReady PC Runtime amd64
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Pro Cycling Manager - Seizoen 2010 - 1.0.0.0
PunkBuster Services
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.9
Spelling Dictionaries Support For Adobe Reader X
SpyHunter
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Trust Webcam 15007
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinZip 16.5
.
==== End Of File ===========================
Best regards,
RunningVirus