Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bit Miner Virus..


  • Please log in to reply
10 replies to this topic

#1 Matejk

Matejk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 November 2013 - 03:19 AM

Hi all,
 
Im from the Netherlands so my english is maybe not very good..
 
I downloaded a program on my Acer M5100 gaming computer,
my father just bought it for me new..
And after i downloaded it, my CPU was high at starting up computer, and when im not even using windows its still high.. Sometimes up to 100 sometimes up to 98, it was never like this..
After i downloaded AVG it detected 2x a Miner malware, after looking on internet i knew this is the bit miner virus..
 
Can someone help me with this? My computer is running slow and my cpu is high..

Edited by myrti, 02 November 2013 - 07:14 AM.
Moved from Vista to AII


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:48 PM

Posted 02 November 2013 - 02:56 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 November 2013 - 03:11 PM

I will do it tomorrow since im not home..

Sorry.
And thanks for your fast help

#4 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 03 November 2013 - 01:57 PM

This is the Checkup
 
Results of screen317's Security Check version 0.99.76  
 Windows Vista  x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 SpyHunter     
 CCleaner     
 Java 7 Update 45  
 Java SE Development Kit 7 Update 45 
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
This is the result
 

Microsoft® Windows Vista™ Home Premium   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek 8185 Extensible 802.11b/g-draadloos apparaat = Draadloze netwerkverbinding (Connected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = LAN-verbinding (Media disconnected)
 
 
# ----------------------------------
# IPv4-configuratie
# ----------------------------------
pushd interface ipv4
 
reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
 
 
popd
# Einde van IPv4-configuratie
 
 
 
Windows IP-configuratie
 
   Hostnaam  . . . . . . . . . . . . : PC_van_pc
   Primair DNS-achtervoegsel . . . . : 
   Knooppunttype . . . . . . . . . . : hybride
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
   DNS-achtervoegselzoeklijst. . . . : home
 
Ethernet-adapter LAN-verbinding:
 
   Mediumstatus. . . . . . . . . . . : medium ontkoppeld
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Fysiek adres. . . . . . . . . . . : 00-1C-25-82-3A-5F
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
 
Adapter voor draadloos LAN Draadloze netwerkverbinding:
 
   Verbindingsspec. DNS-achtervoegsel: home
   Beschrijving. . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g-draadloos apparaat
   Fysiek adres. . . . . . . . . . . : 00-06-4F-60-2A-48
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   Link-local IPv6-adres . . . . . . : fe80::adaf:8ce4:50df:b0b9%8(voorkeur) 
   IPv4-adres. . . . . . . . . . . . : 192.168.2.6(voorkeur) 
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : zondag 3 november 2013 19:27:59
   Lease verlopen. . . . . . . . . . : maandag 4 november 2013 19:27:58
   Standaardgateway. . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 134219343
   DNS-servers . . . . . . . . . . . : 192.168.2.254
                                       195.241.77.55
                                       195.241.77.58
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld
 
Tunnel-adapter LAN-verbinding*:
 
   Mediumstatus. . . . . . . . . . . : medium ontkoppeld
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : isatap.{97D38839-9593-4BCD-A78C-75E56C86B462}
   Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP ingeschakeld . . . . . . . . : nee
   Autom. configuratie ingeschakeld  : ja
 
Tunnel-adapter LAN-verbinding* 2:
 
   Verbindingsspec. DNS-achtervoegsel: home
   Beschrijving. . . . . . . . . . . : isatap.home
   Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP ingeschakeld . . . . . . . . : nee
   Autom. configuratie ingeschakeld  : ja
   Link-local IPv6-adres . . . . . . : fe80::5efe:192.168.2.6%11(voorkeur) 
   Standaardgateway. . . . . . . . . : 
   DNS-servers . . . . . . . . . . . : 192.168.2.254
                                       195.241.77.55
                                       195.241.77.58
   NetBIOS via TCPIP . . . . . . . . : uitgeschakeld
 
Tunnel-adapter LAN-verbinding* 6:
 
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysiek adres. . . . . . . . . . . : 02-00-54-55-4E-01
   DHCP ingeschakeld . . . . . . . . : nee
   Autom. configuratie ingeschakeld  : ja
   IPv6-adres. . . . . . . . . . . . : 2001:0:9d38:6abd:3c3e:18e:3f57:fdf9(voorkeur) 
   Link-local IPv6-adres . . . . . . : fe80::3c3e:18e:3f57:fdf9%10(voorkeur) 
   Standaardgateway. . . . . . . . . : ::
   NetBIOS via TCPIP . . . . . . . . : uitgeschakeld
Server:  router.home
Address:  192.168.2.254:53
 
Naam:    google.com
Addresses:  74.125.136.100, 74.125.136.102, 74.125.136.139, 74.125.136.101
 74.125.136.113, 74.125.136.138
 
 
 
Pingen naar google.com [74.125.136.100] met 32 bytes aan gegevens:
 
 
 
Antwoord van 74.125.136.100: bytes=32 tijd=39 ms TTL=50
 
Antwoord van 74.125.136.100: bytes=32 tijd=39 ms TTL=50
 
 
 
Ping-statistieken voor 74.125.136.100:
 
    Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
 
    (0% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
 
    Minimum = 39ms, Maximum = 39ms, Gemiddelde = 39ms
 
Server:  router.home
Address:  192.168.2.254:53
 
Naam:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45
 
 
 
Pingen naar yahoo.com [206.190.36.45] met 32 bytes aan gegevens:
 
 
 
Antwoord van 206.190.36.45: bytes=32 tijd=206 ms TTL=46
 
Antwoord van 206.190.36.45: bytes=32 tijd=204 ms TTL=46
 
 
 
Ping-statistieken voor 206.190.36.45:
 
    Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
 
    (0% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
 
    Minimum = 204ms, Maximum = 206ms, Gemiddelde = 205ms
 
 
 
Pingen naar 127.0.0.1 met 32 bytes aan gegevens:
 
 
 
Antwoord van 127.0.0.1: bytes=32 tijd=14 ms TTL=128
 
Antwoord van 127.0.0.1: bytes=32 tijd=6 ms TTL=128
 
 
 
Ping-statistieken voor 127.0.0.1:
 
    Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
 
    (0% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
 
    Minimum = 6ms, Maximum = 14ms, Gemiddelde = 10ms
 
===========================================================================
Interfacelijst
  9 ...00 1c 25 82 3a 5f ...... Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  8 ...00 06 4f 60 2a 48 ...... Realtek 8185 Extensible 802.11b/g-draadloos apparaat
  1 ........................... Software Loopback Interface 1
 12 ...00 00 00 00 00 00 00 e0  isatap.{97D38839-9593-4BCD-A78C-75E56C86B462}
 11 ...00 00 00 00 00 00 00 e0  isatap.home
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 routetabel
===========================================================================
Actieve routes:
Netwerkadres             Netmasker          Gateway        Interface Metric
          0.0.0.0          0.0.0.0    192.168.2.254      192.168.2.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.6    281
      192.168.2.6  255.255.255.255         On-link       192.168.2.6    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.6    281
===========================================================================
Permanente routes:
  Geen
 
IPv6 routetabel
===========================================================================
Actieve routes:
 Indien metrische netwerkbestemming      Gateway
 10     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:9d38:6abd:3c3e:18e:3f57:fdf9/128
                                    On-link
  8    281 fe80::/64                On-link
 10    266 fe80::/64                On-link
 11    286 fe80::5efe:192.168.2.6/128
                                    On-link
 10    266 fe80::3c3e:18e:3f57:fdf9/128
                                    On-link
  8    281 fe80::adaf:8ce4:50df:b0b9/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
  8    281 ff00::/8                 On-link
===========================================================================
Permanente routes:
  Geen
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/02/2013 11:41:22 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/02/2013 11:05:09 AM) (Source: Application Hang) (User: )
Description: Programma Spyhunter4.exe, versie 4.15.1.4270 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren.
Proces-id: fe8
Starttijd: 01ced7b2e1aedf28
Eindtijd: 718
 
Error: (11/02/2013 10:19:42 AM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/02/2013 10:01:38 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/02/2013 09:34:13 AM) (Source: Application Hang) (User: )
Description: Programma SpyHunter4.exe, versie 4.15.1.4270 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren.
Proces-id: 1510
Starttijd: 01ced7a628457864
Eindtijd: 21
 
Error: (11/01/2013 06:45:34 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/01/2013 05:42:52 PM) (Source: Application Error) (User: )
Description: Toepassing met fout wmplayer.exe, versie 11.0.6000.6353, tijdstempel 0x4aa91b5d, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc000001d, foutmarge 0x0019efb9,
proces-id 0x1f4, starttijd van toepassing 0xwmplayer.exe0.
 
Error: (11/01/2013 02:44:31 PM) (Source: Application Hang) (User: )
Description: Programma iexplore.exe, versie 7.0.6000.16982 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren.
Proces-id: a7c
Starttijd: 01ced705c18d68a7
Eindtijd: 0
 
Error: (11/01/2013 02:44:02 PM) (Source: System Restore) (User: )
Description: Er kan geen herstelpunt op het volume worden gemaakt (proces = C:\Users\pc\Downloads\HitmanPro.exe ; beschrijving = ?????????? ???????A?A A  ?????????? ?a????????????????????????????????Aaaaaaaaaaaaaaaaaaaaaaa??; Hr = 0x80070057).
 
Error: (11/01/2013 02:39:43 PM) (Source: Application Error) (User: )
Description: Toepassing met fout Explorer.EXE, versie 6.0.6000.16771, tijdstempel 0x4907deda, module met fout ntdll.dll, versie 6.0.6000.16386, tijdstempel 0x4549bdc9, uitzonderingscode 0xc0000008, foutmarge 0x000768b0,
proces-id 0xc10, starttijd van toepassing 0xExplorer.EXE0.
 
 
System errors:
=============
Error: (11/03/2013 07:31:11 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Logitech\Video\AlbumDB2.exe" -Embedding5{4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}
 
Error: (11/03/2013 07:27:31 PM) (Source: ACPI) (User: )
Description: IRQARB: ACPI BIOS bevat geen IRQ voor het apparaat in PCI slot 7, functie 0.
Neem contact op met uw computerleverancier voor technische ondersteuning.
 
Error: (11/03/2013 07:27:31 PM) (Source: ACPI) (User: )
Description: IRQARB: ACPI BIOS bevat geen IRQ voor het apparaat in PCI slot 2, functie 0.
Neem contact op met uw computerleverancier voor technische ondersteuning.
 
Error: (11/02/2013 11:41:27 AM) (Source: bowser) (User: )
Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIA
die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{74A12E45-C8DC-4131-9C87-29F5F9FCEC. 
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.
 
Error: (11/02/2013 11:41:27 AM) (Source: BROWSER) (User: )
Description: De browser kan de statusbits van de service niet bijwerken. De fout bevindt zich in de gegevens.
 
Error: (11/02/2013 11:03:27 AM) (Source: ACPI) (User: )
Description: IRQARB: ACPI BIOS bevat geen IRQ voor het apparaat in PCI slot 7, functie 0.
Neem contact op met uw computerleverancier voor technische ondersteuning.
 
Error: (11/02/2013 11:03:27 AM) (Source: ACPI) (User: )
Description: IRQARB: ACPI BIOS bevat geen IRQ voor het apparaat in PCI slot 2, functie 0.
Neem contact op met uw computerleverancier voor technische ondersteuning.
 
Error: (11/02/2013 10:20:43 AM) (Source: Service Control Manager) (User: )
Description: Network List-serviceNetwork Location Awareness%%1068
 
Error: (11/02/2013 10:20:43 AM) (Source: Service Control Manager) (User: )
Description: Network List-serviceNetwork Location Awareness%%1068
 
Error: (11/02/2013 10:20:43 AM) (Source: Service Control Manager) (User: )
Description: Network List-serviceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-03 19:30:46.748
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-03 19:30:46.709
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-03 19:30:46.616
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-03 19:30:46.552
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.767
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.745
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.721
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.698
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.675
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2013-11-02 11:00:46.653
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 6.1.2)
Acer Arcade Live Main Page (Version: 1.0.4010)
Acer DV Magician (Version: 1.2.2810)
Acer DVDivine (Version: 3.1.1610)
Acer eDataSecurity Management (Version: 2.5.3032)
Acer Empowering Technology (Version: 2.5.3005)
Acer ePerformance Management (Version: 2.5.3002)
Acer HomeMedia (Version: 1.3.4010)
Acer HomeMedia Connect (Version: 1.4.4010)
Acer ScreenSaver (Version: 4.01.20070419)
Acer SlideShow DVD (Version: 1.2.2810)
Acer Tour (Version: 2.0.1001)
Acer VideoMagician (Version: 1.3.1610)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader X (10.1.8) - Nederlands (Version: 10.1.8)
ATI Catalyst Install Manager (Version: 3.0.642.0)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Battlefield Heroes
Catalyst Control Center Core Implementation (Version: 2007.0815.2142.36937)
Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2142.36937)
Catalyst Control Center Graphics Full New (Version: 2007.0815.2142.36937)
Catalyst Control Center Graphics Light (Version: 2007.0815.2142.36937)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Danish (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Dutch (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Finnish (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization French (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization German (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Italian (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Japanese (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Norwegian (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Spanish (Version: 2007.0815.2142.36937)
Catalyst Control Center Localization Swedish (Version: 2007.0815.2142.36937)
CCC Help Danish (Version: 2007.0815.2141.36937)
CCC Help Dutch (Version: 2007.0815.2141.36937)
CCC Help English (Version: 2007.0815.2141.36937)
CCC Help Finnish (Version: 2007.0815.2141.36937)
CCC Help French (Version: 2007.0815.2141.36937)
CCC Help German (Version: 2007.0815.2141.36937)
CCC Help Italian (Version: 2007.0815.2141.36937)
CCC Help Japanese (Version: 2007.0815.2141.36937)
CCC Help Norwegian (Version: 2007.0815.2141.36937)
CCC Help Spanish (Version: 2007.0815.2141.36937)
CCC Help Swedish (Version: 2007.0815.2141.36937)
ccc-core-static (Version: 2007.0815.2142.36937)
ccc-utility (Version: 2007.0815.2142.36937)
CCleaner (Version: 4.07)
Eraser 6.1.0.2946 (Version: 6.1.2946)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 45 (Version: 1.7.0.450)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Logitech QuickCam Software (Version: 8.47.0000)
Malwarebytes Anti-Malware versie 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile NLD Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended NLD Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Groove MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office OneNote MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Works (Version: 08.05.0822)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
PunkBuster Services (Version: 0.990)
Realtek High Definition Audio Driver (Version: 6.0.1.5391)
Skins (Version: 2007.0815.2142.36937)
Skype™ 6.9 (Version: 6.9.106)
SpyHunter (Version: 4.15.1.4270)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (Version: 4.0.30319)
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD (Version: 4.0.30319)
TL-WN820N_821N Wireless Utility (Version: 7.0)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
 
========================= Devices: ================================
 
Name: PS/2-compatibele muis
Description: PS/2-compatibele muis
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
**** End of log ****
 
 
Mbam log
 
 

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2013.11.01.07
 
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
pc :: PC_VAN_PC [administrator]
 
Bescherming: Uitgeschakeld
 
3-11-2013 19:39:27
mbam-log-2013-11-03 (19-39-27).txt
 
 
 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/03/2013 07:47:14 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 11/03/2013 07:48:28 PM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)
 
 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.11.03.03
 
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
pc :: PC_VAN_PC [administrator]
 
3-11-2013 19:42:41
mbar-log-2013-11-03 (19-42-41).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 0
Time elapsed: 3 second(s) [aborted]
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6000 Windows Vista x86
 
Account is Administrative
 
Internet Explorer version: 7.0.6000.16982
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.991000 GHz
Memory total: 2146304000, free: 828366848
 
Could not load protection driver
Downloaded database version: v2013.11.03.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6000 Windows Vista x86
 
Account is Administrative
 
Internet Explorer version: 7.0.6000.16982
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.991000 GHz
Memory total: 2146304000, free: 819593216
 
Could not load protection driver
Downloaded database version: v2013.11.03.03
Downloaded database version: v2013.10.11.02
Initializing...
=======================================
------------ Kernel report ------------
     11/03/2013 19:46:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\psdvdisk.sys
\SystemRoot\system32\drivers\PSDNServ.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\RTL85n86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\avgfwd6x.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff85f31030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff85519ca0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff85514ad8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff85cf4868
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff85d20030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff85518ce0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff857b4598
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xffffffff85f36ce0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84fcaad8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff84413bb0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84fcaad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84ec7188, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84fcaad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff843e5738, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84413bb0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A9E4F6A8
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 20466747
 
    Partition 1 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 20466810  Numsec = 478431765
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 498898575  Numsec = 477869490
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff857b4598, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85cfb020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff857b4598, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85f36ce0, DeviceName: \Device\00000062\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85d20030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85cf4570, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85d20030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85518ce0, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85514ad8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85d08020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85514ad8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85cf4868, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85f31030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85b31810, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85f31030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85519ca0, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-a5acf766-37ee-405f-8e02-4d03e7e8a343.tmp" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgfw.log.1" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_20466810_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 
 

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2013.11.01.07
 
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
pc :: PC_VAN_PC [administrator]
 
Bescherming: Uitgeschakeld
 
3-11-2013 19:39:27
mbam-log-2013-11-03 (19-39-27).txt
 
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 192985
Verstreken tijd: 6 minuut/minuten, 5 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
(einde)
 
Sorry for this 1.. its in Dutch.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:48 PM

Posted 03 November 2013 - 03:15 PM

Not much so far...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 04 November 2013 - 01:55 AM

I have to tell you something,
MBAM detected 2 PUP.Miner viruses before you asked me to download the MBAM tool..
I deleted the tool after i deleted that 2 pup miner viruses but it is still mining, because of my high CPU..
It looks like no anti virus program is finding that viruses again, but im sure it is still on my system.
Maybe we have to search deeper??
Anyways, here is the log of that MBAM founded 2 pup miner viruses, that was before you asked me to scan it..
I hope you can do something with it..
The other scans: scroll down please.
 
 
 
Bescherming: Ingeschakeld
 
1-11-2013 21:43:40
mbam-log-2013-11-01 (21-43-40).txt
 
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 296640
Verstreken tijd: 1 uur/uren, 3 minuut/minuten, 6 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 2
C:\Users\pc\AppData\Roaming\AdobeSystems\coinutil.dll (PUP.BitcoinMiner) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\pc\AppData\Roaming\AdobeSystems\usft_ext.dll (PUP.BitCoinMiner) -> Succesvol in quarantaine geplaatst en verwijderd.
 
(einde)
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by pc on ma 04-11-2013 at  6:50:12,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\pc\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 04-11-2013 at  6:53:01,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.011 - Report created 04/11/2013 at 06:46:25
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : pc - PC_VAN_PC
# Running from : C:\Users\pc\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1354 octets] - [04/11/2013 06:45:42]
AdwCleaner[S0].txt - [1287 octets] - [04/11/2013 06:46:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1347 octets] ##########
 
 
 
Eset didnt found anything..
 
 


#7 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 04 November 2013 - 12:25 PM

Hi, i downloaded a tool named Emsisoft Emergency Kit..

It founded a Trojan.GenericKDV.1375413.

 

Hope after the scan is done, my CPU will be normal,

 

Thanks for anything :).

 

Will post results of deleting this file.



#8 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 04 November 2013 - 12:40 PM

My CPU is still sometimes running high.. i dont know if its caused by AVG or something,

 

but what can we do more to try/check to remove this.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:48 PM

Posted 04 November 2013 - 06:34 PM

I still need Eset scan results.

 

Then see about your CPU usage...

 

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.

 

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Matejk

Matejk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 05 November 2013 - 01:58 AM

http://www.sendspace.com/file/482an6

 

Cant post that eset scan, it didnt founded anything so there wasn't a log..



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:48 PM

Posted 05 November 2013 - 08:51 PM

Your CPU usage looks perfectly normal.

System Idle Process (CPU NOT used) is listed at 96.92%


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users